Free Malware Removal Forum

[bobgrem]

Hi muppy 03 -

About 4 1/2 screens (highlighting and using jump scroll) are P2P deletions.
The vast majority are listed under Snapshot.

I don't remember seeing any errors when posting part 1. When replying, below the text box is a box for uploading that says "If you wish to attach one or more files enter the details below." That is what I used (browse, finding the file and hitting "add the file" after which the upload takes place, and then hitting submit). It seems like the malwareremoval system somehow recognized it as being posted as I got the error message when trying to post part 2??

I could post it in 5 chunks?


Thanks,
Bob

[muppy03]

Hi muppy 03 -

About 4 1/2 screens (highlighting and using jump scroll) are P2P deletions.
The vast majority are listed under Snapshot.

I don't remember seeing any errors when posting part 1. When replying, below the text box is a box for uploading that says "If you wish to attach one or more files enter the details below." That is what I used (browse, finding the file and hitting "add the file" after which the upload takes place, and then hitting submit). It seems like the malwareremoval system somehow recognized it as being posted as I got the error message when trying to post part 2??

I could post it in 5 chunks?

Take out the snapshot portion then mulitiple post away

[bobgrem]

Hi muppy03 -

Here is the file minus the snapshot portion.

Why is the snapshot so huge?

Thanks,
Bob

ComboFix 10-02-06.01 - Bob 02/07/2010 0:09.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.140 [GMT -5:00]
Running from: c:\documents and settings\Bob\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Bob\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bob\Application Data\BitTorrent
c:\documents and settings\Bob\Application Data\BitTorrent\[Mp3-Vbr] Pat Metheny&Anna Maria Jopek – Upojenie (2008)[JnSnow].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\1999 - Jaco Pastorius - Rare Collection.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\5 Jazz Christmas Albums.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\A Jazz Christmas.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Above & Beyond - Trance Around The World 293 (2009-11-06).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\AF - Sabrinka.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Anjani Thomas 2006 - Blue Alert.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Anoushka Shankar - Anoushka Shankar Live at Carnegie Hall.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Anoushka Shankar - Rise.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Anoushka_Shankar_And_Karsh_Kale-Breathing_Under_Water-2007-SAW.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\bajadera.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Bat For Lashes.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Beats Antique - Collide leak 2008.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Bill Frisell-11-albums.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Bill Frisell - Disfarmer - 2009 flac.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Bill Frisell - East West (2CD) - FLAC - HellraiserRG.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Bill Frisell - Gone, Just Like a Train.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Bob\Application Data\BitTorrent\Bombay Dub Orchestra - Bombay Dub Orchestra 2CD.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Caprice_GroupSex.avi.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\crazy_girls.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\CS2506-399.wmv.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\CTA.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Daring Dirty Little Pig Tales.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Dave Brubeck Quartet - Time Further Out.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 2 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\David & Steve Gordon - Sacred Spirit Drums (1998).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Day By Day.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\dht.dat
c:\documents and settings\Bob\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Bob\Application Data\BitTorrent\Dj Cheb I Sabbah - La Kahena.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Ellipse.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Emily Remler - Retrospective Volume One 'Standards' (mp3).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Emily Remler - Retrospective Volume Two - 'Compositions' (mp3).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Eric Johnson - 2005-01-28.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Exploited 18 - Nicole Grey.mp4.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Exploited.18.-.Nicole.Grey.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Fela Kuti.1.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Fireman - Rushes.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Fireman (Paul McCartney) 1993 Strawberries Oceans Ships Forest.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Gary Burton Pat Metheny Steve Swallow - Quartet Live (2009) - Jazz [www.torrentazos.com].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Gary Burton Quartet with Pat Metheny Rams Head 062309.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Gary Higgins - Red Hash - 1973.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\garyburtonquartet2009-06-24flac16.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Guitars.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Howlin' Wolf - Best of (Chess - the genuine article)_.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Imogen Heap - Discography.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Jazz-Bill Frisell-8 cd.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Jazz-John Coltrane-17 cd.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Jazz Moods - Jazz & The Sunday Times (1999) [Jazz][mp3 320][h33t][schon55].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Jim Hall Bill Frisell - Hemispheres (2008).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Jimmy_Buffett-Buffet_Hotel-2009-VAG.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\John Coltrane - 23 albums [Mystic].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\John Coltrane - Afro Blue Impressions.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\John Lee Hooker - The Healer.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Jonathan Goldman - Holy Harmony.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Kurt Rosenwinkel - The Remedy - Live at the Village Vanguard.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Larry Carlton albums.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Leona Lewis - Echo (2009).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Leona Lewis - Echo CDRip 2009 [Cov+CD][Bubanee].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Blue Rein.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Boxing Girl.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Double .torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Fucking in the Kitchen.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Hot Sex in Shower.wmv.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Shower.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice - Thai Massage.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice (aka Czech Patricia) And Sabrinka (Yvette) - Group Sex.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.1.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.2.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.3.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.4.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.5.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.6.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Little Caprice.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Loreena McKennitt - A Mediterranean Odyssey (2009) - Folk [www.torrentazos.com].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\McCoy Tyner - Guitars.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Metheny,Pat1977Dec-NTSC-DVD(BP3-master)AustinCityLimitsTV,Austin,TX.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\mhedges1981-03-20.flac16.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Michael_Mcdonald-This_Christmas-2009-CRN.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Miles Davis.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\My Music.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\ngrybsmlo.wmv.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Nicole Grey - Cuban Kings.wmv.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Nicole Grey - TeenPinkVideos.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\No Substitutions Larry Carlton & Steve Lukather @256.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah Jones-Not Too Late.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah Jones - Chasing Pirates.avi.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah Jones - New York City- The Chill Album.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah Jones - Not Too Late.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah Jones - The Fall [Bonus CD].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah Jones - The Fall [mp3-vbr-2009].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah_Jones-Not_Too_Late(2007)byDiablesa(http://www.fanclubt.com).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Norah_Jones_-_Chasing_Pirates_(2nafish).mpg.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Oriental Party Compilation.www.lokotorrents.com.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Oxana & Ilia-2009-03-27.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Parallel Realities - 1990-07-10 - Montreux, Switzerland (SBD).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Pat Metheny Group - Tokyo 2009-1-7 flac.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Paul McCartney.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Peter Gabriel-The Barry Williams Show CD.S 2002.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Peter Gabriel - Father Son (Live Peace One Day Gala 2008).avi.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Peter Gabriel - The Book of Love (Scrubs ending music) - Soundtrack.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Peter Gabriel - Ultra Rare Traxx.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Peter Gabriel. 1, 3 Albums Studio Outtakes 1978-1980.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Peter.Gabriel-Big.Blue.Ball-2008[FirstDown].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\PixandVideo.com - Sabrinka - HDV 720p + Picture - Set.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Prince Live at Montreux Jazz Festival, 18 July 2009.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\resume.dat
c:\documents and settings\Bob\Application Data\BitTorrent\resume.dat.1.bad
c:\documents and settings\Bob\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Bob\Application Data\BitTorrent\Richard Bona - Discography.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\rss.dat
c:\documents and settings\Bob\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Bob\Application Data\BitTorrent\SADE - A Love Affair With Life - Live in Montreux, 13.07.1984 OOP.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sade - B-Sides And Unreleased [GeneGeter.com].torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sade - The Beauty & Soul Mixes.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sasha [JAM-HOT.com].wmv.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sasha Blonde ??? ?? Natasha G ?? Met-Art.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\settings.dat
c:\documents and settings\Bob\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Bob\Application Data\BitTorrent\Steve Morse Band 18-05-86 San Diego.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Steve Reich-11 cd-with corrected tags.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Steve Reich - Works - 1965-1995 (10 CDs).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\steve reich.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sting - Duetos 2CD 2009.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sting - Sacred Love.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Sting If On A Winter's Night (2009).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\TeenPinkVideos.-.Nicole.Grey.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Teens.Like.It.Big.-.Nicole.Grey.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\TeensLikeItBig.com - Nicole Grey ( I.D.).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Thelonious Monk - Monk- The Columbia Years (1962-1968), 3CD BOX.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Thievery Corporation Discography.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Time Out.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Tribal Fusion Music.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\v8307 - Sabrinka.wmv.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\VA-Buddha_Chillout_Lounge-(PCOLLCD012)-5CD-2006-OBC.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\VA - Ambient Dub Volume Two - Earthjuice 1993.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\VA tantra lounge 3 (new exotic sounds from the far east).torrent
c:\documents and settings\Bob\Application Data\BitTorrent\VA_-_Karma_Cafe-3CD-2006-CSM.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Vanilla Fudge-Out Through the In Door-2007.torrent
c:\documents and settings\Bob\Application Data\BitTorrent\Voodoo Child The Jimi Hendrix Collection 2001 USA version -2CD- APE.torrent
c:\documents and settings\Bob\Application Data\DNA
c:\documents and settings\Bob\Application Data\DNA\dht.dat
c:\documents and settings\Bob\Application Data\DNA\dht.dat.old
c:\documents and settings\Bob\Application Data\DNA\dna.lng
c:\documents and settings\Bob\Application Data\DNA\resume.dat
c:\documents and settings\Bob\Application Data\DNA\resume.dat.old
c:\documents and settings\Bob\Application Data\DNA\rss.dat
c:\documents and settings\Bob\Application Data\DNA\rss.dat.old
c:\documents and settings\Bob\Application Data\DNA\settings.dat
c:\documents and settings\Bob\Application Data\DNA\settings.dat.old
c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\btdna.exe
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
J:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-01-31 14:31 . 2010-01-31 15:41 -------- d-----w- c:\program files\Trend Micro
2010-01-27 14:51 . 2010-01-27 14:56 -------- d-----w- c:\documents and settings\Administrator.C.001\Local Settings\Application Data\Adobe
2010-01-26 00:27 . 2010-01-26 00:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-25 20:36 . 2010-01-25 20:36 -------- d-----w- c:\documents and settings\Administrator.C.000\Application Data\Malwarebytes
2010-01-25 20:32 . 2002-12-04 13:31 56952 ----a-w- c:\documents and settings\Administrator.C.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 20:32 . 2010-01-26 00:23 -------- d-----w- c:\documents and settings\Administrator.C.000\Local Settings\Application Data\Microsoft
2010-01-25 20:32 . 2010-01-26 00:23 -------- d-s---w- c:\documents and settings\Administrator.C.000
2010-01-25 17:32 . 2002-12-04 13:31 56952 ----a-w- c:\documents and settings\Administrator.C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 17:32 . 2010-01-26 00:24 -------- d-----w- c:\documents and settings\Administrator.C\Local Settings\Application Data\Microsoft
2010-01-25 17:31 . 2010-01-26 00:24 -------- d-s---w- c:\documents and settings\Administrator.C

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 03:23 . 2008-11-25 17:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-02-06 14:18 . 2010-01-26 14:39 -------- d-----w- c:\program files\Spyware Doctor
2010-01-31 22:37 . 2010-01-26 14:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-31 15:40 . 2007-05-10 21:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-27 14:46 . 2009-04-27 21:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 14:45 . 2009-05-26 23:32 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-26 15:55 . 2008-01-30 02:44 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-26 01:12 . 2010-01-26 01:12 -------- d-----w- c:\documents and settings\Administrator.C.001\Application Data\Malwarebytes
2010-01-20 16:52 . 2008-11-25 16:52 -------- d-----w- c:\program files\McAfee
2010-01-07 21:07 . 2009-04-27 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-04-27 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:38 . 2009-11-13 03:38 -------- d-----w- c:\documents and settings\Bob\Application Data\vlc
2009-12-08 20:05 . 2009-11-16 03:13 75176 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-02 02:59 . 2002-12-10 05:14 107032 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 15:07 . 2009-11-10 15:07 152576 ----a-w- c:\documents and settings\Bob\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2008-12-09 20:21 . 2008-12-18 22:16 94208 ----a-w- c:\program files\mozilla firefox\components\blsfflock.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uoltray"="c:\program files\NetZero\exec.exe" [2004-01-20 90384]
"spc_w"="c:\program files\NZSearch\hcm.exe" [2004-05-13 258114]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-29 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-06-11 684032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DeltTray"="DeltTray.exe" [2004-08-27 56320]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Auto EPSON Stylus CX4800 Series on A"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" [2008-12-18 103760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-02 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111.exe [2004-10-9 1056860]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ConMgr.exe"="c:\program files\EarthLink 5.0\conmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/25/2008 11:57 AM 203280]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 BWU713_A02;Blitzz Wireless G USB Controller;c:\windows\SYSTEM32\DRIVERS\BWU713.sys [8/14/2004 9:48 PM 340096]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [2/2/2009 9:57 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2009-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 16:22]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.merlinman.blogspot.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://merlinman.blogspot.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\blsfflock.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 00:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\^`ܵî =qx
**]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2010-02-07 00:26:58
ComboFix-quarantined-files.txt 2010-02-07 05:26
ComboFix2.txt 2010-02-07 03:19
ComboFix3.txt 2009-04-30 19:18

Pre-Run: 59,101,507,584 bytes free
Post-Run: 59,082,510,336 bytes free

- - End Of File - - A8CB63283C10119423134B05931B7220

[muppy03]

Please update me on any problems remaining on your next post.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Once selected close all windows except HJT an click on Fix Checked

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.2 are vulnerable.

• Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
• Save this file to your desktop and run it to install the latest version of Adobe Reader.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

• Go to Java Site
• Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
• Click the orange Download JRE button to the right
• Select the Windows platform from the dropdown menu
• Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
• Click on the link to download Windows Offline Installation & save the file to your desktop
• Close any programs you may have running - especially your web browser
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs
• Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
  

  Code: Select all

  Java(TM) 6 Update 17

• Reboot your computer once all Java components are removed
• Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)
Click Exit on the Main menu to close the program.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please reply with:-

• ESET log
• New HJT log
• Update on problems remaining
  

[bobgrem]

Hi -

The only problem I've encountered recently is when I tried to install the updated
Acrobat. I got a blue screen the first time but was able to install successfully the
second time.

Below are the two requested logs. I ran ESET a second time because I didn't access the
log before it was deleted the first time. I thought I clicked on "Scan Archives" and not
"Remove found threats" but the program deleted a suspected Trojan. But I was sleep deprived and I could have made a mistake.

Thanks,
Bob


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2ad225f2b477ca4fbfb95e3b2726c20c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-08 06:03:50
# local_time=2010-02-08 01:03:50 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 6884565 17644103 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=203048
# found=1
# cleaned=1
# scan_time=16887
G:\Lela_Star-1.zip probably a variant of Win32/Agent trojan (deleted -
quarantined) 00000000000000000000000000000000 C

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:22 PM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merlinman.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "Auto EPSON Stylus CX4800 Series on A" /O30 "\\A\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1661173984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1831980593
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program

Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12721 bytes

[muppy03]

The only problem I've encountered recently is when I tried to install the updated
Acrobat. I got a blue screen the first time but was able to install successfully the
second time.

If it was only once, I wouldn’t be worried, but if it continues it might need to be investigated.

Your logs all looking great, so I think we are just about done.

So if you are not having any further problems, I would suggest you proceed as follows.

ATF is a great tool for you to keep and use on a regular basis.

You can delete GMER from your Desktop.

Uninstall ComboFix:

• Click on Start >> Run...
• Now type in ComboFix /Uninstall into the and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
Read some information here how to prevent Malware.


Please reply if you have any problems or questions

[bobgrem]

muppy03 -

Thank you for your great help. I am in the process of following up with your additional suggestions, including Secunia Software Inspector and F-secure Health Check.

Secunia has identified a number of updates which I will take care of. Is there any reason not to upgrade to the free more powerful Secunia PSI?

Any tips regarding Secunia and F-secure that would be good to know? Since they are not antivirus or antispyware they won't interfere with McAfee, I assume, but I just wondered if there is any thing to be aware of.

Thanks for your great advice!
Bob

[muppy03]

Hi Bob, Glad all is working well.

Secunia has identified a number of updates which I will take care of. Is there any reason not to upgrade to the free more powerful Secunia PSI?

No reason, if you feel you would like to run it, then give it a try.

Any tips regarding Secunia and F-secure that would be good to know? Since they are not antivirus or antispyware they won't interfere with McAfee, I assume, but I just wondered if there is any thing to be aware of.

You only need one not both, but there should be no conflict issues.

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.