# Mcafee Error Getting Scan Progress



## Mackoo (Jul 17, 2003)

I get the McAfee error message [I*]Error Getting Scan Progress *[/I]each time I try to run a scan plus I have uninstalled and reinstalled and still nothing.

Now today all my McAfee update tries tell me to uninstall and reinstall the software.

Now I do have an option being I am getting this McAfee from AOL free but I can also get free Charter anti virus and wonder if I just went ahead and uninstalled the McAfees and installed Charters if this would solve the problem or is this more extensive than that?

Any ideas on what I need to do I have been fighting this for almost a week now?

Also I can run Eset scan and it comes up clean.

Mackoo


----------



## Phantom010 (Mar 9, 2009)

Please click *here* to download and install the *HijackThis installer*.​
Run it and select *Do a system scan and save a logfile*.

The log will be saved in Notepad. Copy and paste the log in your next post.

*Do not fix anything*​


----------



## Mackoo (Jul 17, 2003)

Thanks for the reply.

I did as instructed and downloaded the Hijackthis actually saw the log being made then it disappeared. So when I went to my desktop I click the icon and I get the following message *Windows cannot access the speciffied device, path, file. You may not have the appropriate permission t access the item.*
Not sure what that message means but I am the sole owner of my computer.

Now what?


----------



## Phantom010 (Mar 9, 2009)

Try the following:

Right-click on the HijackThis installer;

Select Properties;

Click on Unblock.

If no luck,

Try taking ownership of the file.

If you can't see the Security tab, read this.


----------



## Mackoo (Jul 17, 2003)

I don't see anywhere to unblock or the word unblock.


----------



## Phantom010 (Mar 9, 2009)

When you right-click on the HijackThis installer setup file (.exe), don't you see the Unblock button? If not, try the second method.

By the way, are you running XP or Vista. It might help to know.

If using Vista, read this. Or disable UAC.


----------



## Mackoo (Jul 17, 2003)

Windows XP


----------



## Phantom010 (Mar 9, 2009)

> Try taking ownership of the file.
> 
> If you can't see the Security tab, read this.


----------



## Mackoo (Jul 17, 2003)

I have the Windows XP Home Edition not sure if that matters.


----------



## Phantom010 (Mar 9, 2009)

Mackoo said:


> I have the Windows XP Home Edition not sure if that matters.


Yes, it matters.

To see the Security tab, you must boot into Safe Mode.


----------



## Mackoo (Jul 17, 2003)

OK I may try this in the morning and get back with you.

Hope I can do this without messing my computer up


----------



## Phantom010 (Mar 9, 2009)

How many antivirus programs are you running at the same time?


----------



## Mackoo (Jul 17, 2003)

Only one now which is the McAfees. 

I have the option of using Charters as it's free as I have Charter Internet and the other I used it online to scan but didn't save it.


----------



## Mackoo (Jul 17, 2003)

Other word nothing else is downloaded but McAfees.


----------



## Mackoo (Jul 17, 2003)

Quick question, is the Safe Mode run just like the regular use of Windows XP where I know my way around? Guess that makes sense.


----------



## Phantom010 (Mar 9, 2009)

Yes, you'll know your way around. Anyway, it's just to make the Security tab appear. Then, reboot in Normal Mode.


----------



## Mackoo (Jul 17, 2003)

OK thanks I will try this tomorrow.


----------



## Mackoo (Jul 17, 2003)

OK I got into the Safe Mode but everything is up close and not sure if I am missing anything on the screen. Anyway when I got to the step to add object it gives me the message Name not found correct object information & search again. What exactly should I be putting on that line. I used 2 different ones and both give the same message? Did I miss a step?

Also I noticed it won't let me sign on to get online is this common?


----------



## Phantom010 (Mar 9, 2009)

The purpose of running in Safe Mode was to display the Security tab of file or folder Properties, so you could take ownership of the HijackThis installer.


----------



## Phantom010 (Mar 9, 2009)

Are you able to run any .exe files on your computer?

If you're having trouble getting programs opened, try this reg file. Save it to your desktop and double-click on it to merge it to your registry.

Try HijackThis again.


----------



## Mackoo (Jul 17, 2003)

Not sure what you mean or if I am able can you give it in laymans terms?


----------



## Mackoo (Jul 17, 2003)

I downloaded and ran that file but when I click on hijackthis the screen install shows up and when i click it nothing happens and the screen disappears darn luck..


----------



## Phantom010 (Mar 9, 2009)

I'm not sure what to try anymore. This is beginning to smell like malware!

Perhaps you should click on the *Report* button and kindly ask for a Malware Removal expert's advice.


----------



## Mackoo (Jul 17, 2003)

OK thanks I'll try that thanks for the time.


----------



## Cookiegal (Aug 27, 2003)

Try renaming the HijackThis.exe (not the shortcut on your desktop) to puppy.exe then double-click on the puppy.exe file to see if you can run HijackThis.


----------



## Mackoo (Jul 17, 2003)

OK let me give it a try.


----------



## Mackoo (Jul 17, 2003)

I can see this log being made but the darn thing disappears then when I try to open it after renaming it won't let me open.


----------



## Mackoo (Jul 17, 2003)

Just to make sure here. The hijackthis file runs as I see it making the log but it disappears quickly doesn't stay in my view until I see the icon on my desktop. It's there where it won't let me open.


----------



## Mackoo (Jul 17, 2003)

Not sure if this will help any but I was able to run the OTL oldtimers software that gave a log that shows files created the last 30 days I believe. I can post if this will help.


----------



## Mackoo (Jul 17, 2003)

I ran catchme and got this log but was unsuccessful in opening the OTL log. Whatever I have it's a booger. Hope this log helps some.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 15:32:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SKYNETvxujeuht]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\SKYNETkosiempq.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SKYNETvxujeuht\main]
"aid"="10096"
"sid"="0"
"cmddelay"=dword:00001c20

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SKYNETvxujeuht\modules]
"SKYNETrk.sys"=""
"SKYNETcmd.dll"=""
"SKYNETlog.dat"="\systemroot\system32\SKYNETjkwnypwc.dat"
"SKYNETwsp.dll"=""
"SKYNET.dat"="\systemroot\system32\SKYNETrjawyxly.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETvxujeuht]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\SKYNETkosiempq.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETvxujeuht\main]
"aid"="10096"
"sid"="0"
"cmddelay"=dword:00001c20

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETvxujeuht\modules]
"SKYNETrk.sys"=""
"SKYNETcmd.dll"=""
"SKYNETlog.dat"="\systemroot\system32\SKYNETjkwnypwc.dat"
"SKYNETwsp.dll"=""
"SKYNET.dat"="\systemroot\system32\SKYNETrjawyxly.dat"

scanning hidden registry entries ...

scanning hidden files ...


----------



## Mackoo (Jul 17, 2003)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


----------



## Cookiegal (Aug 27, 2003)

You have a rootkit so let's go right to this.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Mackoo (Jul 17, 2003)

OK Cookiegal thanks.

I just wanted to make note of this before I run the Combofix. 

When I ran the GMER it had stopped early in the run and gave the message I had a system change and this was in red> system32\drivers\SKYNETmxdupqlx.sys. Earlier I had also noticed other items in red but that had the word global and it was muliple but when I returned to my computer for the end copy it had disppeared.

I will try and run the combofix.


----------



## Cookiegal (Aug 27, 2003)

Yes, that's part of the rootkit infection.


----------



## Mackoo (Jul 17, 2003)

When I went to run the Combofix it said some files were corrupt and I should try and install a fresh copy. 

I will restart and see if I can reinstall and try a again.


----------



## Mackoo (Jul 17, 2003)

Here is the Combofix log. Neat little program to watch. I'll be back to post the Hijackthis log unless I have problems.

ComboFix 09-09-17.04 - Billy 09/17/2009 19:55.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.205 [GMT -5:00]
Running from: c:\documents and settings\Billy\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\HijackThis.exe
c:\windows\hosts
c:\windows\system32\drivers\SKYNETkosiempq.sys
c:\windows\system32\ntSVc.ocx
c:\windows\system32\SKYNETjkwnypwc.dat
c:\windows\system32\SKYNETrjawyxly.dat

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected 
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected 
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNETvxujeuht
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_SKYNETvxujeuht

((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-17 02:45 . 2009-09-17 02:45	--------	d-----w-	c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-17 02:45 . 2009-09-17 02:45	--------	d-----w-	c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-16 18:00 . 2009-09-16 18:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\SITEguard
2009-09-16 17:58 . 2009-09-16 17:58	--------	d-----w-	c:\program files\Common Files\iS3
2009-09-16 17:58 . 2009-09-16 18:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-16 17:26 . 2003-08-27 15:29	65536	----a-w-	c:\windows\wanmpsvc.exe
2009-09-16 17:26 . 2003-01-10 21:13	33588	----a-r-	c:\windows\system32\drivers\wanatw4.sys
2009-09-16 15:37 . 2009-07-08 18:44	40552	----a-w-	c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:37 . 2009-07-08 18:44	79816	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:37 . 2009-07-08 18:44	35272	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:37 . 2009-07-16 17:32	120136	----a-w-	c:\windows\system32\drivers\Mpfp.sys
2009-09-16 15:37 . 2009-09-16 15:37	--------	d-----w-	c:\program files\Common Files\McAfee
2009-09-16 15:37 . 2009-09-16 15:37	--------	d-----w-	c:\program files\McAfee.com
2009-09-16 15:36 . 2009-09-17 22:58	--------	d-----w-	c:\program files\McAfee
2009-09-16 15:33 . 2009-07-08 18:43	34248	----a-w-	c:\windows\system32\drivers\mferkdk.sys
2009-09-16 02:30 . 2005-12-08 12:18	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Musicmatch
2009-09-16 02:30 . 2005-12-08 12:18	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Wildtangent
2009-09-16 02:30 . 2009-09-16 14:49	--------	d-s---w-	c:\documents and settings\Administrator
2009-09-16 00:37 . 2009-09-18 00:54	--------	d--h--w-	c:\windows\PIF
2009-09-15 22:45 . 2009-09-15 22:45	--------	d-----w-	c:\program files\Trend Micro
2009-09-15 19:55 . 2009-05-07 07:04	157712	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-09-14 20:31 . 2009-09-14 20:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Cached Installations
2009-09-13 18:51 . 2009-09-13 18:51	--------	d-----w-	c:\documents and settings\Billy\Application Data\Malwarebytes
2009-09-13 18:50 . 2009-09-13 18:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 22:13 . 2009-09-16 17:04	--------	d-----w-	c:\program files\Windows Live Safety Center
2009-09-09 20:15 . 2009-09-16 15:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2009-09-09 13:57 . 2009-06-21 21:44	153088	------w-	c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 02:41 . 2006-01-13 20:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-17 02:40 . 2006-01-13 20:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-09-16 17:46 . 2008-03-25 22:31	--------	d-----w-	c:\program files\AOL 9.1
2009-09-16 17:30 . 2005-12-08 12:11	--------	d-----w-	c:\program files\Common Files\aolshare
2009-09-16 02:32 . 2009-09-16 02:32	--------	d-----w-	c:\documents and settings\Administrator\Application Data\AOL
2009-09-15 22:41 . 2009-05-09 22:12	--------	d-----w-	c:\program files\Startup Inspector for Windows
2009-09-10 22:03 . 2007-07-24 20:58	95616	----a-w-	c:\windows\junction.exe
2009-09-10 00:34 . 2005-12-08 12:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\AOL
2009-08-22 21:26 . 2005-12-08 12:06	--------	d-----w-	c:\program files\Java
2009-08-05 09:01 . 2004-08-10 18:51	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2009-05-27 15:25	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 18:50	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 18:51	286720	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-08 18:44 . 2009-07-08 18:44	214024	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-10 18:51	915456	----a-w-	c:\windows\system32\wininet.dll
2006-12-30 02:52 . 2005-12-16 03:44	61038	-c--a-w-	c:\program files\mozilla firefox\components\jar50.dll
2006-12-30 02:52 . 2005-12-16 03:44	49256	-c--a-w-	c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-30 02:52 . 2005-12-16 03:44	166000	-c--a-w-	c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-27 01:34 . 2009-01-27 01:34	1044480	-c--a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34	200704	-c--a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-08-08 15:39 . 2005-12-10 15:53	104	--sh--r-	c:\windows\system32\689939F7A6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HostManager"="c:\program files\Common Files\AOL\1151009164\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151009164\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-16 02:26]

2009-09-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-16 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=toolbar
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=16315
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\ye8lsme9.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-AOL Toolbar 5.0 - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(424)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\Smartbox.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
c:\windows\system32\jscript.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\msiexec.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-09-18 20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 01:28

Pre-Run: 25,757,700,096 bytes free
Post-Run: 26,304,237,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

249	--- E O F ---	2009-09-17 20:00


----------



## Mackoo (Jul 17, 2003)

The Hijackthis program just sits and does nothing after downloading ummmm just like it did before.


----------



## Mackoo (Jul 17, 2003)

It's OK, I talked it into working  here is the log.

Mackoo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:21 PM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\4WGXCZ0J\HijackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16315
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151952784015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8789 bytes


----------



## Mackoo (Jul 17, 2003)

Not sure if it was to soon but tried the McAfee scan and still the same message pops up. Reckon I should uninstall and reinstall?


----------



## Cookiegal (Aug 27, 2003)

If you have the media to do so then I would suggest that you do that. 

Afterwards, please reboot and then post a new HijackThis log.


----------



## Mackoo (Jul 17, 2003)

I should be able sense I get the Mcafee free from AOL. I will try it and do another Hijackthis log.


----------



## Cookiegal (Aug 27, 2003)

OK but check first to be sure before uninstalling it.


----------



## Mackoo (Jul 17, 2003)

OK I was able to uninstall and install the McAfee software. I ran a quick scan and success! I am presently running full scan in background and at 23% complete.

Here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:47 PM, on 9/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16315
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151952784015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0013231253382361) (0013231253382361mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Billy\LOCALS~1\Temp\001323~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8830 bytes


----------



## Mackoo (Jul 17, 2003)

McAfee scan currently at 53% so far working good!


----------



## Mackoo (Jul 17, 2003)

OK, McAfee scanned 100% complete.

Found 1 (one) Trojan-file name Generic.dx! fes it's been Quarantined


----------



## Cookiegal (Aug 27, 2003)

What was the name of the file that McAfee found and the entire path to it's location please?


----------



## Mackoo (Jul 17, 2003)

It gave the name Generic.dx! fes but not sure how to recall that information up again but I know it's quarantined.


----------



## Cookiegal (Aug 27, 2003)

Generic is probably based on heuristics and may even be a false positive.

Check your logs for the information please.


----------



## Mackoo (Jul 17, 2003)

OK I located it. 

Detection name: Generic.dx! fes

File: C:\QooBox\QUARANTINE\C\WINDOWS\SYSTEM32\EVENTLOG.DLL.VIR


----------



## Mackoo (Jul 17, 2003)

That is whats on the log actually gives the Generic.dxx! fes twice.


----------



## Mackoo (Jul 17, 2003)

Mackoo said:


> That is whats on the log actually gives the Generic.dxx! fes twice.


Correction Generic.dx! fes


----------



## Cookiegal (Aug 27, 2003)

I thought it would be something like that. It's a file that has already been quarantined by ComboFix so no longer a threat.

How are things now?


----------



## Mackoo (Jul 17, 2003)

Everything appears fine Cookiegal...... BIG HUG TO YOU!! Thank you so much for you help!! 

Is there a definite way to know if I am completely clean of this booger or a software that is free that will prevent this Rootkit from possibly reinfesting my computer?

I have been online since 98 and used dialup until a few months ago and never had a Rootkit but when I went to cable Internet I get one ( scratching head)

I do remember a blue screen popping up that had the message that I am seeing this screen because Windows is stopping possible damage to my computer and I should shut the computer down this was maybe a week or two ago. 

Previous to this my McAfee would keep popping up that I was not fully protected and I am figuring this Rootkit was making it's entrance while this was happening off and on maybe. I had to constantly go in to McAfee's and fix the problem by clicking fix.

So I am not sure but I may have gotten this my either email or a website that I accidently clicked on before it was to late for this cable is quick and you don't have a chance to make corrections before it's to late but I actually don't really know but it looks like anti virus software would have stopped it.

So far my computer is running quicker and I am still checking it out but scanning is OK now. 

Your thoughts?


----------



## Mackoo (Jul 17, 2003)

I did a little research on that Blue Screen I was posting about and I understand it's name is Blue Screen of Death and if I am correct that was the starting problem of my McAfee scan problems as I had been getting the pop up that my system isn't fully protected message but this was the first sign of problems before the Blue Screen of Death.

Just a thought.


----------



## Cookiegal (Aug 27, 2003)

They are referred to for short as BSODs and often they are caused by drivers/services installed by the rootkit.

I see you already have MalwareBytes installed. Please update it and run a full scan and post that log.


----------



## Mackoo (Jul 17, 2003)

Dang not sure what to think on this log

Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 3

9/20/2009 8:20:25 PM
mbam-log-2009-09-20 (20-20-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169046
Time elapsed: 1 hour(s), 23 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\spbho.tiebho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.

Files Infected:
C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.Ascentive) -> No action taken.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.


----------



## Mackoo (Jul 17, 2003)

It looks like my McAfees would have detected this.


----------



## Mackoo (Jul 17, 2003)

Not sure if this is due to what was found on the last log but I find I have to hit refresh to get pages to either open or they don't open at all or I get the message .*The web address you entered is not available and A 50x server error was received attempting to serve your request, indicating that either the server is currently unable to handle the request or the request timed out waiting for a response. The error may have been due to a temporary issue and therefore you could try to access the web address again.* Waiting until today still the same results same message.

Mackoo


----------



## Mackoo (Jul 17, 2003)

I am not sure what going on but I was able to view pages but then it started popping up that message again. It seems to be running smooth then bam! The message pops up.


----------



## Cookiegal (Aug 27, 2003)

What site are you trying to access when you get that message?

Did you have MalwareBytes take action on what it found?


----------



## Mackoo (Jul 17, 2003)

Yes I had it fix what was found this morning. 

It is a Ford message board. It opens then it will pop the message up when I least expect it. I see the page open then quickly it closes to the message is the best I can explain this I am going to watch it it might be traffic too not sure.


----------



## Mackoo (Jul 17, 2003)

I have noticed something but not sure if it's anything important.

I noticed everytime I get ready to sign off I have a microsoft update to download this has to be about the 4th or 5th so far and just a minute ago when I came here the page opened but hung as I saw down below the word Waiting For it just wouldn't open for me to write this now. I ended up having to restart to get it to open.

Maybe it's my AOL software or explorer settings or something.


----------



## Cookiegal (Aug 27, 2003)

If it's only the one site then it may be the site experiencing problems.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Mackoo (Jul 17, 2003)

OK while I was waiting on your reply I checked in with AOL tech support and so far it looks like my webpages are opening OK without the error message. 

According to them it was something to do with my tunneling being turned off and it needed turned on. Not sure what that all means but it's working find at the moment.

I had yet another Microsoft update again it's always 1 update waiting for me to download before I shut down my computer. Is this normal?

Anyway, it's your call in what you want me to do next. If you feel this is resolved then I will click the resolve button and call it success story.. 

Mackoo


----------



## Cookiegal (Aug 27, 2003)

Can you tell me which update that is? I believe there were some problems like that recently with one particular update.


----------



## Mackoo (Jul 17, 2003)

It's the Windows Serurity Center updates. I went in and changed it to automatic updates on Wednesdays and see what happens instead of everytime I shut down.

Does this sound right to you doing it this way?

Mackoo


----------



## Cookiegal (Aug 27, 2003)

I know it's a windows update but I need to know which one please.


----------



## Mackoo (Jul 17, 2003)

How do I find out which one it is?


----------



## Cookiegal (Aug 27, 2003)

Does it not indicate what it's trying to download?

Try going to Windows Update manually via Tools - Windows Updates and see if there are any critical updates to be installed and if so install them. Then reboot the machine.

Then go back to Windows Update and check your update history and let me know if any show as failed please.


----------



## Mackoo (Jul 17, 2003)

*OK I think I see the problem but don't know how to solve it as it says installation complete each time I install it.

Notice The Malicious Software Removal Tool? It keeps asking to download even as I type this and I do but it keeps doing it over and over like it's hung up or something wierd.*

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Saturday, September 26, 2009 Microsoft Update

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Saturday, September 26, 2009 Automatic Updates

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Saturday, September 26, 2009 Microsoft Update

Windows XP Update for Windows XP (KB968389) Saturday, September 26, 2009 Microsoft Update

Windows XP Windows Genuine Advantage Validation Tool (KB892130) Saturday, September 26, 2009 Microsoft Update

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Friday, September 25, 2009 Automatic Updates

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Thursday, September 24, 2009 Automatic Updates

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Wednesday, September 23, 2009 Automatic Updates

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Wednesday, September 23, 2009 Automatic Updates

Windows XP Windows Malicious Software Removal Tool - September 2009 (KB890830) Tuesday, September 22, 2009 Automatic Updates


----------



## Mackoo (Jul 17, 2003)

Restarting doesn't help plus I checked my install and uninstall programs list and it's not listed.


----------



## Mackoo (Jul 17, 2003)

The little yellow shield is telling me this morning updates are ready for my computer.

Seems fishy don't it bet it's part of that rootkit that wasn't detected maybe or something else.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Mackoo (Jul 17, 2003)

OK heres what I have let me know if I did this right. The only things I saw in red were below.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 9/26/2009
Time: 8:09:19 PM
User: NT AUTHORITY\SYSTEM
Computer:	B
Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 9/23/2009
Time: 5:23:24 PM
User: N/A
Computer:	B
Description:
Hanging application firefox.exe, version 1.8.20061.20612, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 66 69 72 65 66 6f firefo
0018: 78 2e 65 78 65 20 31 2e x.exe 1.
0020: 38 2e 32 30 30 36 31 2e 8.20061.
0028: 32 30 36 31 32 20 69 6e 20612 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000


----------



## Mackoo (Jul 17, 2003)

Was trying to figure 48 hours thats 2 days so this would below as well.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/25/2009
Time: 9:56:31 AM
User: N/A
Computer:	B
Description:
The McAfee SystemGuards service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/25/2009
Time: 9:56:31 AM
User: N/A
Computer:	B
Description:
Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and download the MS Malicious Software Removal Tool and then reboot the machine. Let's see if that works. I see it has for someone else.

http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en


----------



## Mackoo (Jul 17, 2003)

I get it on my desktop click it to run and nothing happens.


----------



## Mackoo (Jul 17, 2003)

To be more specific when I click the file to Run I will see the extraction bar on my screen but then it disappears.


----------



## Cookiegal (Aug 27, 2003)

Let's take a look at the Windows Update log that might give us some clues. You will find it at the following location. You can upload it as an attachment as it will be too long to fit in one post.

C:\Windows\Windowsupdate.log


----------



## Mackoo (Jul 17, 2003)

How do I upload this file?


----------



## Cookiegal (Aug 27, 2003)

Below the reply dialog box click on Manage Attachments and then click on Browse to locate the file on your computer and click Open then click Upload and submit the reply.


----------



## Mackoo (Jul 17, 2003)

Do I save this file first as I can't find it in my documents if thats the place it would be found if I saved it?


----------



## Mackoo (Jul 17, 2003)

I saved it but I got the following message after I uploaded did I do something wrong? 

Windowsupdate.log:
Your file of 1.68 MB bytes exceeds the forum's limit of 500.0 KB for this filetype


----------



## Mackoo (Jul 17, 2003)

I notice I can't open to view documents or pictures now in windows but I can view pictures in my picture finder I believe thats aol.

At least I still can run a full McAfee scan though.


----------



## Mackoo (Jul 17, 2003)

Hope Cookiegal is OK I noticed no post since Sept 30th.

Anyway, no hurry my computer is running OK just that darn Windows update problem.


----------



## Cookiegal (Aug 27, 2003)

Please forgive the delay in replying but I've had connection problems for several days and wasn't able to get on-line at all until now. 

Can you zip that log file up and then attach it please?


----------



## Mackoo (Jul 17, 2003)

How do I zip it after I find it or upload? I don't see it anywhere.


----------



## Cookiegal (Aug 27, 2003)

If you don't have something like WinZip, then you can use the built-in XP compression utility. Simply right-click on the file and then select "Send to" and then select the compression option. It will create a file with the same name but with a .zip extension.


----------



## Mackoo (Jul 17, 2003)

Did it send?

I put in in zip opened and click upload but not sure if it sent.


----------



## Mackoo (Jul 17, 2003)

OK I see the attachment on my reply.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Mackoo (Jul 17, 2003)

Here ya go.

Mackoo

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar 
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Banctec Service Agreement
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center
DellSupport
Digital Content Portal
Digital Line Detect
DivX
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Updater (AOL LLC)
EducateU
ESET Online Scanner v3
Get High Speed Internet!
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Photo and Imaging 2.0 - All-in-One
InstallMgr
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Works 2000
Modem Helper
Mozilla Firefox (1.5.0.9)
MSN
MSN Toolbar
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
MyWay Search Assistant
NetWaiting
NetZeroInstallers
OpenOffice.org Installer 1.0
Photo Click
PowerDVD 5.9
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Soft Voice SoftRing Modem with SmartSP
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 16*.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 16 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with *Java Runtime Environment, JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

These are the older versions of Java that you need to uninstall via the Control Panel:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Also, uninstall these:

MyWay Search Assistant
Viewpoint Media Player

After doing all of the above, please post a new HijackThis log.


----------



## Mackoo (Jul 17, 2003)

OK quick question. Am I supposed to create my own directory for the download to go into as it says the Sun or some name isn't there for it to go into?

If so, do I created it as Admin and put it in my name as well as make a password? 

Once I get this solved I will do a hijackthis log.

Mackoo


----------



## Cookiegal (Aug 27, 2003)

No, you just download the executable file to your desktop and then run the installer from there and follow the prompts.


----------



## Mackoo (Jul 17, 2003)

OK let me try this again I think I boo boo.


----------



## Mackoo (Jul 17, 2003)

OK here we go.

Mackoo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:15 PM, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Billy\Desktop\System check HJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16315
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151952784015
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8614 bytes


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## Mackoo (Jul 17, 2003)

Still downloading or the same waiting for me when I sign off or turn my computer off.


----------



## Cookiegal (Aug 27, 2003)

it sounds like some program is not releasing the registry so I would try downloading the MS Hive Cleanup utility that normally helps with this problem.

http://www.microsoft.com/downloadS/...6d-8912-4e18-b570-42470e2f3582&displaylang=en

Let me know how that goes please.


----------



## Mackoo (Jul 17, 2003)

OK that did the trick. I then went to Microsoft updates and I have a list of 11. Should I proceed and update these 11?


----------



## Mackoo (Jul 17, 2003)

OK, I went back and took a look at the importance of those updates and did the updates anyway. I had several that were security related and I got the Microsoft Malious tool installed but don't know where to look for it to run it if that is how the tool works.

Anyway, the yellow shield is no longer telling me I have updates so that is fixed congradulation!

Now I can't figure why I can't open my documents in my documents folder. When I click on them it just sits with no activity. I had this problem on my old computer and forget how I got it corrected as it had the same behaviour.

Also. *I would like to compensate you or the Tech Support Guy forum. I donated a few years ago but have forgotten how I went about doing it. You have spend alot of time on my problem and I am truly grateful plus I am not one to take advantage of anyones generosity and kind spirit. *


----------



## Mackoo (Jul 17, 2003)

I went back to updates and the Malicious Software Removal Tool is the one that is available to update and install once I have done that the first time I restart the computer but as you see from the list it shows it's installed but where?....but again the yellow shield or when I shut down nothing there now is telling me I have updates so that part is fixed.

Mackoo

*Windows XP Windows Malicious Software Removal Tool - October 2009 (KB890830) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Windows Malicious Software Removal Tool - October 2009 (KB890830) 
Wednesday, October 14, 2009 Microsoft Update *

Windows XP Security Update for Windows XP (KB969059) Wednesday, October 14, 2009Microsoft Update 
Windows XP Security Update for Windows XP (KB958869) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Security Update for Windows XP (KB971486) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Security Update for Windows XP (KB974112) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Security Update for Windows XP (KB974571) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Security Update for Windows XP (KB975025) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155) Wednesday, October 14, 2009 Microsoft Update 
Windows XP Security Update for Windows 2000, Windows XP and Windows 2003 (KB969878) Wednesday, October 14, 2009 Microsoft Update


----------



## Mackoo (Jul 17, 2003)

Ok this morning I had the yellow shield telling me I have updates to install so I do. I then go back to Microsoft updates and there it is again the Malicious tool telling me I need to update... truly puzzling..

Mackoo


----------



## Cookiegal (Aug 27, 2003)

The MS malicious tool doesn't have to be run by you, it runs when it's downloaded and there is no user intervention required.

This update problem is puzzling. I'll have to do more digging. Is that the only problem remaining?


----------



## Mackoo (Jul 17, 2003)

OK. 

Yes, I see the yellow shield again ready for me to download this tool plus can't open documents or pictures I have in My Documents. I had that problem on my old computer seemed a easy fix but fogot how to correct it.

There is no hurry on this problem.


----------



## Cookiegal (Aug 27, 2003)

What program are you using to create documents?


----------



## Mackoo (Jul 17, 2003)

Not sure but it's what came with the computer but it's called My Documents..Let's say for example if someone sends me a document I save it to My Documents. Or I may save a photo or even save a program there to open later but since the rootkit problem showed up I am unable to open anything in there it acts like it will but don't.

Hope that helps.


----------



## Mackoo (Jul 17, 2003)

OK I was able to fix my document viewing problem..

I went back way back to all my old computer fix notes and reinstalled the windows fax viewer by.... Run and then typing in regsvr32 /i shimgvw.dll this restalled the Windows Pictures Fax Viewer and now is working find I know it was a simple fix.

So the only problem remaining is the windows tool download issue which is really puzzling and I now see that yellow shield telling me updates are ready and I know if I click on it i'll have to do the same later over and over.


----------



## Cookiegal (Aug 27, 2003)

Let's take a look at the Malicious Software Removal Tool log which might give some clues.

It should be at the following location:

C:\Windows\Debug\*mrt.log*

You can open it with Notepad and copy and paste it here if not too long or othersie attach it.


----------



## Mackoo (Jul 17, 2003)

Here you go.

Mackoo

Microsoft Windows Malicious Software Removal Tool v1.10, November 2005
Started On Sun Dec 11 15:53:45 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 11 15:54:07 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.11, December 2005
Started On Fri Dec 16 09:45:51 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 16 09:46:06 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.12, January 2006
Started On Tue Jan 10 18:11:00 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 10 18:11:23 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.12, January 2006
Started On Tue Jan 10 19:38:13 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 10 19:48:52 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.13, February 2006
Started On Fri Feb 17 19:48:47 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 17 19:49:06 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.14, March 2006
Started On Thu Mar 16 13:59:00 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 16 13:59:22 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.15, April 2006
Started On Tue Apr 11 22:12:25 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 11 22:12:40 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.16, May 2006
Started On Wed May 10 22:04:09 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 10 22:04:23 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.17, June 2006
Started On Thu Jun 15 19:53:36 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 15 19:53:55 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.18, July 2006
Started On Thu Jul 13 15:00:24 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 13 15:00:44 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
Started On Wed Aug 09 12:51:28 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 09 12:51:37 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
Started On Wed Aug 09 16:52:26 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 09 16:52:43 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.20, September 2006
Started On Wed Sep 13 15:00:22 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 15:00:33 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Sat Oct 14 19:54:28 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 14 19:54:47 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Sat Nov 18 21:41:03 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 18 21:41:19 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Thu Nov 23 14:08:19 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 23 14:08:38 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Thu Dec 14 15:00:26 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 14 15:00:51 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Sat Jan 13 11:56:45 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 13 11:57:10 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Sun Feb 18 15:01:11 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 18 15:01:30 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Thu Mar 15 15:01:14 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 15:01:31 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Thu Apr 12 11:54:59 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 11:55:26 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Tue May 08 21:06:51 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 08 21:07:51 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Tue Jun 12 21:10:54 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 12 21:11:54 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Wed Jul 11 15:01:06 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 15:02:00 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Wed Aug 15 15:02:39 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 15:05:00 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Thu Sep 13 14:52:57 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 13 14:54:22 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Thu Oct 11 12:17:03 2007
->Scan ERROR: resource process://pid:3148 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:3148 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 12:18:35 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Wed Nov 14 16:05:36 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 16:07:02 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Wed Dec 12 19:48:58 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 19:49:58 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Wed Jan 09 14:03:33 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 14:04:32 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Thu Feb 14 10:11:44 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 10:12:46 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Tue Mar 11 18:23:57 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 11 18:25:27 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Tue Apr 08 19:54:32 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 08 19:55:46 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Sat Apr 19 16:10:34 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 19 16:11:52 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
Started On Fri May 16 15:55:14 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 16 15:56:44 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
Started On Wed Jun 11 15:03:03 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 15:04:38 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
Started On Wed Jul 09 11:53:52 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 11:55:36 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.1, August 2008
Started On Wed Aug 13 18:11:00 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 18:12:26 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Wed Sep 10 13:44:19 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 13:46:11 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Wed Oct 15 21:14:07 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 21:15:21 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
Started On Thu Nov 13 10:17:05 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 10:18:32 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.5, December 2008
Started On Thu Dec 11 16:27:49 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 16:29:25 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Wed Jan 14 18:11:46 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 18:13:14 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.7, February 2009
Started On Tue Feb 10 21:04:10 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 10 21:05:47 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
Started On Sun Mar 15 12:33:19 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 15 12:35:21 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
Started On Wed Apr 15 11:15:02 2009
Security policy adjusted. Engine requests reboot and try again, ignoring.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 15 11:17:04 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Wed May 13 10:23:04 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 10:24:50 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Wed May 13 15:03:27 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 15:04:51 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Wed Jun 10 18:05:37 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 10 18:09:52 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.12, July 2009
Started On Wed Jul 15 13:27:37 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 15 13:30:01 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.13, August 2009
Started On Wed Aug 12 14:31:11 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 12 14:32:55 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Wed Sep 09 10:45:17 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.


----------



## Mackoo (Jul 17, 2003)

Something happen September 9 nothing else after that date.

I wonder if I Disable the McAfee and see what happens? Then after it's installed if it installs then Enable McAfee just a thought.


----------



## Cookiegal (Aug 27, 2003)

Yes, I would give that a shot. I hear McAfee has some compatibility issues with some programs that can cause issues.


----------



## Mackoo (Jul 17, 2003)

OK I tried it and not resolved.

The thing is it looks like this tool had been installed but something happened September 9th that caused this constant update message.

Being I was able to update my other windows updates with no problems unless this constant update message is doing harm to my computer in anyway I can live with it but sure would want to know what is causing it if you find out the cause.

So I will leave this up to you but if you have other pressing issues to attend too by all means take care of them first and I will stop back now and then and see if anything new developes. 

It's your call.


----------



## Cookiegal (Aug 27, 2003)

I suggest you contact Microsoft about this. I understand they don't charge for support regarding updates but be sure to establish that up front.

This is the telephone number: 1-866-PCSAFETY

Let me know how that goes please.


----------



## Mackoo (Jul 17, 2003)

OK thanks Cookiegal I'll give it a try.


----------



## Cookiegal (Aug 27, 2003)

I'll be waiting to hear the result and hopefully the solution.


----------



## Mackoo (Jul 17, 2003)

OK I have called the number two times and the waiting time is really long as they say it's due to malware issues.

The recording also mentions running the Microsoft full scan in which I used back when this first started but I am currently running it again for good measure.

I will continue to call and hopefully get a live person early instead of waiting. Waiting over an hour is just to long taking me from other important duties of the day.

As soon as I find out something I will definitely let you know.

Again thank you so much for your time and patient with this issue. 

Mackoo


----------



## Mackoo (Jul 17, 2003)

I ran that Microsoft scan and it found problems and fixed them and said my computer is clean and secure.

The yellow shield once again pops up telling me updates need installed and on and on it goes still not fixed.

My computer a Dell didn't come with the CD as it says I have restore options build in.... I would hate it if the only way to stop this and fix it is do a total reinstall of Windows XP and I don't have the CD to do so . 

I am still trying Microsoft live support..


----------



## Mackoo (Jul 17, 2003)

OK, I was able to talk with live support. I let them take control of my desktop he fixed a few corrupt files tried it and the same results little yellow shield ask to install updates..

He said this is a common problem and he will have someone tomorrow between 2 and 5 pm contact me to try again to fix the problem.

I will keep you posted but if someone else has this problem it is best to direct them like you have to Microsoft live support as it's not a easy fix and it would be hard for me to explain all the steps it takes to correct the problem. I do know he mentioned corrupt files but him restoring them apparently that didn't solve it either.

I have decided to name that little yellow shield Ol' Yeller '-)

Mackoo


----------



## Cookiegal (Aug 27, 2003)

That's great. I'm sure they will be able to resolve it.

Are there any other remaining problems?

If not, please post one last HijackThis log so I can be sure all is fine there.


----------



## Mackoo (Jul 17, 2003)

OK problem solved.

Microsoft tech ran Sophos Anti Rootkit and surprisely found more virus and rootkit issues that were preventing installation of the Microsoft tool apparently the other rootkit software missed them and went undetected. Took about 3 hours this round today just got through..

Here is the Hijackthis log you asked for. So far I see no further issues remaining thank you again for all your help and patients.

Mackoo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:24 PM, on 10/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16315
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151009164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151952784015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAD444D-2E8D-4709-8143-5ECF98589540}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8763 bytes


----------



## Cookiegal (Aug 27, 2003)

Can you please post the Sophos log so we can see what it detected.


----------



## Mackoo (Jul 17, 2003)

I still have the list but can't copy and paste it won't let me any suggestions?

I guess this software is the software that was trying to install and he manually installed it so I have it now to use when I need it.


----------



## Cookiegal (Aug 27, 2003)

What is the file format of the report? Perhaps you can do a screenshot?


----------



## Mackoo (Jul 17, 2003)

I was thinking about a screen shot but how do I determine the format?

I ran the software again and I had a list but most were files that are not recommended for deletion.

Anyway let me know and I will try a screen shot for you.

Also I notice regardless if I right or left click on the log nothing happens. 

Mackoo


----------



## Cookiegal (Aug 27, 2003)

Mackoo said:


> I was thinking about a screen shot but how do I determine the format?


What program are you using to view it? Or is it from within the program itself?



> I ran the software again and I had a list but most were files that are not recommended for deletion.


 Running it again should not turn up the same files or that would mean the infection is not gone.

To take a screenshot: have what you want to copy displayed on your screen then hit the Print Screen key (it might be marked Prt Scrn or some variant of that) and isusually found across the top of the keyboard to the right of the regular letter keys. You won't see anything happen but it copies an image of your screen. Then go to Start - All Programs - Accessories and select Paint to open that program. Now click on Edit and "Paste" and the image will appear in MS Paint. Now you just have to save the image and upload it here.

To upload the image: below the reply dialog box, click on Manage Attachments and and then "Browse" to locate the file on your computer. When you have it, click on Open and then "Upload" and finally submit your reply.


----------



## Mackoo (Jul 17, 2003)

OK I believe I done this right..

Let me try again.


----------



## Mackoo (Jul 17, 2003)

I keep getting this message>Sophos Anti-rootkit Log.bmp:
Upload of file failed.


----------



## Mackoo (Jul 17, 2003)

I have tried a couple more times and the same message.


----------



## Cookiegal (Aug 27, 2003)

It's probably too large then. Does it that at the top when trying to upload it?


----------



## Mackoo (Jul 17, 2003)

Yeah, I have tried it several times and the same message..


----------



## Mackoo (Jul 17, 2003)

I did notice that for the first time in awhile maybe last month that my McAfee updates and runs like it is supposed to on every Friday and where I have stopped getting the message my computer isn't fully portected.

I am running a new fresh full Sophos Anti-Rootkit scan now and when it's through I will copy and paste it here so you can take a look at what items it list.

Hopefully it will let me copy and paste.

Mackoo


----------



## Mackoo (Jul 17, 2003)

I am only able to copy and past one at a time but this is what it looks like for this particular file and what it says. Notice it says clean up not recommended for this file..this is the same for all of them. If I went a head and cleaned all of them with this message I am afraid I would remove an important file(s) no?

What do you think?

Mackoo

Area:	Local hard drives
Description:	Unknown hidden file 
Location:	C:\Documents and Settings\Billy\Desktop\Combo-Fix.exe
Removable:	Yes (but clean up not recommended for this file)
Notes:	(no more detail available) 

Removable: Yes (but clean up not recommended for this file) These files are not automatically marked for removal.

Sophos does not recognize these files and recommends that you do not remove them.

If you are unsure what to do about some of these files, follow the instructions in Technical Support to send the log and archive files to Sophos for further analysis.


----------



## Cookiegal (Aug 27, 2003)

That is a file that belongs to ComboFix so it's normal that scanners would detect it but it's not malicious. The Sophos log I wanted to see was the one the technician had you run that removed the problem rootkit.


----------



## Mackoo (Jul 17, 2003)

Yes I know that I was just giving you an example of whats on it now since I am unable to get the log he had copied and pasted here.

Mostly what shows up now is no treats.

If you can figure another way I will try and post it here.

Mackoo


----------



## Mackoo (Jul 17, 2003)

I tried again to upload the log you want and still nothing.

Mackoo


----------



## Cookiegal (Aug 27, 2003)

Try resaving it as a jpg or jpeg file and then see if you can upload it.


----------



## Mackoo (Jul 17, 2003)

Still the same message.

The log doesn't look long but it's wide if that makes any sense.

Mackoo


----------



## Mackoo (Jul 17, 2003)

Something else I have noticed since this fix.

You know how you can go between your screen names like AOL has up to 7 one can use. Well, for as long as I can remember and it's been awhile maybe a year now that when I would be viewing a page on screen name number 2 and then decide to switch over to screen name 1 the information I had on that screen name or was viewing information was still available at the bottom if I wanted to click on the tool bar or whatever it's called to bring it back up.

This had been going on for awhile but never thought much about it and bet this Rootkit or whatever did a number on my AOL software or on the Internet Explorer or whatever is responible for such behavior.

I know now it doesn't do it anymore.

What are you thoughts on this if any?


----------



## Cookiegal (Aug 27, 2003)

I don't know about the AOL stuff. Perhaps uninstalling and reinstalling it will correct it.

Try resizing the image that you're trying to upload as it seems it's too big.


----------



## Mackoo (Jul 17, 2003)

It's already corrected thats what I was talking about that I noticed and now it's not doing it anymore when I change screen names so not sure what was responsible but whatever Microsoft tech did it corrected the AOL problem.

I already tried to resize still the same result as in making the box smaller.

What I mean by wide is several files may look like this>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA this is not the actual file characters of coarse but whatever the characters of the file they might be several wide... it's wide not long as in many files listed from top to bottom. 

Looks like it would upload >files size>.2.25 MB (2,359,350 bytes) is this a big file?


----------



## Cookiegal (Aug 27, 2003)

Yes it is. There should be a way to get the report in text form but I don't have the program to run it and see.

In any event, there doesn't seem to be any more for us to do unless you're still having problems.


----------



## Mackoo (Jul 17, 2003)

Everything so far is excellent Cookiegal my McAfees is updating and running like it should so I would say it's a fix. Just feel bad I can't get the file to you so you can see what it was on my computer that kept the Microsoft tool from installing.

Again the fix wouldn't have happen without you and the Techsupportguy forum.

Thank you so much for your time and energy in solving my issue I am truly grateful.:up:

Mackoo


----------



## Cookiegal (Aug 27, 2003)

That's OK and you're welcome. The important thing is you're running smoothly now. 

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

***

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they arent required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://www.systemlookup.com/lists.php?list=2
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php


----------



## Mackoo (Jul 17, 2003)

OK I got all you listed but have a question on start up list or the 04 listed on the Hijackthis log one file HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe the information confuses me the ctfmon.exe is either a windows good file or it's a drop off of a trojan so how do I know to either keep it or delete?


----------



## Cookiegal (Aug 27, 2003)

Judging by the location, size and date, it appears to be the legit file. Do you toggle back and forth between languages?


----------



## Mackoo (Jul 17, 2003)

English only.

Anyway, after I downloaded the spyware blaster I noticed I couldn't go between my AOL screen names without being logged off or having to reset the AOL adapter. 

When I enabled the blaster I was able to go between screen names again as normal. I couldn't find anywhere on the blaster to set or allow whatever it is that is preventing me from doing this when I have it set for protection.

Any clues on what to set it on or what it is? This seems like a great protection but thats the only problem I am having with that.


----------



## Cookiegal (Aug 27, 2003)

The ctfmon.exe file is likely part of this package:

Microsoft National Language Support Downlevel APIs

As for SpywareBlaster and AOL, I don't see any correlation as SpywareBlaster doesn't actually run, it just sets registry keys to block certain sites and activex controls. Since you said when you enable it there is no longer a problem then it would seem to no longer be an issue.


----------



## Mackoo (Jul 17, 2003)

I meant to write disable as in actually shutting the blaster down or off so I am not getting any protection from it for you have to set it to enable in order to get the full protection I believe.

I can't find anywhere on there if there is something I can set it on or whatever to get my protection and be able to go between screen names but can't find none actually it really doesn't make sense that the blaster would conflict but once I have shut it off disable without protection I am able to go between my AOL screen names which is an indication that yes the blaster is the problem unless I am over looking something.

Stumped to say the least.


----------



## Cookiegal (Aug 27, 2003)

It seems that McAfee and SpywareBlaster are uncompatible so you will have to uninstall SpywareBlaster.


----------



## Mackoo (Jul 17, 2003)

Are there any other software programs I might use?


----------



## Cookiegal (Aug 27, 2003)

You could install Spybot Search & Destroy and use the immunization feature and the hosts file.


----------



## Mackoo (Jul 17, 2003)

OK thanks. 

I use to have it installed good program. I will reinstall. 

I have marked my problem solved.

Again, thank you for your time and patient solving my problem.

Mackoo


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

