Please review the enclosed: I have followed each step as requested prior to posting.

The online scan indicated zero problems, Spybot indicated no problems - yet I'm still getting full screen pop ups with about every third being a reference and invite to install AVSystemcare?

It doesn't appear that I'm experiencing any other problems except the annoying pop-ups.

Logfile of HijackThis v1.99.1
Scan saved at 7:34:50 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Citrix\GoToMeeting\190\g2mstart.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
C:\Program Files\Citrix\GoToMeeting\190\g2mcomm.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7 HarmonyRemote.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Citrix\GoToMeeting\190\g2mlauncher.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\timpohlad\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cyclone:4445/default.aspx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\190\g2mstart.exe "/Trigger RunAtLogon"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?0&4&unknown&unknown&unknown&unknown
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/SW/ENU/VS40/bin/myCioAgt.20060504183849.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165530380406
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx/tts/TimeTrackingV2.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cc.local
O17 - HKLM\Software\..\Telephony: DomainName = cc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cc.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.5.0.464.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe

Hello TPoCCS,

Welcome to Safer Networking Forums :)

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Thanks,
tea

Thanks Teacup - see results below

rcfybgadnq.exe
rcfybgadnq.dat
rcfybgadnq_nav.dat
rcfybgadnq_navps.dat
rgb9rast_2.dll

Sorry - just figured out to post the correct info:

07 06:26:04 [Info]: BlackLight Engine 1.0.64 initialized
07/24/07 06:26:04 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/24/07 06:26:04 [Note]: 7019 4
07/24/07 06:26:04 [Note]: 7005 0
07/24/07 06:26:12 [Note]: 7006 0
07/24/07 06:26:13 [Note]: 7011 2560
07/24/07 06:26:13 [Note]: 7026 0
07/24/07 06:26:13 [Note]: 7026 0
07/24/07 06:26:13 [Note]: 7024 3
07/24/07 06:26:13 [Info]: Hidden process: C:\windows\system32\rcfybgadnq.exe
07/24/07 06:26:16 [Note]: FSRAW library version 1.7.1022
07/24/07 06:30:09 [Info]: Hidden file: c:\WINDOWS\system32\rcfybgadnq.dat
07/24/07 06:30:09 [Note]: 10002 1
07/24/07 06:30:09 [Info]: Hidden file: C:\windows\system32\rcfybgadnq.exe
07/24/07 06:30:09 [Note]: 10002 1
07/24/07 06:30:10 [Info]: Hidden file: c:\WINDOWS\system32\rcfybgadnq_nav.dat
07/24/07 06:30:10 [Note]: 10002 1
07/24/07 06:30:10 [Info]: Hidden file: c:\WINDOWS\system32\rcfybgadnq_navps.dat
07/24/07 06:30:10 [Note]: 10002 1
07/24/07 06:30:12 [Info]: Hidden file: c:\WINDOWS\system32\rgb9rast_2.dll
07/24/07 06:30:12 [Note]: 10002 2

Hello,

That's okay. :) That's what I suspected, so I saw what I needed to see.

Please run Blacklight again. After the scan is complete, click Next.

Highlight these files and choose rename. Reboot when done.

C:\windows\system32\rcfybgadnq.exe
c:\WINDOWS\system32\rcfybgadnq.dat
c:\WINDOWS\system32\rcfybgadnq_nav.dat
c:\WINDOWS\system32\rcfybgadnq_navps.dat
c:\WINDOWS\system32\rgb9rast_2.dll

After reboot in your c:\windows\system32 folder you should see those files with a ren extention:

C:\windows\system32\rcfybgadnq.exe.ren
c:\WINDOWS\system32\rcfybgadnq.dat.ren
c:\WINDOWS\system32\rcfybgadnq_nav.dat.ren
c:\WINDOWS\system32\rcfybgadnq_navps.dat.ren
c:\WINDOWS\system32\rgb9rast_2.dll.ren

Please delete those files.

Please follow these instructions exactly as shown in order to achieve the best results:

1. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
2. RIGHT-CLICK HERE (http://metallica.geekstogo.com/EGDACCESS.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download EGDACCESS Remover.
Save it in the same folder you made earlier (c:\BFU).

3. Restart your computer in Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)

4. Open My Computer and navigate to the c:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select EGDACCESS.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.


5. Reboot back to normal mode and post:
The content of the file C:\egd.txt that was created by the script.
The content of the folder bfubackups in your System(32) folder. This folder was also created by the script.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

Will follow the process when I get done with a scheduled meeting and update you after lunch -thanks again!

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"MVS Splash"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe"
"McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Synchronization Manager"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,6d,00,6f,00,62,00,73,00,79,00,6e,00,63,00,2e,00,65,00,78,00,65,\
00,20,00,2f,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"PfuSsSct.exe"="C:\\Program Files\\PFU\\ScanSnap\\PfuSsSct.exe /Station"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"eFax 4.3"="\"C:\\Program Files\\eFax Messenger 4.3\\J2GDllCmd.exe\" /R"
"rcfybgadnq"="c:\\windows\\system32\\rcfybgadnq.exe rcfybgadnq"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

NOTE: there was nothing in the bfubackups folder?

"timpohlad" - 2007-07-25 14:56:40 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-25 14:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 14:32 <DIR> d-------- C:\WINDOWS\system32\bfubackups
2007-07-25 14:19 <DIR> d-------- C:\BFU
2007-07-23 12:52 <DIR> d-------- C:\spyware programs
2007-07-22 22:59 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-22 21:27 3,766 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-22 16:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-22 16:03 <DIR> d-------- C:\Program Files\Ad-Aware
2007-07-18 13:54 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2007-07-18 13:54 <DIR> d-------- C:\DOCUME~1\TIMPOH~1\APPLIC~1\eFax Messenger
2007-07-18 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Setup
2007-07-18 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Output
2007-07-18 13:53 3,841,896 --a------ C:\msgrplus.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 17:47:54 -------- d-----w C:\DOCUME~1\TIMPOH~1\APPLIC~1\Lavasoft
2007-07-22 22:49:42 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-22 22:49:42 -------- d-----w C:\Program Files\Google
2007-07-22 20:09:00 -------- d-----w C:\Program Files\SpywareBlaster
2007-07-22 20:07:44 -------- d-----w C:\Program Files\CCleaner
2007-07-18 22:32:31 8 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-06-30 21:11:18 -------- d-----w C:\Program Files\ABC Amber BlackBerry Converter
2007-06-26 19:01:59 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-26 19:01:59 -------- d-----w C:\Program Files\viewsonic
2007-06-26 19:01:56 -------- d-----w C:\Program Files\Messenger
2007-06-16 17:13:39 -------- d-----w C:\DOCUME~1\TIMPOH~1\APPLIC~1\MapInfo
2007-06-14 17:58:36 20,924,632 ----a-w C:\GoogleEarthWinProSetup.exe
2007-06-02 05:16:53 -------- d-----w C:\DOCUME~1\TIMPOH~1\APPLIC~1\Help
2007-06-02 04:53:25 -------- d-----w C:\DOCUME~1\TIMPOH~1\APPLIC~1\Research In Motion
2007-06-02 04:52:27 -------- d-----w C:\Program Files\Common Files\Research In Motion
2007-06-02 04:52:07 -------- d-----w C:\Program Files\Research In Motion
2007-06-02 04:49:26 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 17:58:37 532,992 ----a-w C:\Program Files\Gantt.msi


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 04:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 03:06 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-09-23 06:44 C:\WINDOWS\ALCMTR.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-04-01 22:28]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-04-01 22:28]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"PfuSsSct.exe"="C:\Program Files\PFU\ScanSnap\PfuSsSct.exe" [2003-12-22 10:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 10:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\190\g2mstart.exe" [2007-05-24 08:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-12-07 22:18:54]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-07 21:25:19]
CardMinder Viewer.lnk - C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe [2006-12-07 22:50:25]
Conversion to PDF with ScanSnap Organizer.lnk - C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe [2006-12-07 22:49:45]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-07-18 13:54:25]
Logitech Harmony Remote Software 7.lnk - C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe [2006-12-18 16:36:51]
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe [2006-12-14 19:14:58]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-06-10 01:09:14]
ScanSnap Manager.lnk - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe [2006-12-07 23:12:55]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SWAGENT;SonicWALL Agent Service;C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
R2 WSearch;Windows Search;C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 mssmbios;Microsoft System Management BIOS Driver;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 SMBios;Intel (R) System Management BIOS Service;C:\WINDOWS\system32\DRIVERS\SMBios.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\HdAudio.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 RimUsb;BlackBerry Device;C:\WINDOWS\system32\Drivers\RimUsb.sys
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 14:58:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 14:59:46

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 15:00, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Citrix\GoToMeeting\190\g2mstart.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
C:\Program Files\Citrix\GoToMeeting\190\g2mcomm.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Citrix\GoToMeeting\190\g2mlauncher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\timpohlad\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cyclone:4445/default.aspx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\190\g2mstart.exe "/Trigger RunAtLogon"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?0&4&unknown&unknown&unknown&unknown
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/SW/ENU/VS40/bin/myCioAgt.20060504183849.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165530380406
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx/tts/TimeTrackingV2.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cc.local
O17 - HKLM\Software\..\Telephony: DomainName = cc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cc.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.5.0.464.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe

Hello,

How is it running now please?:) I see you have CCleaner on board.....give your machine a cleaning with it, and then I'd like for you to run Blacklight again and post the report, please.

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).

Post the contents of the ActiveScan report, please, and a new HijackThis log.

Thanks,
tea

Had to catch up on some things - I've run Ccleaner and Blacklight - see below:

Will finish up the rest right now as well.

08/01/07 12:53:57 [Info]: BlackLight Engine 1.0.64 initialized
08/01/07 12:53:57 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/01/07 12:53:57 [Note]: 7019 4
08/01/07 12:53:57 [Note]: 7005 0
08/01/07 12:54:03 [Note]: 7006 0
08/01/07 12:54:03 [Note]: 7011 3108
08/01/07 12:54:04 [Note]: 7026 0
08/01/07 12:54:04 [Note]: 7026 0
08/01/07 12:54:07 [Note]: FSRAW library version 1.7.1022
08/01/07 13:01:40 [Note]: 7007 0

Hello,

Sorry for the delay, but I was waiting for the Panda scan results. I know you said you were busy.........

Could you post that report please, and a new HijackThis log? :) Let me know how it's running also.

Thanks,
tea

How is it going TPoCCS

This topic has been archived due to lack of a response.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.