Active Adware Pro

Dcmurray · 2009/03/03

[Active] Adware Pro

Hello all!

Well just downloaded a program call adware pro. I didn't want it, thought I was getting ad ware from lavasoft. OOps, Now I seem to be freezing up in games, when I run a registry cleaner, it keeps coming up but won't be removed and tried to email the support people for an uninstall method. Their response was - making new videos - should be ready soon. So, maybe you can help. I have included a new hijackthis as follows.

Thanks
Dana

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:31 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aliant\Aliant Security Services\rps.exe
C:\Program Files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/ns/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Aliant\Aliant Security Services\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url= "-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath= "C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ASA.exe] "C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Aliant\Aliant Security Services\IdxClnR.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Adware_ProMFCT] C:\Program Files\Adware_Pro\Adware_Pro.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Aliant\Aliant Security Services\IdxClnR.exe "
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142097753734
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - http://support.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Google Update Service (gupdate1c98dfc59cc5637) (gupdate1c98dfc59cc5637) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Aliant Security Services (Radialpoint Security Services) - Aliant - C:\Program Files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe
O23 - Service: Aliant Security Services Personal Firewall (RP_FWS) - Aliant - C:\Program Files\Aliant\Aliant Security Services\Fws.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe

--
End of file - 9454 bytes

Arie · 2009/03/03

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

(Hint: a HJT log alone isn't enough)

Dcmurray · 2009/03/03

Ad ware

Oops, Sorry! Some of the rules have changed since I was last here.

OK, First log as follows:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 17:01:59.62 on Tue 03/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.73 [GMT -4:00]

AV: Aliant Security Services Anti-Virus *On-access scanning enabled* (Updated)
FW: Aliant Security Services Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aliant\Aliant Security Services\rps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TOC0WVA3\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cbc.ca/ns/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\aliant\aliant security services\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PowerBar]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Adware_ProMFCT] c:\program files\adware_pro\Adware_Pro.exe
uRunOnce: [IndexCleaner] "c:\program files\aliant\aliant security services\IdxClnR.exe "
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url= "-appkey=motive

-windowcontext=reportagent -url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie

/browserpath= "c:\program files\common files\motive\MotiveBrowser.exe" /hidden
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [ASA.exe] "c:\program files\aliant\aliant servicepoint agent\ASA.exe" /AUTORUN
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142097753734
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://support.intel.com/design/motherbd/boardid/BoardID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-2-6 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-2-6 196368]
R3 Radialpoint Security Services;Aliant Security Services;c:\program files\aliant\aliant security

services\RpsSecurityAwareR.exe [2008-12-2 97520]
S2 gupdate1c98dfc59cc5637;Google Update Service (gupdate1c98dfc59cc5637);c:\program files\google\update\GoogleUpdate.exe

[2009-2-13 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-12-6 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-12-6 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-12-6 42112]

=============== Created Last 30 ================

==================== Find3M ====================

2009-01-14 09:53 29,680 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2006-11-03 09:21 14 a------- c:\documents and settings\owner\getfile.dat
2006-08-08 11:33 774,144 -------- c:\program files\RngInterstitial.dll
2004-10-01 14:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-09-22 17:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 17:03:02.96 ===============

Thanks

Dcmurray · 2009/03/03

Second Log

Second log as requested.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2006 5:15:28 PM
System Uptime: 3/3/2009 11:40:35 AM (6 hours ago)

Motherboard: Intel Corporation | | D945GPM
Processor: Intel(R) Celeron(R) CPU 3.06GHz | J3E1 | 3067/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 178.802 GiB free.
D: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82945G Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2772&SUBSYS_544E8086&REV_02\3&61AAA01&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82945G Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2772&SUBSYS_544E8086&REV_02\3&61AAA01&0&10
Service: ialm

==== System Restore Points ===================

RP157: 2/11/2009 1:07:24 PM - Software Distribution Service 3.0
RP158: 2/12/2009 5:11:55 PM - System Checkpoint
RP159: 2/13/2009 1:45:52 PM - RegCure Backup
RP160: 2/13/2009 1:46:01 PM - RegCure Backup
RP161: 2/14/2009 12:12:29 PM - RegCure Backup
RP162: 2/14/2009 6:16:11 PM - RegCure Backup
RP163: 2/15/2009 6:23:48 PM - System Checkpoint
RP164: 2/16/2009 7:11:23 PM - RegCure Backup
RP165: 2/17/2009 11:43:42 PM - System Checkpoint
RP166: 2/19/2009 5:46:30 PM - System Checkpoint
RP167: 2/21/2009 1:51:12 PM - System Checkpoint
RP168: 2/22/2009 11:25:00 PM - System Checkpoint
RP169: 2/23/2009 1:58:14 PM - RegCure Backup
RP170: 2/23/2009 2:18:54 PM - RegCure Backup
RP171: 2/23/2009 2:19:21 PM - RegCure Backup
RP172: 2/24/2009 12:48:08 PM - RegCure Backup
RP173: 2/24/2009 12:48:32 PM - RegCure Backup
RP174: 2/25/2009 1:15:03 PM - Software Distribution Service 3.0
RP175: 2/26/2009 12:55:11 PM - RegCure Backup
RP176: 2/27/2009 2:57:31 PM - RegCure Backup
RP177: 2/28/2009 2:21:02 PM - Restore Operation
RP178: 2/28/2009 2:40:31 PM - RegCure Backup
RP179: 2/28/2009 2:40:59 PM - RegCure Backup
RP180: 2/28/2009 2:55:21 PM - Restore Operation
RP181: 3/3/2009 12:21:52 PM - Installed QuickTax 2008.
RP182: 3/3/2009 1:55:34 PM - RegCure Backup

==== Installed Programs ======================

18 Wheels of Steel: Convoy 1.0
Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AiO_Scan_CDA
AiOSoftwareNPI
Aliant Internet Help & Support
Aliant Security Services
Aliant Servicepoint Agent 1.5.23
ArcSoft PhotoImpression
BufferChm
C3100
c3100_Help
CCleaner (remove only)
CleanUp!
Compatibility Pack for the 2007 Office system
CyberPix E-450V
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Solution
eSupportQFolder
Fax_CDA
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InCD
Indeo® Software
InstantShareDevicesMFC
Intel Audio Studio 2.0
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
InterActual Player
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 11
LG ODD Auto Firmware Update
Malwarebytes' RogueRemover
Microsoft .NET Framework 2.0
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money Essentials
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Moto Racer 3
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Multimedia Launcher
Nero Suite
neroxml
Net Assistant
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
PerfectDisk
Pivot Stickfigure Animator
PowerDVD
PowerProducer
ProductContextNPI
QuickTax 2007
QuickTax 2008
Readme
RegCure 1.5.1.3
Rhapsody Player Engine
RollerCoaster Tycoon 2
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS Backup
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB913433)
SigmaTel Audio
SolutionCenter
Spybot - Search & Destroy
Status
System Requirements Lab
Take Command - 2nd Manassas
Tom Clancy's Rainbow Six
Toolbox
TrayApp
Uninstall 1.0.0.1
Unload
URGE
WebFldrs XP
WebReg
Wildfire
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xbox 360 Controller for Windows

==== Event Viewer Messages From Past Week ========

2/24/2009 7:39:56 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: eeCtrl
2/24/2009 7:39:56 PM, error: Service Control Manager [7023] - The HidServ

service terminated with the following error: The system cannot find the file

specified.
2/24/2009 6:01:23 PM, error: Service Control Manager [7024] - The RemoteAccess

service terminated with service-specific error 2147500037 (0x80004005).
3/2/2009 10:27:38 PM, error: Dhcp [1002] - The IP address lease 192.168.2.10

for the Network Card with network address 001320E7F43F has been denied by the

DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Geri · 2009/03/05

Hi Dcmurray

Lets try this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri

Dcmurray · 2009/03/06

Hi Geri, Thank you for responding. Here is the log as requested.

Malwarebytes' Anti-Malware 1.34
Database version: 1824
Windows 5.1.2600 Service Pack 3

3/6/2009 9:25:42 AM
mbam-log-2009-03-06 (09-25-42).txt

Scan type: Quick Scan
Objects scanned: 89778
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba}

(Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcj14j0eg99 (Rogue.AntivirusXP2008) -> Quarantined and deleted

successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Thanks for your help!

Dana

Geri · 2009/03/06

Hi
Please post a new HJT log.

Thanks
Geri

Dcmurray · 2009/03/08

New Hijackthis log

New log as requested!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:20 PM, on 3/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aliant\Aliant Security Services\rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\Program Files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.cbc.ca/ns/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} -

C:\Program Files\Aliant\Aliant Security Services\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6}

- C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage

Manager\iaanotif.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common

Files\Motive\McciBootStrapper.exe" /url= "-APPKEY=Motive

-WindowContext=ReportAgent -url=file://C:\Program Files\Common

Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath= "C:\Program

Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKLM\..\Run: [ASA.exe] "C:\Program Files\Aliant\Aliant Servicepoint

Agent\ASA.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio

Studio\IntelAudioStudio.exe" BOOT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,717 -

https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5

Control) -

http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.ca

b
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) -

http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center

Base Module) -

http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_sit

e.cab?1142097753734
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -

http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) -

http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game

Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} -

http://support.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -

http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} -

C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} -

C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Google Update Service (gupdate1c98dfc59cc5637)

(gupdate1c98dfc59cc5637) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel

Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation

- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program

Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program

Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Aliant Security Services (Radialpoint Security Services) -

Aliant - C:\Program Files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe
O23 - Service: Aliant Security Services Personal Firewall (RP_FWS) - Aliant -

C:\Program Files\Aliant\Aliant Security Services\Fws.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program

Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe

--
End of file - 8810 bytes

Thankyou
Dana

Geri · 2009/03/09

Hi Dana
I'm not seeing Adware Pro in the HJT log.

Any more problems?

Geri

Dcmurray · 2009/03/10

Yes. All media skipping after playing for about 1 minute. The last time I had this problem, I bought Regcure and it solved the problem immediatley. I believe it to be a registry problem. Spybot scan always finds a file that it says it fixes but it always returns with the next scan. The file is called Microsoft.Windows.System. and it is in the registry. I wonder is this the problem?

Geri · 2009/03/10

Hi
OK please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

Dcmurray · 2009/03/11

Combo Fix Log - As requested

ComboFix 09-03-10.03 - Owner 2009-03-11 9:03:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.178 [GMT -3:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Aliant Security Services Anti-Virus *On-access scanning disabled* (Updated)
FW: Aliant Security Services Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-11 08:59 . 2009-03-11 08:59 <DIR> d-------- c:\windows\LastGood
2009-03-06 10:13 . 2009-03-06 10:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 10:13 . 2009-03-06 10:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-06 10:13 . 2009-03-06 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-06 10:13 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-06 10:13 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 17:45 . 2009-03-05 17:45 <DIR> d-------- C:\Start Menu
2009-03-03 13:22 . 2009-03-03 13:36 <DIR> d-------- c:\program files\QuickTax 2008
2009-02-28 15:53 . 2009-02-28 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 20:01 . 2008-02-15 13:45 172,032 --a------ c:\windows\system32\igfxres.dll
2009-02-19 15:07 . 2008-02-15 14:12 5,854,752 --a------ c:\windows\system32\drivers\igxpmp32.sys
2009-02-19 15:07 . 2008-02-15 14:12 2,643,968 --a------ c:\windows\system32\igxpdx32.dll
2009-02-19 15:07 . 2008-02-15 14:12 1,670,144 --a------ c:\windows\system32\igxpdv32.dll
2009-02-19 15:07 . 2008-02-15 13:49 176,128 --a------ c:\windows\system32\igfxrsky.lrc
2009-02-19 15:07 . 2008-02-15 13:49 172,032 --a------ c:\windows\system32\igfxrslv.lrc
2009-02-19 15:07 . 2008-02-15 14:12 151,040 --a------ c:\windows\system32\igxpgd32.dll
2009-02-19 15:07 . 2008-02-15 14:21 147,456 --a------ c:\windows\system32\igfxCoIn_v4926.dll
2009-02-19 15:07 . 2008-02-15 14:12 57,344 --a------ c:\windows\system32\igxprd32.dll
2009-02-19 15:06 . 2009-02-19 15:06 <DIR> d-------- c:\windows\system32\Lang
2009-02-19 15:06 . 2008-03-07 13:56 920,088 --a------ c:\windows\system32\igxpun.exe
2009-02-19 15:06 . 2006-11-10 09:25 319,456 --a------ c:\windows\system32\difxapi.dll
2009-02-19 15:04 . 2009-02-19 15:04 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-02-13 14:46 . 2007-12-05 20:19 1,522,995 --a------ c:\windows\_detmp.1
2009-02-13 13:55 . 2009-03-10 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 12:06 471,840 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-11 12:06 16,556,320 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-11 01:36 44,612 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-11 01:36 221,492 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-09 18:33 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-03-09 12:24 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-03 16:22 --------- d-----w c:\documents and settings\Owner\Application Data\Intuit Canada
2009-03-03 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit Canada
2009-02-28 18:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-27 14:39 --------- d-----w c:\program files\RogueRemover FREE
2009-02-23 00:27 --------- d-----w c:\documents and settings\Owner\Application Data\Image Zone Express
2009-02-22 23:02 --------- d-----w c:\documents and settings\Dallas\Application Data\HP
2009-02-13 17:00 --------- d-----w c:\program files\Google
2009-02-07 14:25 --------- d-----w c:\documents and settings\Logan\Application Data\LimeWire
2009-02-06 15:05 --------- d-----w c:\program files\Raxco
2009-02-06 15:05 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-02-06 15:04 --------- d-----w c:\program files\Aliant
2009-02-06 15:04 --------- d-----w c:\documents and settings\Owner\Application Data\Aliant
2009-02-06 15:04 --------- d-----w c:\documents and settings\Logan\Application Data\Aliant
2009-02-06 15:04 --------- d-----w c:\documents and settings\Kullen\Application Data\Aliant
2009-02-06 15:04 --------- d-----w c:\documents and settings\Guest\Application Data\Aliant
2009-02-06 15:04 --------- d-----w c:\documents and settings\Dallas\Application Data\Aliant
2009-02-06 15:03 --------- d-----w c:\program files\InstallShield Installation Information
2009-01-14 13:53 29,680 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-14 16:24 29,680 ----a-w c:\documents and settings\Dallas\Application Data\GDIPFONTCACHEV1.DAT
2008-11-24 19:51 29,680 ----a-w c:\documents and settings\Kullen\Application Data\GDIPFONTCACHEV1.DAT
2008-08-28 02:17 24 ----a-w c:\documents and settings\Kullen\jagex_runescape_preferences.dat
2006-11-03 13:21 14 ----a-w c:\documents and settings\Owner\getfile.dat
2006-11-01 21:49 14 ----a-w c:\documents and settings\Logan\getfile.dat
2006-10-29 01:10 14 ----a-w c:\documents and settings\Kullen\getfile.dat
2006-10-27 04:29 14 ----a-w c:\documents and settings\Guest\getfile.dat
2006-10-27 01:02 14 ----a-w c:\documents and settings\Dallas\getfile.dat
2006-08-08 15:33 774,144 ------w c:\program files\RngInterstitial.dll
2004-10-01 18:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2008-09-22 21:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092220080923\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"MotiveReportAgent "= "c:\program files\Common Files\Motive\McciBootStrapper.exe" [2007-05-23 202240]
"ASA.exe "= "c:\program files\Aliant\Aliant Servicepoint Agent\ASA.exe" [2008-11-19 2303216]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IntelAudioStudio "= "c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-01-15 8744960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0pfdnnt c:\windows\system32\pfdnnt_actions.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Net Assistant.lnk]
backup=c:\windows\pss\Net Assistant.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adware_ProMFCT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hkcmd]
--a------ 2008-02-15 13:46 159744 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWuSchd2]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2008-02-15 13:46 159744 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2008-02-15 13:46 131072 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--------- 2006-01-15 02:05 8744960 c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--------- 2006-08-03 12:14 397312 c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveSB]
--------- 2006-08-03 12:14 397312 c:\progra~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 16:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-03 08:49 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\MotoRacer3\\MotoRacer3.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1253:UDP "= 1253:UDP:Windows Media Format SDK (wmplayer.exe)
"1252:UDP "= 1252:UDP:Windows Media Format SDK (wmplayer.exe)
"1255:UDP "= 1255:UDP:Windows Media Format SDK (wmplayer.exe)
"3719:UDP "= 3719:UDP:Windows Media Format SDK (iexplore.exe)
"3718:UDP "= 3718:UDP:Windows Media Format SDK (iexplore.exe)
"1723:TCP "= 1723:TCPxpsp2res.dll,-22015
"1701:UDP "= 1701:UDPxpsp2res.dll,-22016
"500:UDP "= 500:UDPxpsp2res.dll,-22017

S2 gupdate1c98dfc59cc5637;Google Update Service (gupdate1c98dfc59cc5637);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-12-06 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-12-06 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-12-06 42112]
S3 Radialpoint Security Services;Aliant Security Services;c:\program files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe [2008-12-02 97520]
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~1\Ad-Aware.exe []

2009-02-15 c:\windows\Tasks\AVG Free Control Center.job
- c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe []

2008-12-15 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\ccleaner.exe [2008-07-29 10:41]

2008-12-15 c:\windows\Tasks\CleanUp!.job
- c:\progra~1\CleanUp!\Cleanup.exe [2006-06-25 18:05]

2009-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 13:55]

2009-03-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 13:58]

2009-02-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe []

2009-03-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 15:55]

2008-12-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 15:55]

2008-12-15 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2009-01-26 16:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbc.ca/ns/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\QuickTax 2008\ic2008pp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://support.intel.com/design/motherbd/boardid/BoardID.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 09:06:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????B~????????????&?B~l?@?l?@????? ?????????????D~0?B~????&?B~?xB~x????????xB~???????? ???????????S??|x???0???????????Q?stA?B~?????????????????ze?????L???????l?@?l?@?????zwB~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-252297214-3032256712-3859298460-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-252297214-3032256712-3859298460-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(1984)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(1948)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-11 9:11:11
ComboFix-quarantined-files.txt 2009-03-11 12:11:06
ComboFix2.txt 2008-11-21 13:33:35
ComboFix3.txt 2008-08-12 03:03:30

Pre-Run: 193,712,209,920 bytes free
Post-Run: 193,711,124,480 bytes free

248 --- E O F --- 2009-02-25 17:16:55

PS Is there any programs that run in the background that I don't really need?

thanks

Dana

Dcmurray · 2009/03/11

I just ran CCleaner and it picked up a problem. "Missing Startup Software ". The Data on this problem is "C:\Program\Files\Adware_Pro\Adware.exe" and is found at "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ". After CCleaner "fixed" the problem I ran the scan again and it still persists. I then ran RegCure, it found the problem and fixed it, but again it still persists. Seems to be still around somehow.

Thanks

Dana

Dcmurray · 2009/03/11

Hi Geri, Just looking around and found this. Would you please have a look? Is it helpful?

http://forums.whatthetech.com/back_door_virus_t100403.html

Thanks
Dana

Geri · 2009/03/11

Hi Dana
The person in that link had more problems then just Ad WarePro.

I don't recommend using CCleaner to fix registry items, I've seen it do bad things.

Lets get a on line scan.

Run CCleaner to remove cookies, then do this.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

The program will launch and then begin downloading the latest definition files:

Under Scan on the left side.Click on My Computer

This will start the program and scan your system.

Click the “Scan Report” On the left side.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:

Save the text file to your desktop.

Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

Dcmurray · 2009/03/12

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 12, 2009 16:30:14
Records in database: 1891362
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 122592
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:05:57

No malware has been detected. The scan area is clean.

The selected area was scanned.

Scan results as requested.

Thanks

Dana

Geri · 2009/03/12

Hi Dana
OK that ones clean.

Let see what this shows, again make sure you remove cookies before the scan.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Click the big Scan Now button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, click on My Computer to start the scan

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

Dcmurray · 2009/03/16

Hi Geri, for some reason, Panda won't get past trying to update. I've tried shutting down my security, but no go. Computer still running awful on my account. Other accounts are running fine.

Thanks
Dana

Geri · 2009/03/16

Hi Dana
OK the scan that were shown, were they taken while logged onto your account?

Geri

Dcmurray · 2009/03/17

Yes, all scans are done from my account (Administrator)

Log in or Sign up

Active Adware Pro

Dcmurray Well-Known Member Thread Starter

Arie Administrator Administrator Staff

Dcmurray Well-Known Member Thread Starter

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Dcmurray Well-Known Member Thread Starter

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Active Adware Pro

Dcmurray Well-Known Member Thread Starter

Arie Administrator Administrator Staff

Dcmurray Well-Known Member Thread Starter

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Dcmurray Well-Known Member Thread Starter

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Geri Inactive Alumni

Dcmurray Well-Known Member Thread Starter

Share This Page

Useful Searches