1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Task Manager/Registry not accessable

Discussion in 'Virus & Other Malware Removal' started by Meganstar, Apr 15, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Meganstar

    Meganstar Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    2
    I am unable to access my task manager when hitting ctrl+alt+del. I am also unable to make regidt come up on my computer either. I first noticed the problem a few days ago, but I haven't tried to use task manager in awhile so it could've been going on for longer. I get the following error messages: 'task manager has been disabled by the administrator' and 'regidt has been disabled by the administrator'. I am the only account on the computer and I have administrative priviledges.

    After I found out about regidt (sp?) not working I created a 'new' account on my computer and THAT account has task manager and registry access. I attempted to access redgit from there and was successful. However microsoft's instructions for changing the 1 to a 0 did not work. I ran a virus scan on my computer and McAfee found cookies it didn't like but nothing else. I am at my wit's end as to how to solve this problem. Any help would be greatly appreciated! Here is my Hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:56:47 PM, on 4/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common

    Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Documents and Settings\All Users\Application

    Data\Dell\TransferAgent\TransferAgent.exe
    C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\PROGRA~1\mcafee\msc\mcshell.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

    Bar = http://bfc.myway.com/search/de_srchlft.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

    Page = http://gowmu.wmich.edu/
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

    Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

    Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = gondola.ipc.otaru-uc.ac.jp:8080
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-

    8AB8210D6D75} - (no file)
    F2 - REG:system.ini: Shell=explorer.exe







    "C:\Program Files\Common

    Files\System\svchost.exe"
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

    \ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-

    82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet

    Explorer\SkypeIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-

    001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-

    6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {b448d946-3623-42ab-ba32-c08651e36980}

    - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program

    Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel

    PROSet/Wireless
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

    Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program

    Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

    Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1

    \INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

    Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1

    \SsAAD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32

    \NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and

    Settings\Heather\Desktop\RRT\RRT.exe auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program

    Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and

    Settings\All Users\Application

    Data\Dell\TransferAgent\TransferAgent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program

    Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program

    Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O7 -

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Syste

    m, DisableRegedit=1
    O7 -

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Syste

    m, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program

    Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\j2re1.4.2_03

    \bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-

    4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-

    D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet

    Explorer\SkypeIEPlugin.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

    00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-

    9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth

    Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-

    C863-46ef-9331-5C8D4460577F} - C:\Program

    Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-

    00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63

    -42af-bee3-4502d9a03c2d} -

    http://wwws.musicmatch.com/mmz/openWebRadio.html (file

    missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

    f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-

    F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.yaoiunderground.com
    O16 - DPF: {155571EC-5A3C-4E5F-A00D-DC243A83023B}

    (FDiImgUpload Control ??????) -

    https://www.fdinet.fujifilm.co.jp/fdinet/activex/FDiImgUpload

    .cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-

    1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - Broadcom

    Corporation. - C:\Program Files\IOGEAR\Bluetooth

    Software\bin\btwdins.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program

    Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -

    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program

    Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google -

    C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. -

    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee,

    Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc.

    - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -

    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee,

    Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc.

    - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) -

    McAfee, Inc. - c:\PROGRA~1\COMMON~1

    \mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee,

    Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc.

    - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService)

    - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. -

    C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

    Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

    Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program

    Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32

    \HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program

    Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) -

    Intel Corporation - C:\Program

    Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation

    - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

    Corporation - C:\Program Files\Common Files\Sony

    Shared\AVLib\SSScsiSV.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program

    Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11512 bytes
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Meganstar :)

    Welcome.

    Please open Notepad. Select Format from the menu, then remove the checkmark from Word Wrap. That would allow us to better read your logs.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  3. Meganstar

    Meganstar Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    2
    I just want to say that even though it says I just installed McAfee the other day I did in fact have it installed before but I installed the newer updated version on McAfee's (autoupdate) recommendation on the 14th. Lol, I don't want you guys to think I'm completely irresponsible! Ok it says wordwrap is not enabled this time so I hope it turns out right when I post it up here:

    Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:32:40 PM, on 4/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\PROGRA~1\mcafee\msc\mcshell.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gowmu.wmich.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gondola.ipc.otaru-uc.ac.jp:8080
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Heather\Desktop\RRT\RRT.exe auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.yaoiunderground.com
    O16 - DPF: {155571EC-5A3C-4E5F-A00D-DC243A83023B} (FDiImgUpload Control ??????) - https://www.fdinet.fujifilm.co.jp/fdinet/activex/FDiImgUpload.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10755 bytes


    Combofix:

    ComboFix 08-04-14.2 - Heather 2008-04-15 23:16:28.1 - NTFSx86
    Running from: C:\Documents and Settings\Heather\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\PR3NZK7U\www.inter-focus.cn
    C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\PR3NZK7U\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
    C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
    C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\QTWMCI32.DLL

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
    .

    2008-04-15 13:56 . 2008-04-15 13:56 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-15 12:39 . 2008-04-15 12:39 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav
    2008-04-15 12:39 . 2008-04-15 12:39 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav
    2008-04-15 12:39 . 2008-04-15 12:39 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav
    2008-04-15 12:39 . 2008-04-15 12:39 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav
    2008-04-14 22:50 . 2008-04-15 23:14 3,322 --a------ C:\WINDOWS\system32\Config.MPF
    2008-04-14 22:40 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
    2008-04-14 22:34 . 2008-02-06 09:51 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-04-14 22:34 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2008-04-14 22:34 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-04-14 22:34 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
    2008-04-14 22:34 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-04-14 22:34 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
    2008-04-14 22:31 . 2008-04-14 22:48 <DIR> d-------- C:\Program Files\McAfee
    2008-04-14 22:30 . 2008-04-14 22:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-04-14 22:15 . 2008-04-14 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2008-04-14 21:48 . 2008-04-14 21:50 <DIR> d-------- C:\Program Files\ACW
    2008-04-14 21:35 . 2008-04-14 21:37 <DIR> d-------- C:\Documents and Settings\Twinkle\Application Data\GTek
    2008-04-14 21:32 . 2005-08-10 05:17 <DIR> d-------- C:\Documents and Settings\Twinkle\Application Data\Jasc Software Inc
    2008-04-14 21:32 . 2005-08-10 05:10 <DIR> d-------- C:\Documents and Settings\Twinkle\Application Data\Intel
    2008-04-14 21:32 . 2008-04-14 21:32 <DIR> d-------- C:\Documents and Settings\Twinkle
    2008-04-11 19:32 . 2008-04-11 19:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-11 19:32 . 2008-04-11 19:32 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-09 00:04 . 2008-04-15 21:09 <DIR> d-------- C:\Documents and Settings\Heather\Application Data\skypePM
    2008-04-09 00:04 . 2008-04-09 00:04 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-04-09 00:02 . 2008-04-09 00:02 <DIR> d-------- C:\Program Files\Common Files\Skype
    2008-04-01 00:45 . 2008-04-08 23:33 <DIR> d-------- C:\Program Files\IKEA HomePlanner
    2008-03-27 00:25 . 2008-03-27 00:25 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-03-27 00:22 . 2008-03-27 00:22 <DIR> d-------- C:\Documents and Settings\Heather\Application Data\Talkback

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 14:08 --------- d-----w C:\Documents and Settings\Heather\Application Data\Skype
    2008-04-14 13:48 --------- d-----w C:\Program Files\McAfee.com
    2008-04-14 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-04-14 12:27 --------- d-----w C:\Documents and Settings\Heather\Application Data\uTorrent
    2008-04-13 08:58 --------- d-----w C:\Program Files\Wakan
    2008-04-08 14:34 --------- d-----w C:\Program Files\JquickTrans
    2008-03-12 08:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-19 15:11 40,861 ----a-w C:\Documents and Settings\Heather\wn789.exe
    2007-01-26 04:56 11,341,462 ----a-w C:\Program Files\wakan_full_167.exe
    2005-11-07 04:43 51,600 ----a-w C:\Documents and Settings\Heather\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00 15360]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-16 00:09 460784]
    "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-14 06:46 135168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 06:33 155648]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-16 05:02 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-16 05:02 126976]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-20 07:48 32881]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 04:59 385024]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 10:15 290816]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-05 01:26 606208]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 06:19 53248]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-10 05:22 98304]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 06:50 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 06:50 81920]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 18:33 122941]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 09:58 81920]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 23:50 155648]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-10 19:57 185632]
    "RRT-Auto"="C:\Documents and Settings\Heather\Desktop\RRT\RRT.exe" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 18:44:06 29696]
    Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2005-06-01 03:29:16 577597]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-10 05:14:10 24576]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 14:01:04 83360]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-12 01:59:36 806912]

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 06:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 12:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abddc52f-85cd-11dc-9355-0013ce2288ff}]
    \Shell\1\command - sxs.exe
    \Shell\2\command - sxs.exe
    \Shell\3\command - sxs.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5c66f6-9c23-11dc-936d-00123fe0be61}]
    \Shell\1\command - sxs.exe
    \Shell\2\command - sxs.exe
    \Shell\3\command - sxs.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-11 09:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (LUTHE-Heather).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    "2008-04-14 16:00:02 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-04-14 13:33:12 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-15 23:20:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-15 23:22:15
    ComboFix-quarantined-files.txt 2008-04-15 14:21:29

    Pre-Run: 12,820,250,624 bytes free
    Post-Run: 12,856,983,552 bytes free
    .
    2007-11-13 16:01:11 --- E O F ---
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Go to the Control Panel. Click on the JAVA icon. Under Temporary Internet Files, click on Settings. Click on Delete Files, then Ok, out of the properties window.

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.

    Alternate download:

    http://filehippo.com/download_java_runtime/

    Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Before continuing, please insert any external drive you may have. After the fix below, look into your external drives and delete the following file if found:

    sxs.exe

    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as CFScript.txt
    • Change the Save as Type to All Files
    • and Save it on the desktop
    Code:
    Folder::
    C:\Documents and Settings\Heather\Desktop\RRT
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RRT-Auto"-
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abddc52f-85cd-11dc-9355-0013ce2288ff}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5c66f6-9c23-11dc-936d-00123fe0be61}]
    
    [​IMG]

    Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log..
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703884

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice