Active scvhost.exe and ssttu.exe message box all ways pops up

medi · 2010/01/21

[Active] scvhost.exe and ssttu.exe message box all ways pops up

i have this message box popping up every time i turn on my PC. i don't know what it is so im really confused. i ran the norton scan and it didnt show and sign of virus or bug.

my DDS shows this and i have no clue what it is

DDS (Ver_09-12-01.01) - NTFSx86
Run by PACKARD BELL at 14:37:47.98 on 21/01/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.759.455 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\dds.pif

============== Pseudo HJT Report ===============

mWinlogon: Shell=Explorer.exe
uWindows: load=c:\windows\system32\ssttu.exe
uWindows: run=c:\windows\system32\scvhost.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6145\SiteAdv.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {bfefdc97-c66d-5dbb-79c4-8d105322f6a5}: {5a6f2235-01d8-4c97-bbd5-d66c79cdfefb} - c:\windows\system32\xsrqybcl.dll
BHO: {74128e40-a67d-4a85-8fb5-12e11964c183} - c:\windows\system32\ssttu.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a95b2816-1d7e-4561-a202-68c0de02353a} - c:\windows\system32\qprxdjuh.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6145\SiteAdv.dll
TB: Miniclip: {4e7bd74f-2b8d-469e-89b3-be29f5d3e32d} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [Redg] "c:\program files\common files\?ecurity\w?wexec.exe "
uRun: [Nles] "c:\docume~1\packar~1\mydocu~1\tsks~1\nslookup.exe" -vt ndrv
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [SiS Tray] c:\windows\system32\sistray .EXE
mRun: [SiS KHooker] c:\windows\system32\khooker.exe
mRun: [UIUCU] c:\docume~1\packar~1\locals~1\temp\UIUCU.EXE -CLEAN_UP
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [RFX_auto_upgrade]
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [wgdsgvlm] c:\windows\system32\rcfpdbbj.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe "
mRun: [Microsoft Setup Initialization] rundll32.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [d45d6cb7] rundll32.exe "c:\windows\system32\rciuqecs.dll ",b
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [SiteAdvisor] c:\program files\siteadvisor\6145\SiteAdv.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRunServices: [Microsoft Setup Initialization] rundll32.exe
mExplorerRun: [Generic Host Process] c:\windows\system32\scvhost.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6145\SiteAdv.dll
Notify: ddcdbxx - ddcdbxx.dll
Notify: igfxcui - igfxdev.dll
Notify: jkkkijj - jkkkijj.dll
Notify: qprxdjuh - qprxdjuh.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {e908a6a7-026c-4fbe-93a9-96020beead53} - c:\windows\system32\ddcdbxx.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssttu

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-1-3 201288]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-1-3 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-1-3 35240]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-1-3 40488]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2008-10-6 228352]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-1-3 33800]

=============== Created Last 30 ================

==================== Find3M ====================

2010-01-21 14:37:49 7776 --sha-w- c:\windows\system32\uttss.ini2
2010-01-21 14:30:27 268435456 --sha-w- c:\windows\system32\temppf.sys
2008-01-04 18:02:19 41724 -csh--w- c:\program files\common files\Yazzle1848OinUninstaller.exe
2007-10-11 20:00:36 145920 -csh--w- c:\program files\common files\Yazzle1848OinAdmin.exe
2006-03-15 15:11:20 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-01-18 12:01:48 0 -c--a-w- c:\program files\common files\PATCH.ERR
2003-08-19 22:37:24 3679 -c--a-w- c:\program files\IEVA.jpg
2002-12-12 00:50:54 508240 -c--a-w- c:\program files\ie6setup.exe

============= FINISH: 14:41:10.10 ===============

broni · 2010/01/21

Second part of DDS log is missing. Please, post it.
Are you running two AV programs, McAfee and Norton?

medi · 2010/01/21

1st. the problem is that i didnt use the computer for 2-3 years so the antivirus has ran out. i will be updating that aswell.
2nd. is this the 2nd part of the DDS?

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 27/08/2007 14:16:41
System Uptime: 21/01/2010 14:29:56 (0 hours ago)

Motherboard: | | P4i65G
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | mPGA478 | 1997/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 35 GiB total, 20.475 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 14/01/2010 22:21:55 - System Checkpoint
RP2: 14/01/2010 22:32:39 - Restore Operation
RP3: 21/01/2010 11:51:52 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AviSynth 2.5
Aztech CNR V.92 Modem
BroadJump Client Foundation
C-Media WDM Audio Driver
ccCommon
CCScore
Critical Update for Windows Media Player 11 (KB959772)
Digital Camera Driver
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623
Free YouTube to iPod Converter version 2.8
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Image Transfer
ImageMixer for Sony
Intel(R) Extreme Graphics 2 Driver
Java(TM) 6 Update 3
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LiveUpdate 3.1 (Symantec Corporation)
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech ImageStudio
Logitech Print Service
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee Uninstall Wizard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Media Player
NeroVision Express 2
neroxml
netbrdg
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia PC Connectivity Solution
Norton AntiVirus
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
OfotoXMI
Outerinfo
PDF Settings
PhonePoint
PowerDVD
PowerISO
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Rhapsody Player Engine
RichFX Player
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
SigmaTel C-Major Audio
SiS 650
skin0001
SKINXSDK
Sony USB Driver
staticcr
Symantec
tooltips
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 5 SE
Uninstall 1.0.0.0
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WIRELESS

==== Event Viewer Messages From Past Week ========

14/01/2010 23:41:38, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/01/2010 21:11:41, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
14/01/2010 21:04:47, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
14/01/2010 20:38:58, error: NetBT [4311] - Initialization failed because the driver device could not be created.

==== End Of File ===========================

broni · 2010/01/21

I suggest, you....
1. Download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
2. Uninstall McAfee through Add\Remove. Then, run McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
3. Download and install one of these:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program and run full scan.

Let me know, when you're done.

medi · 2010/01/21

guess what i was doing the last bit of the instruction and my PC had to restart but now it dosnt turn on properly.:[

when i turn on the PC it gets past the welcome bit and my wallpaper appears and thats all. nothing else comes up.

broni · 2010/01/21

At what exact step were you, when it happened.
Can you open Task Manager?
If so, try to click on new task, enter:
explorer.exe
Click OK.
Does it bring desktop back?

medi · 2010/01/22

ok broni i have completed your instructions.
i dont know what went on with the computer last night, as i was completing the intructions i had to restart the PC and when it got to the welcome page it stopped.

but now its working properly and i should get on with further instructions.

broni · 2010/01/22

Ok

medi · 2010/01/22

but the message boxes still appear. and its slower than before.

broni · 2010/01/22

We barely started.
Are you done with all steps?

medi · 2010/01/22

yes i have done what you said so far.

broni · 2010/01/22

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

medi · 2010/01/22

i have done all of those things and here they are.

THIS IS THE C:\ComboFix.txt
ComboFix 10-01-21.08 - PACKARD BELL 22/01/2010 23:04:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.759.418 [GMT 0:00]
Running from: c:\documents and settings\PACKARD BELL\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PACKAR~1\LOCALS~1\Temp\mcupdate_1264108879.exe
c:\docume~1\PACKAR~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\PACKAR~1\LOCALS~1\Temp\TMPB0.tmp
c:\documents and settings\PACKARD BELL\Application Data\Starware
c:\documents and settings\PACKARD BELL\Application Data\Starware\Manager\ManagerOptions.xml
c:\documents and settings\PACKARD BELL\Application Data\Starware\Manager\ManagerOptions.xml.backup
c:\documents and settings\PACKARD BELL\Local Settings\Temp\mcupdate_1264108879.exe
c:\documents and settings\PACKARD BELL\Local Settings\Temp\TMPB0.tmp
c:\documents and settings\PACKARD BELL\Start Menu\Programs\Outerinfo
c:\documents and settings\PACKARD BELL\Start Menu\Programs\Outerinfo\Terms.lnk
c:\documents and settings\PACKARD BELL\Start Menu\Programs\Outerinfo\Uninstall.lnk
c:\program files\Common Files\ecurit~1
c:\program files\Common Files\pppatc~1
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Common Files\Yazzle1848OinAdmin.exe
c:\program files\Common Files\Yazzle1848OinUninstaller.exe
c:\program files\internet optimizer
c:\program files\Logitech\ImageStudio\LogiTray.exe
c:\program files\outerinfo
c:\program files\outerinfo\FF\chrome.manifest
c:\program files\outerinfo\FF\components\OuterinfoAds.xpt
c:\program files\outerinfo\FF\install.rdf
c:\program files\outerinfo\outerinfo.ico
c:\program files\outerinfo\Terms.rtf
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\screensavers.com
c:\program files\screensavers.com\Wallpaper\swpstart.exe
c:\program files\SiteAdvisor\6145\SiteAdv.exe
c:\program files\ssembl~1
c:\program files\SurfAccuracy
c:\program files\Virgin Broadband Wireless\Wireless Manager.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-1085031214-764733703-725345543-1005
c:\recycler\S-1-5-21-583907252-813497703-725345543-1004
c:\recycler\S-1-5-21-583907252-813497703-725345543-1007
c:\recycler\S-1-5-21-583907252-813497703-725345543-1008
c:\recycler\S-1-5-21-583907252-813497703-725345543-501
c:\windows\cookies.ini
c:\windows\Downloaded Program Files\UWFX6_0001_N68M1302NetInstaller.exe
c:\windows\EventSystem.log
c:\windows\htpatch .exe
c:\windows\system32\ckl009.dat
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\nusrmgr.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qprxdjuh.dll
c:\windows\system32\qprxdjuh.dllbox
c:\windows\system32\rciuqecs.dll
c:\windows\system32\RCX5A.tmp
c:\windows\system32\scequicr.ini
c:\windows\system32\ssttu.dll
c:\windows\system32\ssttu.exe
c:\windows\system32\twain_32.dll
c:\windows\system32\ufkbromj.ini
c:\windows\system32\uttss.ini
c:\windows\system32\uttss.ini2
c:\windows\system32\WanPacket.dll
c:\windows\system32\wnscpsv.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\xsrqybcl.dll
Code:
 <pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe ---^> c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Logitech\ImageStudio\LogiTray .exe ---^> c:\program files\Logitech\ImageStudio\LogiTray.exe
c:\program files\QuickTime\QTTask            .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask           .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask          .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask         .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask        .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask       .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask      .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask     .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask    .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask   .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask  .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\QuickTime\QTTask .exe ---^> c:\program files\QuickTime\QTTask.exe
c:\program files\SiteAdvisor\6145\SiteAdv .exe ---^> c:\program files\SiteAdvisor\6145\SiteAdv.exe
</pre> 
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-22 22:47 . 2010-01-22 22:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Affinegy
2010-01-22 22:06 . 2010-01-22 22:06 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor
2010-01-22 22:05 . 2010-01-22 22:05 -------- d-----w- c:\documents and settings\PACKARD BELL\Application Data\SiteAdvisor
2010-01-22 21:06 . 2010-01-22 22:13 -------- d-----w- c:\documents and settings\PACKARD BELL\Application Data\Comodo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 23:28 . 2008-07-21 17:48 -------- d-----w- c:\program files\QuickTime
2010-01-22 23:19 . 2010-01-22 22:47 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-01-22 22:18 . 2005-10-16 16:10 -------- d-----w- c:\program files\McAfee
2010-01-22 22:17 . 2010-01-22 21:04 -------- d-----w- c:\program files\COMODO
2010-01-22 22:16 . 2010-01-22 21:11 119936 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-22 22:08 . 2008-01-03 19:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2010-01-22 22:07 . 2010-01-22 22:05 -------- d-----w- c:\program files\SiteAdvisor
2010-01-22 22:06 . 2008-09-28 16:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2010-01-22 22:00 . 2010-01-22 21:56 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-22 21:57 . 2010-01-22 21:56 -------- d-----w- c:\program files\McAfee.com
2010-01-21 21:05 . 2002-07-04 23:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-21 21:05 . 2006-01-18 21:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-01-14 21:45 . 2007-10-05 16:13 -------- d-----w- c:\program files\Azureus
2010-01-14 21:25 . 2007-10-12 16:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2010-01-14 21:25 . 2007-10-12 16:28 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-14 21:15 . 2006-02-18 08:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems
2010-01-14 21:15 . 2002-05-16 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 21:14 . 2006-02-18 08:44 -------- d-----w- c:\documents and settings\PACKARD BELL\Application Data\Ulead Systems
2010-01-14 21:13 . 2002-12-09 23:18 -------- d-----w- c:\program files\Yahoo!
2010-01-14 20:55 . 2007-11-13 16:31 -------- d-----w- c:\program files\Common Files\Macromedia
2006-03-15 15:11 . 2006-03-15 15:11 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-01-18 12:01 . 2005-10-24 22:44 0 -c--a-w- c:\program files\Common Files\PATCH.ERR
2003-08-19 22:37 . 2003-08-19 22:37 3679 -c--a-w- c:\program files\IEVA.jpg
2002-12-12 00:50 . 2002-12-12 00:48 508240 -c--a-w- c:\program files\ie6setup.exe
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\system32\temppf.sys
.
Code:
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\BroadJump\Client Foundation\CFD .exe
c:\program files\Common Files\Logitech\QCDriver2\LVCOMS .EXE
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
c:\program files\Logitech\ImageStudio\ISStart .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MSN Messenger\MsnMsgr .Exe
c:\program files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
c:\program files\Nokia\Nokia PC Suite 6\PcSync2 .exe
c:\program files\Norton AntiVirus\osCheck .exe
c:\program files\PowerISO\PWRISOVM .EXE
c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor .exe
c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck .exe
c:\program files\Yahoo!\Messenger\YahooMessenger  .exe
c:\program files\Yahoo!\Messenger\YAHOOM~1 .EXE
</pre>
------- Sigcheck -------

[7] 2008-12-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2003-03-31 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\ctfmon.exe
[-] 2003-03-31 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\backup\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Redg "= "c:\program files\Common Files\?ecurity\w?wexec.exe" [?]
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [N/A]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [N/A]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"PcSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]
"Nles "= "c:\docume~1\PACKAR~1\MYDOCU~1\TSKS~1\nslookup.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"HTpatch "= "c:\windows\htpatch.exe" [N/A]
"SiS Tray "= "c:\windows\System32\sistray .EXE" [N/A]
"SiS KHooker "= "c:\windows\System32\khooker.exe" [N/A]
"Ulead AutoDetector "= "c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [N/A]
"RFX_auto_upgrade "=" " [N/A]
"LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [N/A]
"LogitechGalleryRepair "= "c:\program files\Logitech\ImageStudio\ISStart.exe" [N/A]
"LogitechImageStudioTray "= "c:\program files\Logitech\ImageStudio\LogiTray.exe" [2010-01-22 45056]
"wgdsgvlm "= "c:\windows\System32\rcfpdbbj.exe" [N/A]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
"igfxtray "= "c:\windows\System32\igfxtray.exe" [N/A]
"igfxhkcmd "= "c:\windows\System32\hkcmd.exe" [N/A]
"igfxpers "= "c:\windows\System32\igfxpers.exe" [N/A]
"Microsoft Setup Initialization "= "rundll32.exe" [2006-02-28 33280]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [N/A]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2010-01-22 589824]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"d45d6cb7 "= "c:\windows\system32\rciuqecs.dll" [N/A]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-22 198160]
"Cmaudio "= "cmicnfg.cpl" [N/A]
"SiteAdvisor "= "c:\program files\SiteAdvisor\6145\SiteAdv.exe" [2010-01-22 36640]
"Wireless Manager "= "c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Generic Host Process "= "c:\windows\system32\scvhost.exe" [N/A]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\MSN Messenger\\MsnMsgr .Exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [06/10/2008 18:56 228352]
S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [10/12/2001 23:02 296179]
S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [11/12/2001 10:04 231983]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29/11/2001 15:09 1432836]
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\Accessibility Wizard.job
- c:\windows\system32\accwiz.exe [2006-01-18 12:00]

2010-01-22 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-01-22 18:02]

2010-01-22 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-01-22 18:02]
.
.
------- Supplementary Scan -------
.
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{5a6f2235-01d8-4c97-bbd5-d66c79cdfefb} - c:\windows\system32\xsrqybcl.dll
BHO-{A95B2816-1D7E-4561-A202-68C0DE02353A} - c:\windows\system32\qprxdjuh.dll
BHO-{EB576E09-EB2A-48EB-BB28-0B312A3A7D48} - c:\windows\system32\ssttu.dll
ShellExecuteHooks-{E908A6A7-026C-4FBE-93A9-96020BEEAD53} - c:\windows\system32\ddcdbxx.dll
Notify-ddcdbxx - ddcdbxx.dll
Notify-jkkkijj - jkkkijj.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 23:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????HG?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-764733703-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1085031214-764733703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E429E57-B484-A52C-49BD-863CFEA9F0CF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapnbndlcdgihkheop "=hex:6a,61,70,67,6b,70,6d,62,66,68,6a,61,69,68,62,6c,65,6e,
66,70,00,ef
"hafpdpankpkcndng "=hex:6a,61,70,67,6b,70,6d,62,66,68,6a,61,69,68,62,6c,65,6e,
66,70,00,ef
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1568)
c:\program files\SiteAdvisor\6145\saHook.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\McAfee\MSC\mcpromgr.exe
c:\progra~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\SiteAdvisor\6145\SAService.exe
c:\windows\system32\wscntfy.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\LVComS.exe
.
**************************************************************************
.
Completion time: 2010-01-22 23:41:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-22 23:41

Pre-Run: 20,671,754,240 bytes free
Post-Run: 20,594,110,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9C6BB40C258870F40A3461CBC2670047

medi · 2010/01/22

and this is the HIJACKTHIS!!
I WOULD LIKE TO THANK YOU FOR YOUR TIME IN TRYING TO HELP ME I REALLY APPRECIATE WHAT YOU DO . THANK YOU
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:17, on 22/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray .EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [wgdsgvlm] C:\WINDOWS\System32\rcfpdbbj.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [d45d6cb7] rundll32.exe "C:\WINDOWS\system32\rciuqecs.dll ",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Redg] "C:\Program Files\Common Files\?ecurity\w?wexec.exe "
O4 - HKCU\..\Run: [Nles] "C:\DOCUME~1\PACKAR~1\MYDOCU~1\TSKS~1\nslookup.exe" -vt ndrv
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://www.msn.co.uk/

--
End of file - 9811 bytes

broni · 2010/01/22

What are those code boxes for?

medi · 2010/01/22

i have no idea, all i know that those programmes that are listed on it are the ones i have on my PC.

broni · 2010/01/22

Oh, I see now what's going on. Hold on.

broni · 2010/01/22

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\drivers\sfi.dat
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\BroadJump\Client Foundation\CFD .exe
c:\program files\Common Files\Logitech\QCDriver2\LVCOMS .EXE
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
c:\program files\Logitech\ImageStudio\ISStart .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MSN Messenger\MsnMsgr .Exe
c:\program files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
c:\program files\Nokia\Nokia PC Suite 6\PcSync2 .exe
c:\program files\Norton AntiVirus\osCheck .exe
c:\program files\PowerISO\PWRISOVM .EXE
c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor .exe
c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck .exe
c:\program files\Yahoo!\Messenger\YahooMessenger  .exe
c:\program files\Yahoo!\Messenger\YAHOOM~1 .EXE
</pre>



Folder::
c:\program files\COMODO
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users.WINDOWS\Application Data\Symantec


Driver::

MIA::
c:\windows\System32\ctfmon.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Redg "=-

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

medi · 2010/01/22

whilst i am doing this. another message box comes up saying "error loading windows\system32\rciuqecs.dll specific module could not be found "

medi · 2010/01/22

this is the combofix.txt

ComboFix 10-01-21.08 - PACKARD BELL 23/01/2010 1:12.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.759.476 [GMT 0:00]
Running from: c:\documents and settings\PACKARD BELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PACKARD BELL\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\drivers\sfi.dat "
.

((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 00:50 . 2008-12-04 16:55 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-01-23 00:50 . 2008-12-04 16:55 15360 ------w- c:\windows\system32\ctfmon.exe
2010-01-22 23:43 . 2010-01-22 23:43 -------- d-----w- c:\program files\Trend Micro
2010-01-22 22:48 . 2008-05-26 16:09 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2010-01-22 22:47 . 2010-01-22 23:19 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-01-22 22:47 . 2010-01-22 22:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Affinegy
2010-01-22 22:06 . 2010-01-22 22:06 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor
2010-01-22 22:05 . 2010-01-22 22:07 -------- d-----w- c:\program files\SiteAdvisor
2010-01-22 22:05 . 2010-01-22 22:05 -------- d-----w- c:\documents and settings\PACKARD BELL\Application Data\SiteAdvisor
2010-01-22 22:01 . 2006-12-22 16:02 32008 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-22 22:01 . 2006-12-22 16:02 37480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-22 22:01 . 2006-12-22 16:02 34184 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-22 22:00 . 2006-12-22 16:02 170408 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-22 22:00 . 2006-12-22 16:02 71496 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-22 22:00 . 2007-03-02 14:16 109608 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-22 21:56 . 2010-01-22 21:57 -------- d-----w- c:\program files\McAfee.com
2010-01-22 21:56 . 2010-01-22 22:00 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-22 21:06 . 2010-01-22 22:13 -------- d-----w- c:\documents and settings\PACKARD BELL\Application Data\Comodo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 23:28 . 2008-07-21 17:48 -------- d-----w- c:\program files\QuickTime
2010-01-22 22:18 . 2005-10-16 16:10 -------- d-----w- c:\program files\McAfee
2010-01-22 22:08 . 2008-01-03 19:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2010-01-22 22:06 . 2008-09-28 16:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2010-01-14 21:45 . 2007-10-05 16:13 -------- d-----w- c:\program files\Azureus
2010-01-14 21:25 . 2007-10-12 16:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2010-01-14 21:25 . 2007-10-12 16:28 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-14 21:15 . 2006-02-18 08:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems
2010-01-14 21:15 . 2002-05-16 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 21:14 . 2006-02-18 08:44 -------- d-----w- c:\documents and settings\PACKARD BELL\Application Data\Ulead Systems
2010-01-14 21:13 . 2002-12-09 23:18 -------- d-----w- c:\program files\Yahoo!
2010-01-14 20:55 . 2007-11-13 16:31 -------- d-----w- c:\program files\Common Files\Macromedia
2006-03-15 15:11 . 2006-03-15 15:11 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-01-18 12:01 . 2005-10-24 22:44 0 -c--a-w- c:\program files\Common Files\PATCH.ERR
2003-08-19 22:37 . 2003-08-19 22:37 3679 -c--a-w- c:\program files\IEVA.jpg
2002-12-12 00:50 . 2002-12-12 00:48 508240 -c--a-w- c:\program files\ie6setup.exe
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\system32\temppf.sys
.
Code:
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\BroadJump\Client Foundation\CFD .exe
c:\program files\Common Files\Logitech\QCDriver2\LVCOMS .EXE
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
c:\program files\Logitech\ImageStudio\ISStart .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MSN Messenger\MsnMsgr .Exe
c:\program files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
c:\program files\Nokia\Nokia PC Suite 6\PcSync2 .exe
c:\program files\Norton AntiVirus\osCheck .exe
c:\program files\PowerISO\PWRISOVM .EXE
c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor .exe
c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck .exe
c:\program files\Yahoo!\Messenger\YahooMessenger  .exe
c:\program files\Yahoo!\Messenger\YAHOOM~1 .EXE
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [N/A]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [N/A]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"PcSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]
"Nles "= "c:\docume~1\PACKAR~1\MYDOCU~1\TSKS~1\nslookup.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"HTpatch "= "c:\windows\htpatch.exe" [N/A]
"SiS Tray "= "c:\windows\System32\sistray .EXE" [N/A]
"SiS KHooker "= "c:\windows\System32\khooker.exe" [N/A]
"Ulead AutoDetector "= "c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [N/A]
"RFX_auto_upgrade "=" " [N/A]
"LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [N/A]
"LogitechGalleryRepair "= "c:\program files\Logitech\ImageStudio\ISStart.exe" [N/A]
"LogitechImageStudioTray "= "c:\program files\Logitech\ImageStudio\LogiTray.exe" [2010-01-22 45056]
"wgdsgvlm "= "c:\windows\System32\rcfpdbbj.exe" [N/A]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
"igfxtray "= "c:\windows\System32\igfxtray.exe" [N/A]
"igfxhkcmd "= "c:\windows\System32\hkcmd.exe" [N/A]
"igfxpers "= "c:\windows\System32\igfxpers.exe" [N/A]
"Microsoft Setup Initialization "= "rundll32.exe" [2006-02-28 33280]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [N/A]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2010-01-22 589824]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"d45d6cb7 "= "c:\windows\system32\rciuqecs.dll" [N/A]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-22 198160]
"Cmaudio "= "cmicnfg.cpl" [N/A]
"SiteAdvisor "= "c:\program files\SiteAdvisor\6145\SiteAdv.exe" [2010-01-22 36640]
"Wireless Manager "= "c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Generic Host Process "= "c:\windows\system32\scvhost.exe" [N/A]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\MSN Messenger\\MsnMsgr .Exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [06/10/2008 18:56 228352]
S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [10/12/2001 23:02 296179]
S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [11/12/2001 10:04 231983]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29/11/2001 15:09 1432836]
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\Accessibility Wizard.job
- c:\windows\system32\accwiz.exe [2006-01-18 12:00]

2010-01-22 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-01-22 18:02]

2010-01-22 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-01-22 18:02]
.
.
------- Supplementary Scan -------
.
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 01:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????HG?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-764733703-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1085031214-764733703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E429E57-B484-A52C-49BD-863CFEA9F0CF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapnbndlcdgihkheop "=hex:6a,61,70,67,6b,70,6d,62,66,68,6a,61,69,68,62,6c,65,6e,
66,70,00,ef
"hafpdpankpkcndng "=hex:6a,61,70,67,6b,70,6d,62,66,68,6a,61,69,68,62,6c,65,6e,
66,70,00,ef
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2200)
c:\program files\SiteAdvisor\6145\saHook.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-23 01:27:40
ComboFix-quarantined-files.txt 2010-01-23 01:27
ComboFix2.txt 2010-01-23 00:55
ComboFix3.txt 2010-01-22 23:41

Pre-Run: 20,034,998,272 bytes free
Post-Run: 19,998,666,752 bytes free

- - End Of File - - 1AFBD92FCBC690F4EC5D3CC4BA39D8E8

Log in or Sign up

Active scvhost.exe and ssttu.exe message box all ways pops up

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

medi Inactive Thread Starter

medi Inactive Thread Starter

Share This Page

Log in or Sign up

Active scvhost.exe and ssttu.exe message box all ways pops up

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

medi Inactive Thread Starter

broni Moderator Malware Analyst

medi Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

medi Inactive Thread Starter

medi Inactive Thread Starter

Share This Page

Useful Searches