Author Topic: [In Process]im the admin but my PC tells me im not..  (Read 12899 times)

0 Members and 1 Guest are viewing this topic.

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #15 on: June 26, 2009, 08:40:33 am »
Hi,

Yes, those accounts are commonly there.

I need to know exactly what brand of system you have, and exactly how the installer CD is labeled.  I don't need stock numbers or other stuff, just the full name of the CD will be sufficient.
Don't Read?  Can't learn!

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #16 on: June 27, 2009, 12:43:05 am »
im using a DELL dimension 3000 PC with a Microsoft Windows XP Home Edition Version 2002 SP3...this PC was only a gift by my aunt and it already comes with OS on it when they bought it. there was an installation CD given to us for the OS, and this was its label:

Reinstallation CD
Microsoft Windows XP Home Edition
Including Service Pack 1



and the CD can only be use in a DELL PC...


thanks.. just tell me what else info you need to know..

thanks again

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #17 on: June 27, 2009, 09:43:09 am »
Hi,

OK, that CD isn't going to help.

Let's try to force run msconfig under an administrator account.  Boot into Safe Mode and use the Administrator account.  Hopefully it either doesn't have any password assigned or it is one you remember.  You can try the password administrator, or Administrator if you don't remember what it is.  If no password is assigned, Safe Mode will either open when you choose the Administrator account, or if it asks for a password, just click <Enter> with the password field blank.

If you can get into Safe Mode under Administrator, try running msconfig there.  If you can't use Administrator, try your account in Safe Mode, and post back what happens.  If it doesn't work there in your account, we will need to play around with your user permissions to include you in the Administrator group.
Don't Read?  Can't learn!

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #18 on: June 28, 2009, 05:49:30 pm »
i just finished running into safe mode and i have logged in as admin but still i can make use of msconfig because it still prompts me to log in as admin.

still nothing happens  ???

anyway thanks again..

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #19 on: June 29, 2009, 08:52:22 am »
Hi,

OK let's try a workaround.  Download and install Mike Lin's excellent Startup CP from here:

http://www.mlin.net/StartupCPL.shtml

no need to reboot.  next, open your Control Panel and you will see a new one named Startup.  Open that.  This performs a very similar function to msconfig.  After it opens,. you can review your startup items.  Please list for me if there any strange looking ones.  This does not require admin permissions.
Don't Read?  Can't learn!

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #20 on: June 30, 2009, 04:16:51 am »
hi... there's nothing in any tab except in HKCU/Run and the only file in there is

ctfmon.exe   C:\WINDOWS\system32\ctfmon.exe

thanks..

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #21 on: July 02, 2009, 01:48:46 am »
hmm anybody there  ;D

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #22 on: July 04, 2009, 04:12:42 am »
hi.. follow up pls..

tnx

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #23 on: July 07, 2009, 03:48:10 pm »
Hi,

I'm sorry for the delay. My wife and I received an unexpected invitation to join friends at their MD shore home for the week, and we just arrived home late yesterday.  Unfortunately, their Internet service was not functioning correctly, so that limited my ability to get here.

OK, there is something really strange if the only start up item shown by Startup CP is that one entry.  Let's try to reset permissions across the board to XP defaults.  I don't think this will help, but we do need to try it, and it prepares us for the next thing I will try if it doesn't work.

1.  Read and implement all the suggestions in this topic:  http://spywarehammer.com/simplemachinesforum/index.php?topic=2944.0  In particular, please make sure you get a couple of registry backups using ERUNT just in case the next styep causes issues.

2.  Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe

    * Double-click FixPolicies.exe.
    * Click the "Install" button on the bottom toolbar of the box that will open.
    * The program will create a new Folder called FixPolicies.
    * Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
    * A black box will briefly appear and then close. You can ignore any warnings or error messages.

Then try to use msconfig and let's see what happens.
Don't Read?  Can't learn!

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #24 on: July 08, 2009, 02:33:04 am »
hi.. its ok because me too dont have time to use computer coz im already back at school.. i just use it when i have time..

by the way, i just finished doing the things you told me to do.

but still the msconfig still tells me to log in as admin

i include a fresh HJT logfile.. please check if it still clean.. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:30 PM, on 7/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8951 bytes

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #25 on: July 08, 2009, 08:55:28 am »
Hi,

Well, nothing lost as I didn't think that fixing the administration rights would change this problem.  I do think I have an idea what the issue is, but I am still researching it, and looking for a fix.

Yes, that log is still clean.  I want to make sure that there are now a couple of ERUNT backups.  Navigate to c:\Windows\ERUNT and tell me how many backups there are.  Open any sub-folders of c:\Windows\ERUNT as well, because ERUNT does automatically store a backup on the first boot of every day.

Next, go HERE and download File Lister.
  • Save it to your Desktop
  • Right Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
  • Right Click FileLister.vbe ->>Select Open Then Open to confirm.
  • As the program runs, it will appear that nothing is happening.
  • When the program is finished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Don't Read?  Can't learn!

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #26 on: July 09, 2009, 02:11:51 am »
Hi again.. there was 2 folders of backup in the ERUNT and there was also 2 folders in the AUTOBACKUP


i just finished downloading the filelister and i opened it and an error pop up and when everytime i close the pop up window it just duplicates and the internet explorer also pop's up

is that a virus?

i included the fresh HJT logfile..

thanks again


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:53 PM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8942 bytes

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #27 on: July 09, 2009, 08:03:17 am »
Hi,

OK, delete FileLister and try running this similar program instead. 

  • Download any one of the following DDS files by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

 
  • Instead of attaching, please copy/paste both logs into your next reply.

  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE
Don't Read?  Can't learn!

Offline ericson09

  • Bronze Member
  • Posts: 55
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #28 on: July 09, 2009, 11:49:23 pm »
Hi, i just finished doing the things you've told me..

here's the logfile from DDS and Attach:



DDS (Ver_09-06-26.01) - NTFSx86 
Run by donna at 13:40:33.75 on Fri 07/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.264 [GMT 8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\fxssvc.exe
svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\donna\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn10\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn10\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\donna\startm~1\programs\startup\erunta~1.lnk - c:\erunt\AUTOBACK.EXE
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donna\applic~1\mozilla\firefox\profiles\64s1qrjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\donna\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2007-9-29 149376]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-19 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-8 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-6-19 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-6-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-6-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-19 40552]
S2 McAfeeFramework;McAfee Framework Service;c:\mcafee\common framework\FrameworkService.exe [2007-6-17 104000]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-19 34216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-4-26 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-4-26 8320]
S4 gupdate1c9cb708b3c5072;Google Update Service (gupdate1c9cb708b3c5072);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2009-07-08 16:11   25,992   a-------   c:\windows\system32\pgdfgsvc.exe
2009-07-08 16:07   <DIR>   --d-----   C:\ERUNT
2009-07-04 19:22   <DIR>   --d-----   C:\TC
2009-07-04 18:03   <DIR>   --d-----   c:\docume~1\donna\applic~1\BitTorrent
2009-06-30 21:56   12,942   a-------   C:\draft program cebu.docx
2009-06-30 18:13   81,920   a-------   c:\windows\system32\Startup.cpl
2009-06-20 15:40   <DIR>   a-dshr--   C:\cmdcons
2009-06-19 10:52   161,792   a-------   c:\windows\SWREG.exe
2009-06-19 10:52   155,136   a-------   c:\windows\PEV.exe
2009-06-19 10:52   98,816   a-------   c:\windows\sed.exe
2009-06-18 13:48   <DIR>   --d-----   c:\docume~1\donna\applic~1\Malwarebytes
2009-06-18 13:47   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 13:47   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-06-18 13:47   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-06-18 13:47   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-16 21:27   154,112   a-------   C:\June1 logomeap oath bayawan city.doc
2009-06-16 11:22   171,967   a-------   c:\windows\system32\Odbcjet.hlp
2009-06-16 11:22   7,348   a-------   c:\windows\system32\Odbcjet.cnt
2009-06-16 11:22   13,632   --------   c:\windows\system32\drivers\omci.sys
2009-06-15 23:02   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-15 21:49   <DIR>   --d-----   c:\windows\system32\wbem\Repository
2009-06-15 21:44   <DIR>   --d-----   c:\windows\system32\NtmsData
2009-06-13 14:49   <DIR>   --d-----   c:\program files\PowerArchiver
2009-06-12 09:19   246,272   --------   c:\windows\system32\dllcache\ieproxy.dll
2009-06-12 09:19   12,800   --------   c:\windows\system32\dllcache\xpshims.dll

==================== Find3M  ====================

2009-05-13 13:15   5,936,128   a-------   c:\windows\system32\dllcache\mshtml.dll
2009-05-13 13:15   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-13 13:15   915,456   a-------   c:\windows\system32\dllcache\wininet.dll
2009-05-07 23:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-05-07 23:32   345,600   --------   c:\windows\system32\dllcache\localspl.dll
2009-05-04 18:52   129,910   a-------   c:\windows\War3Unin.dat
2009-05-01 05:22   1,985,024   a-------   c:\windows\system32\dllcache\iertutil.dll
2009-05-01 05:22   11,064,832   a-------   c:\windows\system32\dllcache\ieframe.dll
2009-05-01 05:22   1,207,808   a-------   c:\windows\system32\dllcache\urlmon.dll
2009-05-01 05:22   25,600   a-------   c:\windows\system32\dllcache\jsproxy.dll
2009-05-01 05:22   385,536   a-------   c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 19:21   173,056   a-------   c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 20:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-17 20:26   1,847,168   --------   c:\windows\system32\dllcache\win32k.sys
2009-04-15 22:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-04-15 22:51   585,216   --------   c:\windows\system32\dllcache\rpcrt4.dll
2008-07-17 20:07   7,168   a--sh---   c:\program files\Thumbs.db
2007-09-01 15:20   374   a-------   c:\docume~1\donna\applic~1\internaldb6334.dat
2007-09-01 14:22   18,432   a-------   c:\docume~1\donna\applic~1\internaldb41.dat
2007-09-01 14:22   556   a-------   c:\docume~1\donna\applic~1\internaldb8467.dat
2006-04-20 14:30   801,957   a-------   c:\documents and settings\donna\!secwad.exe
2006-04-20 14:30   4,234   a-------   c:\documents and settings\donna\!versions.dat

============= FINISH: 13:42:13.42 ===============





Attach.txt:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2005 8:31:11 PM
System Uptime: 7/10/2009 1:12:22 PM (0 hours ago)

Motherboard: Dell Computer Corp. |  | 0TC667
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 28.787 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0000
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0000
Service: tffsport

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 3110c
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP1450: 4/11/2009 9:16:17 PM - System Checkpoint
RP1451: 4/12/2009 9:22:03 PM - Installed Windows XP Wdf01007.
RP1452: 4/14/2009 10:43:58 AM - Software Distribution Service 3.0
RP1453: 4/15/2009 12:48:11 PM - Software Distribution Service 3.0
RP1454: 4/15/2009 1:51:09 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1455: 4/16/2009 3:06:07 PM - Software Distribution Service 3.0
RP1456: 4/16/2009 3:13:16 PM - Software Distribution Service 3.0
RP1457: 4/17/2009 8:40:56 PM - System Checkpoint
RP1458: 4/19/2009 7:32:33 PM - System Checkpoint
RP1459: 4/20/2009 7:58:14 PM - System Checkpoint
RP1460: 4/21/2009 8:49:29 PM - System Checkpoint
RP1461: 4/23/2009 8:21:20 PM - System Checkpoint
RP1462: 4/24/2009 11:47:12 AM - Software Distribution Service 3.0
RP1463: 4/25/2009 5:23:21 PM - System Checkpoint
RP1464: 4/26/2009 6:13:19 PM - System Checkpoint
RP1465: 4/27/2009 8:38:06 PM - System Checkpoint
RP1466: 4/28/2009 9:42:02 AM - Software Distribution Service 3.0
RP1467: 4/28/2009 12:43:03 PM - Removed PowerArchiver 2010
RP1468: 4/28/2009 12:43:29 PM - Installed PowerArchiver 2010
RP1469: 4/28/2009 1:53:55 PM - Before uninstall Internet Download Manager
RP1470: 4/28/2009 4:25:32 PM - Before uninstall Internet Download Manager
RP1471: 4/29/2009 9:02:23 PM - System Checkpoint
RP1472: 4/30/2009 1:03:12 PM - Software Distribution Service 3.0
RP1473: 5/1/2009 1:09:53 PM - System Checkpoint
RP1474: 5/2/2009 10:47:35 AM - Software Distribution Service 3.0
RP1475: 5/3/2009 6:57:22 PM - System Checkpoint
RP1476: 5/4/2009 8:38:05 PM - System Checkpoint
RP1477: 5/5/2009 9:22:11 AM - Software Distribution Service 3.0
RP1478: 5/6/2009 8:19:19 PM - System Checkpoint
RP1479: 5/7/2009 9:23:47 PM - System Checkpoint
RP1480: 5/8/2009 6:26:59 AM - Software Distribution Service 3.0
RP1481: 5/9/2009 3:27:54 PM - System Checkpoint
RP1482: 5/10/2009 7:33:40 PM - System Checkpoint
RP1483: 5/12/2009 1:18:37 PM - Software Distribution Service 3.0
RP1484: 5/13/2009 10:27:34 AM - Software Distribution Service 3.0
RP1485: 5/14/2009 12:25:45 PM - System Checkpoint
RP1486: 5/15/2009 10:37:15 AM - Software Distribution Service 3.0
RP1487: 5/17/2009 6:42:15 PM - System Checkpoint
RP1488: 5/18/2009 11:20:20 PM - Before uninstall Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
RP1489: 5/18/2009 11:23:52 PM - Before uninstall Wolfram Notebook Indexer 2.0
RP1490: 5/18/2009 11:24:03 PM - Removed Wolfram Notebook Indexer 2.0
RP1491: 5/19/2009 9:00:43 AM - Removed PowerArchiver 2010
RP1492: 5/19/2009 9:01:10 AM - Installed PowerArchiver 2010
RP1493: 5/19/2009 9:32:20 AM - Software Distribution Service 3.0
RP1494: 5/20/2009 4:01:23 PM - System Checkpoint
RP1495: 5/21/2009 9:17:51 PM - System Checkpoint
RP1496: 5/22/2009 12:48:35 PM - Software Distribution Service 3.0
RP1497: 5/24/2009 1:35:42 PM - System Checkpoint
RP1498: 5/25/2009 8:39:42 PM - System Checkpoint
RP1499: 5/26/2009 1:15:05 PM - Software Distribution Service 3.0
RP1500: 5/27/2009 7:26:33 PM - System Checkpoint
RP1501: 5/28/2009 8:29:55 PM - System Checkpoint
RP1502: 5/29/2009 6:21:52 PM - Software Distribution Service 3.0
RP1503: 5/30/2009 8:19:13 PM - System Checkpoint
RP1504: 6/1/2009 8:16:47 PM - System Checkpoint
RP1505: 6/2/2009 11:38:44 AM - Software Distribution Service 3.0
RP1506: 6/3/2009 1:33:11 PM - System Checkpoint
RP1507: 6/5/2009 10:44:09 AM - Software Distribution Service 3.0
RP1508: 6/7/2009 7:16:42 PM - System Checkpoint
RP1509: 6/9/2009 10:38:08 AM - Software Distribution Service 3.0
RP1510: 6/10/2009 9:40:42 PM - System Checkpoint
RP1511: 6/12/2009 10:34:34 AM - System Checkpoint
RP1512: 6/12/2009 11:07:17 AM - Software Distribution Service 3.0
RP1513: 6/12/2009 6:53:32 PM - Software Distribution Service 3.0
RP1514: 6/13/2009 2:48:53 PM - Removed PowerArchiver 2010
RP1515: 6/13/2009 2:49:24 PM - Installed PowerArchiver 2010
RP1516: 6/14/2009 4:57:40 PM - Software Distribution Service 3.0
RP1517: 6/15/2009 9:23:08 PM - Restore Operation
RP1518: 6/15/2009 9:31:19 PM - Software Distribution Service 3.0
RP1519: 6/15/2009 9:47:50 PM - Restore Operation
RP1520: 6/15/2009 9:56:11 PM - june 15
RP1521: 6/16/2009 10:48:14 AM - Before uninstall A1Click Ultra PC Cleaner 1.01 (Registered Version)
RP1522: 6/16/2009 10:50:19 AM - Before uninstall Tumble Bugs
RP1523: 6/16/2009 10:51:28 AM - Before uninstall DNA
RP1524: 6/16/2009 6:04:37 PM - Software Distribution Service 3.0
RP1525: 6/16/2009 6:16:25 PM - Before uninstall Ask Toolbar
RP1526: 6/16/2009 6:18:22 PM - Before uninstall Dell ResourceCD
RP1527: 6/18/2009 1:20:48 PM - System Checkpoint
RP1528: 6/19/2009 2:01:48 PM - Software Distribution Service 3.0
RP1529: 6/20/2009 6:00:28 PM - System Checkpoint
RP1530: 6/21/2009 8:06:12 PM - System Checkpoint
RP1531: 6/23/2009 10:33:19 AM - System Checkpoint
RP1532: 6/23/2009 9:23:11 PM - Software Distribution Service 3.0
RP1533: 6/25/2009 7:06:41 PM - System Checkpoint
RP1534: 6/26/2009 8:38:08 PM - Software Distribution Service 3.0
RP1535: 6/27/2009 9:49:04 PM - System Checkpoint
RP1536: 6/28/2009 10:11:44 PM - System Checkpoint
RP1537: 6/30/2009 6:06:51 PM - Software Distribution Service 3.0
RP1538: 7/3/2009 4:35:47 PM - Software Distribution Service 3.0
RP1539: 7/4/2009 5:22:50 PM - System Checkpoint
RP1540: 7/5/2009 7:44:59 PM - System Checkpoint
RP1541: 7/7/2009 7:13:25 AM - Software Distribution Service 3.0
RP1542: 7/8/2009 6:01:20 PM - System Checkpoint
RP1543: 7/10/2009 12:16:51 PM - Software Distribution Service 3.0
RP1544: 7/10/2009 12:50:07 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Software Update
Bible Explorer 4 Download Edition
BitTorrent
BufferChm
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Chikka Messenger V4
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Costco Photo Organizer
Counter-Strike 1.6
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
EasyCleaner
EducateU
ERUNT 1.1j
File Viewer Utility 1.2
Fusion Pack v6.5
Garena
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet 3900 series
HPDeskjet3900Series
ICatch (VI) PC Camera
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Download Manager
Internet Explorer Default Page
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
Java(TM) 6 Update 7
L&H TTS3000 British English
Learn2 Player (Uninstall Only)
LimeWire PRO 5.1.2
Little Shop Road Trip
Luxor Amun Rising
Macromedia Flash Player
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.5)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
MyWay Search Assistant
Nero 7 Essentials
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
nProtect KeyCrypt
Octoshape add-in for Adobe Flash Player
PC Connectivity Solution
Photo Click
Photo Story 3 for Windows
PhotoStitch
Physical Therapy Prep
PowerArchiver 2010
PowerDVD
PTEXAM: The Complete Study Guide
QuickBooks Simple Start Special Edition
QuickSolutions
QuickTime
RemoteCapture 2.7.0
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Viewpoint Media Player
Warcraft III: All Products
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia Modem  (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem  (02/24/2009 4.0)
Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.2
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

7/7/2009 6:48:17 PM, error: Service Control Manager [7000]  - The NTPort Library Driver service failed to start due to the following error:  The system cannot find the file specified.
7/7/2009 6:47:10 PM, error: NETLOGON [3095]  - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

==== End Of File ===========================

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 8011
Re: [In Progress]im the admin but my PC tells me im not..
« Reply #29 on: July 10, 2009, 03:09:02 pm »
Hi,

Please open your Add or Remove Programs Control Panel and uninstall the following programs:

BitTorrent
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
Java(TM) 6 Update 7
LimeWire PRO 5.1.2
MyWay Search Assistant
Viewpoint Media Player


Then reboot.

Next go here: 

http://www.java.com/en/download/manual.jsp

to download the latest version of Java - yours was out of date.  The download you want is the second one down, the Offline installation.  After it downloads, install it.  That will give you the latest Java.

Then rerun DDS for me and post the log.  DDS is seeing something, and I'm going to deal with it next.
Don't Read?  Can't learn!