Registry has been disabled by Admin, System Restore/Task Manager has been disabled.

I saw that this problem had happened before, and I went through the thread. Here's that thread.

http://www.windowsbbs.com/showthread.php?t=38426

Although this person and I have a slightly different system.

I am running on Windows Service Pack 2 where as the person before is running on Service Pack 1.

My computer is also not letting run REGEDIT - its says my resgistry has been disabled.

Also my system restore, and my task manager say that they have been disabled and to contact the admin, but I am the admin and I haven't done anything to disable them.

Any help would be great. Thanks.

 

Hello misa05 and welcome to the Board,

Ok, lets start with a HJT log.

Please download HijackThis! SetUp from http://downloads.malwareremoval.com/HJTsetup.exe
Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation.

Follow the prompts for the defualt install location of:'C:\Program Files\HijackThis'.

Tick the 'Create a desktop' button when the option appears.

Select next, then allow HijackThis! to start.

Then press the [Scan] button.
You will notice the [Scan] button will turn into a [Save Log] button.
Click the [Save Log] button and notepad will open up with the contents of the scan.
Right-click in the saved log, and select 'copy'.

Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed.

Do not make any modifications to the log or perform any 'fixes' until told to do so.

Regards - Charles

 

My HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 1:53:44 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Melissa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Veoh Video Finder - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SIZEFILMTOOLBLUE] C:\Documents and Settings\All Users\Application Data\Else Debug Size Film\Sign Keep.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [FILEMANAGER] C:\DOCUME~1\Melissa\APPLIC~1\LOGODU~1\Ballkeep.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152629797546
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

Hello misa05,

I think you have a trojan and this is one of the symptoms:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

Don't try to fix, it'll come back on reboot.

Also this item is an indication of an infection.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

The malware experts will look at this and advise on cleaning it out.

Regards - Charles

 

****.

What do you recommend to get rid of that trojan? And what cleaning software?

 

It'll take specialized tools to get rid of this. I'm not well versed in that part of Security. The people that are will have to look at this.

Regards - Charles

 

Hi misa05 & welcome. Hiya Charles

Misa05:
You have a fairly nasty infection that looks to be a backdoor of sorts.
A backdoor infection allows the attacker to have complete control of your PC. The only thing they can't do is physically touch it.
This includes but not limited to starting/stopping programs, deleting/downloading files, logging keystrokes, disabling certain programs.

If you use this computer to do online banking, credit card purchases and like activities you will need to call these companies to alert then your ID may be stolen. They can watch your accounts for suspicious activity.

You should also change ALL your passwords to any sensitive sites you belong to.
Please don't use this computer to change passwords or attacker may get new info!!


Alright...
Lets get on with ripping out this junk!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

I would also like to see another log please:

Open Hijackthis
Click "open misc tools section "
Click "open uninstall manager "
Click "save list... "
Save the list & post results here.

It may take 2 posts to get all 3 logs in. Please check the logs were not cut off.

Let me know how things are running. Let me know if you can run regedit, task manager, etc.

Thanks!

Tammy

 

I forgot to mention my reply back may be delayed. We are having a real ripper of a storm and I may get knocked offline.
I'll be back as soon as I can though.

Tammy

 

Okay, well I think something went wrong.

I did as you said and it all went good until I restarted my computer after SDFix told me to.

When I logged on to my account a prompt came up saying:

C:windows\systems32\cmd.exe was disabled by the administrator. And the task manager and system restore are still disabled.

Here is the Report txt (Is it supposed to this small?)


SDFix: Version 1.69

Run by Administrator - Thu 03/01/2007 @ 22:22:38.33

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Melissa\Desktop\SDFix

Safe Mode:
Checking Services:

Path:



Restoring Windows Registry Entries

Here is my new HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:34:55 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Melissa\My Documents\HijackThis.exe
C:\Program Files\America Online 9.0c\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Veoh Video Finder - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SIZEFILMTOOLBLUE] C:\Documents and Settings\All Users\Application Data\Else Debug Size Film\Sign Keep.exe
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\Melissa\Desktop\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [FILEMANAGER] C:\DOCUME~1\Melissa\APPLIC~1\LOGODU~1\Ballkeep.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152629797546
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -C:\WINDOWS\System32\WLTRYSVC.EXE

 

And Here is the OTHER HTJ Log you wanted:


ABBYY FineReader 5.0 Sprint Plus
AccessDirect
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
Broadcom Management Programs
Conexant D480 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell Wireless WLAN Card
Digital Line Detect
DivX
DivX Player
EarthLink setup files
FLV Player 1.3.3
Free Anti-Virus Scan
Free Download Manager 2.1
Free WMA to MP3 Converter 1.16
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Intel(R) Extreme Graphics 2 Driver
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_03
JGsoft EditPad Lite 6.2.1
Learn2 Player (Uninstall Only)
Macromedia Flash Player
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader
Modem Helper
Mozilla Firefox (1.5.0.9)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
NetWaiting
NetZeroInstallers
Photo Click
PowerDVD 5.3
Pure Networks Port Magic
QuickSet
QuickTime
Read in Microsoft Reader Add-in for Microsoft Word
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony Media Manager 2.0
Sony Vegas 6.0
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Veoh Player
VideoLAN VLC media player 0.8.5
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

 

Hi

cmd.exe disabled too.
How about msconfig? Also disabled?

Download "Autoruns" from here:

http://download.sysinternals.com/Files/Autoruns.zip

Save it and unzip it to its own folder.
Open folder and double click autoruns.exe
Wait for scan to finish.
Click the "options" menu and check "include empty sections" & "varify code signatures" & "Hide Microsoft Entries ".
If it does not scan again automatically; click the "file" menu and click "refresh ".

Wait for scan to finish.

Click the floppy icon> save log> post log.

It may take more than one post to get it all in.

Let me know please if the above program won't run.


Can you see this file?:

C:\Windows\system32\scvhost.exe

Don't confuse it with the legit svchost.exe

Likely a hidden file.
To show hidden files/folders:

Reveal Hidden Files

1. 
   [*]Click Start.
   [*]Open My Computer.
   [*]SelectTools menu
   [*]Click Folder Options.
   [*]Select the View Tab.
   [*]Select Show hidden files and foldersin the Hidden files and folders section.
   [*]Uncheck Hide protected operating system files (recommended) option.
   [*]Uncheck the Hide file extensions for known file types option.
   [*]Click Yes.
   [*]Click OK.
   

Let me know if you can't see the options to show hidden files.


If you find that little bazaa can you zip up a copy and upload it here please:

http://www.bleepingcomputer.com/submit-malware.php?channel=20

Include link to this thread so I remember who the file belongs to.

I'd like to try another log as well. I'm not sure if it will work but gotta try.

Download ComboScan to your Desktop.:

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt here.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please post contents of Supplementry.txt here as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What ComboScan will do:
--create a new System Restore point in Windows XP and Vista.
You may get error regarding restore since yours is disabled.
--clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
--check some important areas of your system and produce a report for your analyst to review.
--ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Let me know of any errors you recieve.

Can you try something else for me too please.
Just looking at other options...

Create a folder on your desktop called "Utils" or similar.
copy the following files to that folder.:

c:\windows\regedit.exe
c:\windows\system32\taskmgr.exe
C:\windows\system32\cmd.exe
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

Now...if you rename these files to whatever.exe will they run?
Let me know which ones will/will not run.

Finally there is one program in your list that looks kinda odd to me.

Free Anti-Virus Scan

I'd like more info about that one if possible.

Open Hijackthis
Misc tools section
Uninstall manager
Hilight the above entry
Look at right...
Please copy/paste back here what it says in the uninstall command box.
Thanks!

Blender

 

Okay, I didn't understand a few things, and I'm sorry I have no clue about these things, but first.

No, that comes up.

Here is my auto run:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor (Not verified) Microsoft Corporation c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application (Not verified) Microsoft Corporation c:\windows\system32\userinit.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ C:\WINDOWS\system32\scvhost.exe c:\windows\system32\scvhost.exe
+ Explorer.exe Windows Explorer (Not verified) Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AOLDialer AOL Connectivity Service Dialer (Verified) AOL LLC c:\program files\common files\aol\acs\aoldial.exe
+ DadApp c:\program files\dell\accessdirect\dadapp.exe
+ dla Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\tfswctrl.exe
+ DVDLauncher CyberLink PowerCinema Resident Program (Not verified) CyberLink Corp. c:\program files\cyberlink\powerdvd\dvdlauncher.exe
+ Generic Host Process c:\windows\system32\scvhost.exe
+ HostManager AOL (Verified) AOL LLC c:\program files\common files\aol\1123785331\ee\aolsoftware.exe
+ MCAgentExe McAfee SecurityCenter Agent (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcagent.exe
+ MCUpdateExe McAfee SecurityCenter Update Engine (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcupdate.exe
+ MPFExe McAfee Personal Firewall Tray Monitor (Not verified) McAfee Security c:\program files\mcafee.com\personal firewall\mpftray.exe
+ MPSExe McAfee Privacy Service (Verified) McAfee, Inc. c:\program files\mcafee.com\mps\mscifapp.exe
+ Pure Networks Port Magic Port Magic Application (Verified) Pure Networks, Inc. c:\program files\pure networks\port magic\portaol.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ SDFix c:\documents and settings\melissa\desktop\sdfix\runthis.bat
+ SIZEFILMTOOLBLUE c:\documents and settings\all users\application data\else debug size film\sign keep.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_04\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ UpdateManager Sonic Update Manager (Not verified) Sonic Solutions c:\program files\common files\sonic\update manager\sgtray.exe
+ ViewMgr ViewMgr (Not verified) Viewpoint Corporation c:\program files\viewpoint\viewpoint manager\viewmgr.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
+ Digital Line Detect.lnk Digital Line Detection (Not verified) BVRP Software c:\program files\digital line detect\dlg.exe
C:\Documents and Settings\Melissa\Start Menu\Programs\Startup
+ Adobe Gamma.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
+ C:\WINDOWS\system32\scvhost.exe c:\windows\system32\scvhost.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
+ C:\WINDOWS\system32\scvhost.exe c:\windows\system32\scvhost.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+ Generic Host Process c:\windows\system32\scvhost.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ AOL Fast Start America Online (Verified) America Online, Inc. c:\program files\america online 9.0c\aol.exe
+ DellSupport Dell Support (Not verified) Gteko Ltd. c:\program files\dell support\dsagnt.exe
+ FILEMANAGER c:\documents and settings\melissa\application data\logo dupe acid\ballkeep.exe
+ Free Download Manager c:\program files\free download manager\fdm.exe
+ Veoh Veoh Client (Not verified) Veoh Networks c:\program files\veoh networks\veoh\veohclient.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\tfswshx.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ RecordNow! SendToExt Shell Extensions c:\program files\sonic\recordnow!\shlext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ Viewpoint Photos Shell Extension Viewpoint Photos Shell Extension (Verified) Viewpoint Corporation c:\program files\common files\viewpoint\toolbar runtime\3.7.0\fotomatshellext.dll
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\tfswshx.dll
+ FDMIECookiesBHO Class c:\program files\free download manager\iefdmcks.dll
+ McAfee Privacy Service Popup Blocker McAfee Privacy Service Internet Explorer Popup Blocker (Verified) McAfee, Inc. c:\program files\mcafee.com\mps\popupkiller.dll
+ McBrwHelper Class McAfee Privacy Service Browser Helper DLL (Not verified) McAfee, Inc. c:\program files\mcafee.com\mps\mcbrhlpr.dll
+ Viewpoint Toolbar BHO ViewBarBHO Module (Verified) Viewpoint Corporation c:\program files\viewpoint\viewpoint toolbar\3.7.0\viewbarbho.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ toolbar.dll IE Toolbar (Verified) America Online, Inc. c:\program files\aol toolbar\toolbar.dll
+ Veoh Browser Plug-in Veoh Video Finder (Not verified) Veoh Networks Inc c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll
+ Viewpoint Toolbar Viewpoint Toolbar (IE Host) (Verified) Viewpoint Corporation c:\program files\common files\viewpoint\toolbar runtime\3.7.0\ieviewbar.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ ACA7CC4A91784BAA.job c:\documents and settings\melissa\application data\logo dupe acid\aboutpokemess.exe
+ AppleSoftwareUpdate.job Software Application (Verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
+ McAfee.com Scan for Viruses - My Computer (MELISSASDELL05-Melissa).job File not found: c:\program files\mcafee.com\vso\mcmnhdlr.exe
HKLM\System\CurrentControlSet\Services
+ AOL ACS AOL Connectivity Service (Verified) AOL LLC c:\program files\common files\aol\acs\aolacsd.exe
+ AOL TopSpeedMonitor AOL TopSpeed(TM) Monitor (Verified) America Online, Inc. c:\program files\common files\aol\topspeed\2.0\aoltsmon.exe
+ McDetect.exe McAfee WSC Integration Service (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcdetect.exe
+ McTskshd.exe McAfee Task Scheduler (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mctskshd.exe
+ WANMiniportService Wan Miniport (ATW) Service (Not verified) America Online, Inc. c:\windows\wanmpsvc.exe
+ wltrysvc Provides 802.11 network connection during system startup c:\windows\system32\wltrysvc.exe
HKLM\System\CurrentControlSet\Services
+ AegisP AEGIS Protocol (IEEE 802.1x) v3.2.0.3 (Not verified) Meetinghouse Data Communications c:\windows\system32\drivers\aegisp.sys
+ APPDRV App Support Driver (Not verified) Dell Inc c:\windows\system32\drivers\appdrv.sys
+ drvmcdb Device Driver (Not verified) Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys
+ EntDrv51 File not found: C:\WINDOWS\system32\drivers\EntDrv51.sys
+ MPFIREWL McAfee Personal Firewall Plus 5.0 (Not verified) McAfee Security c:\windows\system32\drivers\mpfirewall.sys
+ omci OMCI Device Driver (Not verified) Dell Inc c:\windows\system32\drivers\omci.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility (Not verified) Microsoft Corporation c:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API (Not verified) Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL (Not verified) Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL (Not verified) Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper (Not verified) Microsoft Corporation c:\windows\system32\imagehlp.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe Windows Logon UI (Not verified) Microsoft Corporation c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 (Not verified) Microsoft Corporation c:\windows\system32\crypt32.dll
+ cryptnet Crypto Network Related API (Not verified) Microsoft Corporation c:\windows\system32\cryptnet.dll
+ cscdll Offline Network Agent (Not verified) Microsoft Corporation c:\windows\system32\cscdll.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}] DATAGRAM 5 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}] SEQPACKET 5 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A6FD19F-E53B-400C-A696-EAA5936B4402}] DATAGRAM 3 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A6FD19F-E53B-400C-A696-EAA5936B4402}] SEQPACKET 3 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDAA51A8-3AE8-4813-81CF-6A8F2405CF31}] DATAGRAM 4 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDAA51A8-3AE8-4813-81CF-6A8F2405CF31}] SEQPACKET 4 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA0749C9-832D-462A-A26D-469ECE1385E7}] DATAGRAM 0 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA0749C9-832D-462A-A26D-469ECE1385E7}] SEQPACKET 0 McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD Tcpip [RAW/IP] McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD Tcpip [TCP/IP] McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD Tcpip [UDP/IP] McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED RSVP TCP Service Provider McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED RSVP UDP Service Provider McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ McAfee.com Layered Provider McAfee Layered Service Provider (Not verified) McAfee, Inc. c:\windows\system32\mclsp.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A6FD19F-E53B-400C-A696-EAA5936B4402}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A6FD19F-E53B-400C-A696-EAA5936B4402}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDAA51A8-3AE8-4813-81CF-6A8F2405CF31}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDAA51A8-3AE8-4813-81CF-6A8F2405CF31}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA0749C9-832D-462A-A26D-469ECE1385E7}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA0749C9-832D-462A-A26D-469ECE1385E7}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
+ BCMLogon Dell Wireless WLAN Card Logon Provider (Not verified) Broadcom Corporation c:\windows\system32\bcmlogon.dll

Where would I go to see it?

I can see hidden files, and extensions.

What the heck is a bazaa?

Where are the files located?

Here is this.
C:\PROGRA~1\FREEAN~1\UNWISE.EXE C:\PROGRA~1\FREEAN~1\INSTALL.LOG


Combo scan isn't opening a log.

 

Here is another HJT log, just in case you want to see it.

Logfile of HijackThis v1.99.1
Scan saved at 1:21:24 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0c\shellmon.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Melissa\My Documents\Autoruns\autoruns.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Melissa\My Documents\comboscan.exe
C:\Documents and Settings\Melissa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Veoh Video Finder - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SIZEFILMTOOLBLUE] C:\Documents and Settings\All Users\Application Data\Else Debug Size Film\Sign Keep.exe
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\Melissa\Desktop\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [FILEMANAGER] C:\DOCUME~1\Melissa\APPLIC~1\LOGODU~1\Ballkeep.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152629797546
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

Here is the Comboscan txt:

ComboScan v20070226.18 run by Melissa on 2007-03-02 at 01:21:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Melissa.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:21:10 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0c\shellmon.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Melissa\My Documents\Autoruns\autoruns.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Melissa\My Documents\comboscan.exe
C:\DOCUME~1\Melissa\MYDOCU~1\Melissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Veoh Video Finder - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SIZEFILMTOOLBLUE] C:\Documents and Settings\All Users\Application Data\Else Debug Size Film\Sign Keep.exe
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\Melissa\Desktop\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [FILEMANAGER] C:\DOCUME~1\Melissa\APPLIC~1\LOGODU~1\Ballkeep.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152629797546
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


-- Files created between 2007-02-02 and 2007-03-02 ------------------------------

2007-03-02 00:54:28 0 d-------- C:\WINDOWS\pss
2007-03-02 00:18:47 0 d-------- C:\Program Files\Tweak Manager<TWEAKM~1>
2007-03-01 23:23:27 0 d-------- C:\Documents and Settings\Melissa\Application Data\Lavasoft
2007-03-01 22:20:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-03-01 22:17:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-03-01 22:17:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-03-01 22:17:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc<JASCSO~1>
2007-03-01 22:17:22 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-03-01 22:17:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-01 22:10:03 0 d-------- C:\SDFix
2007-03-01 21:34:59 0 d-------- C:\Program Files\Lavasoft
2007-03-01 20:17:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-03-01 20:16:35 0 d-------- C:\Program Files\Grisoft
2007-03-01 20:16:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-03-01 18:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-01 17:43:12 0 d-------- C:\WINDOWS\BDOSCAN8
2007-03-01 16:17:02 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-01 14:57:53 0 d-------- C:\Documents and Settings\Melissa\Application Data\Free Download Manager<FREEDO~1>
2007-03-01 02:16:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-01 02:06:09 0 d-------- C:\Program Files\SmartPCTools<SMARTP~1>
2007-03-01 01:48:56 0 d-------- C:\Documents and Settings\Melissa\Application Data\Smart PC Solutions<SMARTP~1>
2007-03-01 00:59:45 0 d-------- C:\Program Files\Eusing Free Registry Cleaner<EUSING~1>
2007-02-28 23:40:06 14945 --a------ C:\WINDOWS\system32\ckl009.dat
2007-02-28 22:49:30 163328 --a------ C:\WINDOWS\system32\wsock32.sys
2007-02-28 22:49:29 186395 -r-hs---- C:\WINDOWS\system32\scvhost.exe
2007-02-28 19:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Else Debug Size Film<ELSEDE~1>
2007-02-28 19:06:10 0 d-------- C:\Program Files\Logo dupe acid<LOGODU~1>
2007-02-28 19:06:09 0 d-------- C:\Documents and Settings\Melissa\Application Data\Logo dupe acid<LOGODU~1>
2007-02-28 19:00:03 0 d-------- C:\Program Files\BitGrabber<BITGRA~1>
2007-02-24 20:52:13 0 d-------- C:\Program Files\Free WMA to MP3 Converter<FREEWM~1>
2007-02-21 11:31:20 0 d-------- C:\Program Files\CA
2007-02-21 11:27:21 44544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-02-21 11:23:57 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-02-16 00:01:39 33706818 --a------ C:\WINDOWS\hklmSW.reg
2007-02-16 00:00:35 17818214 --a------ C:\WINDOWS\hkcrRT.reg
2007-02-15 23:59:24 0 d-a------ C:\WINDOWS\zts2.exe
2007-02-15 23:59:24 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-02-15 23:59:24 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-02-15 23:59:24 0 d-a------ C:\WINDOWS\rundll16.exe
2007-02-15 23:59:24 0 d-a------ C:\WINDOWS\rundl132.dll
2007-02-15 23:59:24 0 d-a------ C:\WINDOWS\logo1_.exe
2007-02-15 23:35:53 135680 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-02-15 23:35:53 135680 --a------ C:\WINDOWS\system32\T.COM
2007-02-15 23:35:53 146432 --a------ C:\WINDOWS\REGEDIT.COM
2007-02-15 23:35:53 146432 --a------ C:\WINDOWS\R.COM
2007-02-04 19:09:03 0 d-------- C:\Documents and Settings\Melissa\Application Data\JGsoft
2007-02-04 19:08:50 67472 --a------ C:\WINDOWS\UnDeploy.exe
2007-02-04 19:08:50 0 d-------- C:\Program Files\JGsoft
2007-02-04 14:22:05 0 d-------- C:\Program Files\Common Files\OverDrive Shared<OVERDR~1>


-- Find3M Report ----------------------------------------------------------------

2007-03-01 14:57:41 0 d-------- C:\Program Files\Free Download Manager<FREEDO~1>
2007-02-28 19:36:44 0 d-------- C:\Documents and Settings\Melissa\Application Data\uTorrent
2007-02-28 19:03:50 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 21:34:47 0 d-------- C:\Program Files\Common Files\AOL
2007-02-23 21:34:17 0 d-------- C:\Program Files\McAfee.com
2007-02-23 21:22:13 0 d-------- C:\Program Files\Common Files\Scanner
2007-02-23 21:21:49 0 d-------- C:\Program Files\McAfee
2007-02-21 11:22:38 0 d-------- C:\Documents and Settings\Melissa\Application Data\AOL
2007-02-21 11:09:34 0 d-------- C:\Documents and Settings\Melissa\Application Data\Mozilla
2007-02-18 05:23:08 0 d-------- C:\Program Files\WinMX Music<WINMXM~1>
2007-02-15 22:00:38 0 -----n--- C:\AUTOEXEC.BAT
2007-02-15 11:26:23 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-12 14:18:42 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-31 09:26:20 0 d-------- C:\Program Files\Veoh
2007-01-31 09:25:07 0 d-------- C:\Program Files\Veoh Networks<VEOHNE~1>
2007-01-29 00:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-16 10:20:14 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-01-16 10:20:11 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-01-16 10:17:55 0 d-------- C:\Documents and Settings\Melissa\Application Data\Macromedia<MACROM~1>
2007-01-15 22:24:45 0 d-------- C:\Program Files\Chami
2007-01-12 19:51:51 0 d-------- C:\Documents and Settings\Melissa\Application Data\Adobe
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-08 04:53:20 0 d-------- C:\Documents and Settings\Melissa\Application Data\Corel
2007-01-08 04:53:11 0 d-------- C:\Program Files\Corel
2007-01-08 04:34:14 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-08 04:25:53 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-04 17:53:02 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-04 03:04:54 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-03 19:21:39 0 d-------- C:\Program Files\Microsoft Reader<MIBD3F~1>
2006-12-31 00:23:59 88 -r-hs---- C:\WINDOWS\system32\57AE737927.sys<57AE73~1.SYS>
2006-12-19 13:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 10:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-06 22:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll


-- Registry Dump ----------------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- End of ComboScan: finished at 2007-03-02 at 01:21:39 -------------------------


The Supplementary txt.:

ComboScan v20070226.18 run by Melissa on 2007-03-02 at 01:15:18
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.60GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 254.33 MiB / 38.98 MiB
Pagefile Memory (total/avail): 624.05 MiB / 171.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.22 MiB

C: is Fixed (NTFS) - 24.47 GiB total, 12.51 GiB free.
D: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Personal Firewall Plus v (McAfee)
AV: AVG 7.5.446 v7.5.446 (GRISOFT) Outdated


-- Environment Variables --------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- User Profiles ----------------------------------------------------------------

Melissa (admin)
Debbie (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- End of ComboScan: finished at 2007-03-02 at 01:16:09 -------------------------

 

HI

It's OK. I don't need those files. I know what we are dealing with now thanks to the file list presented by comboscan.

We are dealing with a varient of Backdoor Ciadoor. Here is some info about it:
http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Ciadoor&threatid=2536

To answer your questions..

I asked if you could see this file:

C:\Windows\system32\scvhost.exe

You would find it in your system32 folder.
Click Start> Point to Programs> Point to accessories> Click "windows explorer "
At the left you would expand "my computer" Then "c:\" then "windows" then "system32 ". Files/folders show in right pane.
By default the files are alphabetically listed.

I won't need that file now anyway. Most Antivirus companies have copies of it.

Just a pet name I use for nasty files.

Using Windows explorer follow the paths I typed out to locate those files.

No need to do that now. I know why you are unable to run those programs.
Hopefully what we do here fixes this.

I kinda figured parts of the scanner would give us trouble.
It did however give me enough info to know what is wrong.

--------------------------------

OK...Lets see what we can do!

1.) Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Do nothing with it yet.

2.) Download Killbox by O^E from here and save it to your desktop:

http://killbox.net/downloads/KillBox.exe

Do nothing with it yet.

3.) I have attached a file called fix.zip
Please download that file and save it to your desktop.

Right click the file & choose "extract all ".
Follow the prompts to extract to its own folder on the desktop.
You should have a folder called Fix
Inside this folder is a file called fix.reg

Don't run this yet.

4.) Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
REcycle bin

The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

5.) Double click Killbox.exe
Checkmark "Delete on reboot" then press "All Files "

Copy the following bold list by hilighting it all and pressing Ctrl + C on your keyboard.


C:\WINDOWS\system32\ckl009.dat
C:\WINDOWS\system32\wsock32.sys
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\TASKMGR.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\REGEDIT.COM
C:\WINDOWS\R.COM


Go to the killbox "file" menu and choose "Paste from clipboard "

Now press the REd Circle with the white X

When asked to reboot say NO

6.) Reboot the computer manually.

7.) Once restarted ...
You may get errors about missing files. Thats OK we'll fix this in a minuite.

Click start, then Run.
Type in this exact command and hit enter:

regedit /s "C:\Documents and Settings\Melissa\desktop\fix\fix.reg "

You won't see much happening here. Might see the hourglass for a sec but that should be it.

8.) Start Hijackthis, run system scan only and check:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\Melissa\Desktop\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL


Close all open windows and click "fix checked ", then OK.

9.) Reboot once more.

10.) Please run comboscan again and post both the comboscan.txt and Supplementry.txt

Let me know if you can run regedit, cmd, task manager.
There will be other work to do.

Thanks!

Blender

 

Thank you,

I too had the similar problem taskmanager, run and regedit were all disabled.
Tomorrow i will try all your suggestion to fix the problem.

 

Do not apply any fixes to your machine unless specifically told to do so. Each fix can be tailored for each machine. You can do more harm than good.

 

SQUEEEE!!!! (The task manager, regedit, are working. I checked to see if system restore worked, and it allowed me to turn it back on. The command prompt though still says its disabled.

Okay, takes deep breath. I did all of what you said.

It all went fine and like how you said until it got to this:

The bolded one was no longer there.????

Combo scan:

ComboScan v20070226.18 run by Melissa on 2007-03-02 at 15:29:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Melissa.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:30:11 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\America Online 9.0c\waol.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\Documents and Settings\Melissa\My Documents\comboscan.exe
C:\DOCUME~1\Melissa\MYDOCU~1\Melissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Veoh Video Finder - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SIZEFILMTOOLBLUE] C:\Documents and Settings\All Users\Application Data\Else Debug Size Film\Sign Keep.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [FILEMANAGER] C:\DOCUME~1\Melissa\APPLIC~1\LOGODU~1\Ballkeep.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152629797546
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


-- Files created between 2007-02-02 and 2007-03-02 ------------------------------

2007-03-02 15:05:17 0 d-------- C:\!KillBox
2007-03-02 00:54:28 0 d-------- C:\WINDOWS\pss
2007-03-02 00:18:47 0 d-------- C:\Program Files\Tweak Manager<TWEAKM~1>
2007-03-01 23:23:27 0 d-------- C:\Documents and Settings\Melissa\Application Data\Lavasoft
2007-03-01 22:20:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-03-01 22:17:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-03-01 22:17:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-03-01 22:17:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc<JASCSO~1>
2007-03-01 22:17:22 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-03-01 22:17:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-01 22:10:03 0 d-------- C:\SDFix
2007-03-01 21:34:59 0 d-------- C:\Program Files\Lavasoft
2007-03-01 20:17:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-03-01 20:16:35 0 d-------- C:\Program Files\Grisoft
2007-03-01 20:16:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-03-01 18:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-01 17:43:12 0 d-------- C:\WINDOWS\BDOSCAN8
2007-03-01 16:17:02 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-01 14:57:53 0 d-------- C:\Documents and Settings\Melissa\Application Data\Free Download Manager<FREEDO~1>
2007-03-01 02:16:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-01 02:06:09 0 d-------- C:\Program Files\SmartPCTools<SMARTP~1>
2007-03-01 01:48:56 0 d-------- C:\Documents and Settings\Melissa\Application Data\Smart PC Solutions<SMARTP~1>
2007-03-01 00:59:45 0 d-------- C:\Program Files\Eusing Free Registry Cleaner<EUSING~1>
2007-02-28 19:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Else Debug Size Film<ELSEDE~1>
2007-02-28 19:06:10 0 d-------- C:\Program Files\Logo dupe acid<LOGODU~1>
2007-02-28 19:06:09 0 d-------- C:\Documents and Settings\Melissa\Application Data\Logo dupe acid<LOGODU~1>
2007-02-28 19:00:03 0 d-------- C:\Program Files\BitGrabber<BITGRA~1>
2007-02-24 20:52:13 0 d-------- C:\Program Files\Free WMA to MP3 Converter<FREEWM~1>
2007-02-21 11:31:20 0 d-------- C:\Program Files\CA
2007-02-21 11:27:21 44544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-02-21 11:23:57 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-02-16 00:01:39 33706818 --a------ C:\WINDOWS\hklmSW.reg
2007-02-16 00:00:35 17818214 --a------ C:\WINDOWS\hkcrRT.reg
2007-02-04 19:09:03 0 d-------- C:\Documents and Settings\Melissa\Application Data\JGsoft
2007-02-04 19:08:50 67472 --a------ C:\WINDOWS\UnDeploy.exe
2007-02-04 19:08:50 0 d-------- C:\Program Files\JGsoft
2007-02-04 14:22:05 0 d-------- C:\Program Files\Common Files\OverDrive Shared<OVERDR~1>


-- Find3M Report ----------------------------------------------------------------

2007-03-01 14:57:41 0 d-------- C:\Program Files\Free Download Manager<FREEDO~1>
2007-02-28 19:36:44 0 d-------- C:\Documents and Settings\Melissa\Application Data\uTorrent
2007-02-28 19:03:50 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 21:34:47 0 d-------- C:\Program Files\Common Files\AOL
2007-02-23 21:34:17 0 d-------- C:\Program Files\McAfee.com
2007-02-23 21:22:13 0 d-------- C:\Program Files\Common Files\Scanner
2007-02-23 21:21:49 0 d-------- C:\Program Files\McAfee
2007-02-21 11:22:38 0 d-------- C:\Documents and Settings\Melissa\Application Data\AOL
2007-02-21 11:09:34 0 d-------- C:\Documents and Settings\Melissa\Application Data\Mozilla
2007-02-18 05:23:08 0 d-------- C:\Program Files\WinMX Music<WINMXM~1>
2007-02-15 22:00:38 0 -----n--- C:\AUTOEXEC.BAT
2007-02-15 11:26:23 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-12 14:18:42 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-31 09:26:20 0 d-------- C:\Program Files\Veoh
2007-01-31 09:25:07 0 d-------- C:\Program Files\Veoh Networks<VEOHNE~1>
2007-01-29 00:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-16 10:20:14 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-01-16 10:20:11 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-01-16 10:17:55 0 d-------- C:\Documents and Settings\Melissa\Application Data\Macromedia<MACROM~1>
2007-01-15 22:24:45 0 d-------- C:\Program Files\Chami
2007-01-12 19:51:51 0 d-------- C:\Documents and Settings\Melissa\Application Data\Adobe
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-08 04:53:20 0 d-------- C:\Documents and Settings\Melissa\Application Data\Corel
2007-01-08 04:53:11 0 d-------- C:\Program Files\Corel
2007-01-08 04:34:14 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-08 04:25:53 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-04 17:53:02 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-04 03:04:54 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-03 19:21:39 0 d-------- C:\Program Files\Microsoft Reader<MIBD3F~1>
2006-12-31 00:23:59 88 -r-hs---- C:\WINDOWS\system32\57AE737927.sys<57AE73~1.SYS>
2006-12-19 13:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 10:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-06 22:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll


-- Registry Dump ----------------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- End of ComboScan: finished at 2007-03-02 at 15:31:00 -------------------------

A Supplementary text isn't coming up. Just the Log, though.

 

Here is another HJT Log, just in case:

NOTE: O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 Is no longer there.

Logfile of HijackThis v1.99.1
Scan saved at 3:44:21 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\America Online 9.0c\waol.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Melissa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Veoh Video Finder - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123785331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SIZEFILMTOOLBLUE] C:\Documents and Settings\All Users\Application Data\Else Debug Size Film\Sign Keep.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [FILEMANAGER] C:\DOCUME~1\Melissa\APPLIC~1\LOGODU~1\Ballkeep.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152629797546
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5319997E-7DD9-4D09-A972-B6E96B5CAEE1}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

Hi

Sounds like we are making good progress.

That O7 line I had you look for & fix in hijackthis no longer exists because I fixed it already with that fix.reg file I had you run. If I didn't fix that first most of the Hijackthis fixes would not have worked.

Now we have some basic tools working we'll do a registry search to see what has cmd.exe disabled on us.

Few things to remove yet with Hijackthis as well.

1.) Download Bobbi Flekman's RegSearch from
http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Don't run it yet.

2.) Copy the following text inside code box to a new notepad file.
To open notepad click start, then run, type notepad and hit enter.
Hilight all the text inside the code box and press Ctrl + C on the keyboard.
Go to the open notepad window and press Ctrl + V on the keyboard.

Code:

RegSearch Options File

[Search]
scvhost
disablecmd
disablecad
wsock32.sys
ckl009.dat
[Exclude]

[Options]
Filter=KVDLUI

In the open Notepad window click "file" then "save as... "
Call it Options.txt and save it to your desktop.

3.) Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.

Click the import button, navigate to your desktop and select Options.txt[b/]
if you can't see this file when you get to the desktop just type in options.txt then click "open "
In open regsearch window click "OK "

Wait till search finishes.

Log should pop up.

Please copy/paste its contents here.

WE'll need to fix cmd.exe before we can fix your LOP infection.

Thanks

Blender