cherubicwindigo

Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About cherubicwindigo

  • Rank
    Member
  • Birthday 07/24/1988

Contact Methods

  • Website URL
    http://asianfanatic.webs.com
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Interests
    Graphic Design, Korean Soap Operas
  1. CRIPES! What a total P.I.T.A! I have said it before and I say it now - never again, not McAfee, not ever. I found an extremely useful link: http://www.pchell.com/virus/uninstallmcafee.shtml - anyone who can't get McAfee off thier PC should check it out, it took the thorn out of my side. So, now that THAT is taken care of, I'll reboot and get myself some nice, laid-back Avira, a welcome chance from ######-Retentive McAfee. Now I know I am spending too much time with my PC when I start personifying my Anti-virus programs
  2. I know I have McAfee SiteAdvisor, but from what I can tell I already uninstalled all of McAfee except the SiteAdvisor. BUT when I pull up the Add/Remove Programs I don't even see the McAfee SiteAdvisor, is it possible that McAfee was removed from the programs list but not from my computer?!
  3. Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:59 AM, on 4/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {089fd14d-132b-48fc-8861-0048ae113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (mcproxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service (siteadvisor service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6640 bytes
  4. Here is the Log: ComboFix 08-04-09.1 - juastin 2008-04-11 17:25:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.235 [GMT -4:00] Running from: C:\Documents and Settings\juastin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\juastin\Desktop\CFScript.txt * Created a new restore point FILE :: C:\1758188543 C:\kbvxxo.exe C:\vwhfxvxv.exe C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.bak2 C:\WINDOWS\system32\bcbeg.ini2 C:\WINDOWS\system32\kgppvbba.dll C:\WINDOWS\system32\mexuotnm.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1758188543 C:\kbvxxo.exe C:\VundoFix Backups C:\VundoFix Backups\bdiurpwf.ini.bad C:\VundoFix Backups\ffdjtjnt.dll.bad C:\VundoFix Backups\fwpruidb.dll.bad C:\VundoFix Backups\opnkjHyW.dll.bad C:\VundoFix Backups\WyHjknpo.ini.bad C:\VundoFix Backups\WyHjknpo.ini2.bad C:\vwhfxvxv.exe C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.bak2 C:\WINDOWS\system32\bcbeg.ini2 C:\WINDOWS\system32\kgppvbba.dll C:\WINDOWS\system32\mexuotnm.dll C:\WINDOWS\system32\wapisvsu32.exe . ((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))) . 2008-04-09 19:43 . 2008-04-10 17:21 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2008-04-09 19:43 . 2008-04-09 19:43 1,409 --a--c--- C:\WINDOWS\QTFont.for 2008-04-08 19:53 . 2008-04-08 19:53 <DIR> d----c--- C:\Program Files\Trend Micro 2008-04-08 10:49 . 2008-04-08 17:38 <DIR> d----c--- C:\Program Files\COMODO 2008-04-08 10:49 . 2008-04-08 17:38 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\Comodo 2008-04-08 10:49 . 2008-04-08 17:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\comodo 2008-04-07 20:41 . 2008-04-11 02:02 8,367 --a--c--- C:\WINDOWS\system32\Config.MPF 2008-04-07 20:40 . 2008-04-09 15:12 <DIR> d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor 2008-04-07 20:40 . 2008-04-09 06:46 <DIR> d----c--- C:\Program Files\SiteAdvisor 2008-04-07 20:40 . 2008-04-08 19:44 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\SiteAdvisor 2008-04-07 20:40 . 2008-04-10 20:00 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-04-07 20:38 . 2006-03-03 08:07 143,360 --a--c--- C:\WINDOWS\system32\dunzip32.dll 2008-04-07 20:34 . 2007-11-22 06:44 201,320 --a--c--- C:\WINDOWS\system32\drivers\mfehidk.sys 2008-04-07 20:34 . 2007-07-13 06:20 113,952 --a--c--- C:\WINDOWS\system32\drivers\Mpfp.sys 2008-04-07 20:34 . 2007-11-22 06:44 79,304 --a--c--- C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-04-07 20:34 . 2007-12-02 12:51 40,488 --a--c--- C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-04-07 20:34 . 2007-11-22 06:44 35,240 --a--c--- C:\WINDOWS\system32\drivers\mfebopk.sys 2008-04-07 20:34 . 2007-11-22 06:44 33,832 --a--c--- C:\WINDOWS\system32\drivers\mferkdk.sys 2008-04-07 20:31 . 2008-04-08 10:45 <DIR> d----c--- C:\Program Files\McAfee 2008-04-07 20:31 . 2008-04-08 10:45 <DIR> d----c--- C:\Program Files\Common Files\McAfee 2008-04-07 18:59 . 2008-04-08 10:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-07 17:37 . 2008-04-07 17:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-07 17:33 . 2008-04-07 17:33 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 20:16 . 2008-03-26 20:16 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\Nero 2008-03-22 15:55 . 2008-03-29 12:18 <DIR> d----c--- C:\Program Files\AviSynth 2.5 2008-03-15 19:28 . 2008-03-15 19:28 <DIR> d----c--- C:\Program Files\Xvid 2008-03-14 13:30 . 2008-03-14 13:30 <DIR> d----c--- C:\Program Files\DivXLand 2008-03-14 13:30 . 1999-12-17 10:13 86,016 --a--c--- C:\WINDOWS\unvise32.exe 2008-03-12 23:10 . 2008-03-12 23:11 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\Jubler 2008-03-12 23:10 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 16:04 --------- dc----w C:\Documents and Settings\juastin\Application Data\uTorrent 2008-04-07 21:15 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-07 04:58 --------- dc----w C:\Program Files\Common Files\Adobe 2008-03-29 18:25 --------- dc----w C:\Documents and Settings\juastin\Application Data\Sony 2008-03-29 16:17 --------- dc----w C:\Program Files\Gabest 2008-03-24 14:39 --------- dc----w C:\Documents and Settings\juastin\Application Data\Apple Computer 2008-03-18 13:07 --------- dc----w C:\Program Files\Java 2008-03-07 14:03 --------- dc----w C:\Program Files\Common Files\Ahead 2008-03-02 09:01 --------- dc----w C:\Program Files\Common Files\Java 2008-02-25 21:59 --------- dc----w C:\Program Files\iTunes 2008-02-25 21:59 --------- dc----w C:\Program Files\iPod 2008-02-25 21:57 --------- dc----w C:\Program Files\QuickTime 2008-02-24 02:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-20 17:47 --------- dc----w C:\Program Files\Red Kawa 2008-02-18 15:23 --------- dc----w C:\Program Files\DivX 2008-02-06 21:15 19,000 -c--a-w C:\Documents and Settings\juastin\Application Data\GDIPFONTCACHEV1.DAT 2007-11-15 20:34 753,152 -csha-w C:\Program Files\Common Files\ehthumbs.db 2007-11-15 20:34 2,005,504 -csha-w C:\Program Files\ehthumbs.db . ------- Sigcheck ------- 2004-10-15 19:18 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((( [email protected]_15.01.42.89 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-10 17:10:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-04-10 21:14:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-04-10 17:10:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-04-10 21:14:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-04-10 17:10:08 49,152 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-04-10 21:16:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 17:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 17:10 118784] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 17:09 94208] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-05 19:11 761856] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a--c--- 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2007-10-05 19:11 59392 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-05-24 08:41 1628720 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-05-24 08:41 1628720 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-05-02 05:15 75520 C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3665bc86-970b-11dc-9043-000b7d23ff8c}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-04-07 14:12:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-11 21:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-04-10 07:01:20 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-11 17:27:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . Completion time: 2008-04-11 17:28:18 ComboFix-quarantined-files.txt 2008-04-11 21:27:56 ComboFix2.txt 2008-04-10 19:02:12 Pre-Run: 25,620,348,928 bytes free Post-Run: 25,599,213,568 bytes free . 2008-02-15 12:55:57 --- E O F ---
  5. No, McAfee failed me as well so I bombed it. I never liked McAfee, but I was desperate to clean up my computer, I need it for practically everything I do. What "better free antivirus apps than AVG" are there? I have been tearing my hair out over this computer. If you think it would be helpful to re-download COMODO & AVG (or any other anti-virus you reccomend) I could, I just didn't see either program helping to fix my computer and I still got all of this Malware and Trojans in spite of them.
  6. At this time I have no antivirus or firewall software on my computer, I was using AVG Antivirus and COMODO Firewall, but when I insalled Mcafee, which I though might be able to get rid of my current problems, it made me uninstall them. Anyways, both of those progams we're self-updating, I was planning to re-install them once my Ad-Aware was working again because neither of these programs we're helping me anyways. Will do.
  7. HERE IT IS! (the ComboFix Log, that is) ComboFix 08-04-09.1 - juastin 2008-04-10 13:13:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.256 [GMT -4:00] Running from: C:\Documents and Settings\juastin\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\juastin\Application Data\DriveCleaner Freeware C:\Documents and Settings\juastin\Application Data\DriveCleaner Freeware\Logs\update.log C:\Documents and Settings\juastin\Application Data\WinTouch C:\Documents and Settings\juastin\Application Data\WinTouch\wintouch.cfg C:\Documents and Settings\juastin\Application Data\WinTouch\WinTouch.exe C:\Documents and Settings\juastin\Application Data\WinTouch\WTUninstaller.exe C:\Documents and Settings\NetworkService\Application Data\NetMon C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt C:\Program Files\Helper C:\Program Files\winpop C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\fse C:\Temp\fse\tmpZTF.log C:\WINDOWS\BM6bf8e0cc.xml C:\WINDOWS\cookies.ini C:\WINDOWS\msettings.ini C:\WINDOWS\pskt.ini C:\WINDOWS\racle~1 C:\WINDOWS\system32\aoompjgp.dll C:\WINDOWS\system32\bbadNqru.ini C:\WINDOWS\system32\bbadNqru.ini2 C:\WINDOWS\system32\dnrmlysw.dll C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\ffdjtjnt.dll C:\WINDOWS\system32\gxayveur.dll C:\WINDOWS\system32\hpvxbtyk.dll C:\WINDOWS\system32\ltyhlpcq.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlJCUMcY.dll C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\qcplhytl.dll C:\WINDOWS\system32\urqNdabb.dll C:\WINDOWS\system32\usqahwwa.dll C:\WINDOWS\system32\winpfz32.sys C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\wnsxs~1 C:\WINDOWS\zalpqbj.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_DOMAINSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_DomainService -------\zalpqbj ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))) . 2008-04-10 06:51 . 2008-04-10 06:51 3,648 --a--c--- C:\WINDOWS\system32\kgppvbba.dll 2008-04-09 19:43 . 2008-04-09 19:43 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2008-04-09 19:43 . 2008-04-09 19:43 1,409 --a--c--- C:\WINDOWS\QTFont.for 2008-04-09 06:47 . 2008-04-09 06:47 3,648 --a--c--- C:\WINDOWS\system32\mexuotnm.dll 2008-04-08 19:53 . 2008-04-08 19:53 <DIR> d----c--- C:\Program Files\Trend Micro 2008-04-08 10:49 . 2008-04-08 17:38 <DIR> d----c--- C:\Program Files\COMODO 2008-04-08 10:49 . 2008-04-08 17:38 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\Comodo 2008-04-08 10:49 . 2008-04-08 17:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\comodo 2008-04-07 22:30 . 2008-04-09 15:46 <DIR> d----c--- C:\VundoFix Backups 2008-04-07 20:41 . 2008-04-10 14:25 8,367 --a--c--- C:\WINDOWS\system32\Config.MPF 2008-04-07 20:40 . 2008-04-09 15:12 <DIR> d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor 2008-04-07 20:40 . 2008-04-09 06:46 <DIR> d----c--- C:\Program Files\SiteAdvisor 2008-04-07 20:40 . 2008-04-08 19:44 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\SiteAdvisor 2008-04-07 20:40 . 2008-04-09 20:00 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-04-07 20:38 . 2006-03-03 08:07 143,360 --a--c--- C:\WINDOWS\system32\dunzip32.dll 2008-04-07 20:34 . 2007-11-22 06:44 201,320 --a--c--- C:\WINDOWS\system32\drivers\mfehidk.sys 2008-04-07 20:34 . 2007-07-13 06:20 113,952 --a--c--- C:\WINDOWS\system32\drivers\Mpfp.sys 2008-04-07 20:34 . 2007-11-22 06:44 79,304 --a--c--- C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-04-07 20:34 . 2007-12-02 12:51 40,488 --a--c--- C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-04-07 20:34 . 2007-11-22 06:44 35,240 --a--c--- C:\WINDOWS\system32\drivers\mfebopk.sys 2008-04-07 20:34 . 2007-11-22 06:44 33,832 --a--c--- C:\WINDOWS\system32\drivers\mferkdk.sys 2008-04-07 20:31 . 2008-04-08 10:45 <DIR> d----c--- C:\Program Files\McAfee 2008-04-07 20:31 . 2008-04-08 10:45 <DIR> d----c--- C:\Program Files\Common Files\McAfee 2008-04-07 18:59 . 2008-04-08 10:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-07 17:37 . 2008-04-07 17:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-07 17:33 . 2008-04-07 17:33 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-07 00:03 . 2008-04-07 00:03 57,624 -----c--- C:\vwhfxvxv.exe 2008-04-07 00:03 . 2008-04-07 00:03 29,090 --a--c--- C:\kbvxxo.exe 2008-04-07 00:03 . 2008-04-07 00:04 2 --a--c--- C:\1758188543 2008-03-26 20:16 . 2008-03-26 20:16 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\Nero 2008-03-22 15:55 . 2008-03-29 12:18 <DIR> d----c--- C:\Program Files\AviSynth 2.5 2008-03-15 19:28 . 2008-03-15 19:28 <DIR> d----c--- C:\Program Files\Xvid 2008-03-14 13:30 . 2008-03-14 13:30 <DIR> d----c--- C:\Program Files\DivXLand 2008-03-14 13:30 . 1999-12-17 10:13 86,016 --a--c--- C:\WINDOWS\unvise32.exe 2008-03-12 23:10 . 2008-03-12 23:11 <DIR> d----c--- C:\Documents and Settings\juastin\Application Data\Jubler 2008-03-12 23:10 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 16:04 --------- dc----w C:\Documents and Settings\juastin\Application Data\uTorrent 2008-04-07 21:15 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-07 04:58 --------- dc----w C:\Program Files\Common Files\Adobe 2008-03-29 18:25 --------- dc----w C:\Documents and Settings\juastin\Application Data\Sony 2008-03-29 16:17 --------- dc----w C:\Program Files\Gabest 2008-03-24 14:39 --------- dc----w C:\Documents and Settings\juastin\Application Data\Apple Computer 2008-03-18 13:07 --------- dc----w C:\Program Files\Java 2008-03-07 14:03 --------- dc----w C:\Program Files\Common Files\Ahead 2008-03-02 09:01 --------- dc----w C:\Program Files\Common Files\Java 2008-02-25 21:59 --------- dc----w C:\Program Files\iTunes 2008-02-25 21:59 --------- dc----w C:\Program Files\iPod 2008-02-25 21:57 --------- dc----w C:\Program Files\QuickTime 2008-02-24 02:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-20 17:47 --------- dc----w C:\Program Files\Red Kawa 2008-02-18 15:23 --------- dc----w C:\Program Files\DivX 2008-02-06 21:15 19,000 -c--a-w C:\Documents and Settings\juastin\Application Data\GDIPFONTCACHEV1.DAT 2007-11-15 20:34 753,152 -csha-w C:\Program Files\Common Files\ehthumbs.db 2007-11-15 20:34 2,005,504 -csha-w C:\Program Files\ehthumbs.db 2007-10-02 21:15 1,541,924 -csha-w C:\WINDOWS\system32\bcbeg.bak1 2007-10-05 19:26 1,510,449 -csha-w C:\WINDOWS\system32\bcbeg.bak2 2007-10-05 23:03 1,494,212 -csha-w C:\WINDOWS\system32\bcbeg.ini2 . ------- Sigcheck ------- 2004-10-15 19:18 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 17:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 17:10 118784] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 17:09 94208] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-05 19:11 761856] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcb] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCUMcY] mlJCUMcY.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvtt] xxyxvtt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a--c--- 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2007-10-05 19:11 59392 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-05-24 08:41 1628720 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer] C:\WINDOWS\system32\qodypbrl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-05-24 08:41 1628720 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-05-02 05:15 75520 C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch] C:\Documents and Settings\juastin\Application Data\WinTouch\WinTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3665bc86-970b-11dc-9043-000b7d23ff8c}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-04-07 14:12:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-10 18:59:47 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-04-10 07:01:20 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 15:00:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WgaTray.exe . ************************************************************************** . Completion time: 2008-04-10 15:02:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-10 19:01:59 Pre-Run: 25,655,234,560 bytes free Post-Run: 25,692,508,160 bytes free . 2008-02-15 12:55:57 --- E O F ---
  8. Oops, by the way the tut described how to look up what version to download, I thought I had the right one *_* I'll try it with the other.
  9. Um, everything didn't go exactly like the tutorial said it would, the program popped out this log and said to post it: Name: CF-RC.txt WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Should I try it again? Also, I don't regognize this setting as anything I have set up. Mabey without realizing it, if that's possible?
  10. When I scan with Lavasoft's Ad-Aware Free Edition, it makes it into about 6 to 10 different problems, still scanning, and then a blue screen pops up - I followed steps to overide my computers automatic shutdown, so I could read the screen, but I couldn't copy it and definitly couldn't memorize it. It said something about errors and gave me some codes. This happens everytime I try to scan with the program. I used AVG for virus control, at first, but it said I had no more infections and my computer was still having problems. So I uninstalled it and tried Macfee, which found a few more problems, but still fell short. I tried a direct approch with VundoFix, hoping it would stop the BlueScreen, but no avail! I was using COMODO Firewall, but if I turn it off I get pop-ups non-stop and they freeze my computer. Now I had to uninstall it because I couldn't get the program to allow me to check my Email, so that I could register for this forum. Moral: Life is hell. I also get Windows Error popups when I start my PC: (1st) - Error loading C:\WINDOWS\system32\fwpruidb.dll The Specified module could not be found. (2nd) - Error Code: BCCode : 1000008e BCP1 : C000001D BCP2 : 00690064 BCP3 : F7B4CCEC BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 256_1 Documents Sent: C:\DOCUME~1\juastin\LOCALS~1\Temp\WERc933.dir00\Mini040808-03.dmp C:\DOCUME~1\juastin\LOCALS~1\Temp\WERc933.dir00\sysdata.xml (3rd) - Microsoft Visual C++ Runtime Library Buffer overrun detected! Program: C:\WINDOWS\Explorer.EXE A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated. * MY HIJACKTHIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:54:39 PM, on 4/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [68cbd350] rundll32.exe "C:\WINDOWS\system32\fwpruidb.dll",b O4 - HKLM\..\Run: [bM6bf8e0cc] Rundll32.exe "C:\WINDOWS\system32\usqahwwa.dll",s O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O20 - AppInit_DLLs: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (mcproxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service (siteadvisor service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 5331 bytes * MY AD-AWARE LOG: 20080407 17-44-26 : Full scan started. 20080407 17-56-07 : Full scan started. 20080407 18-06-36 : Smart scan started. 20080407 18-08-08 : Scheduled init. 20080407 18-08-08 : Full scan started. 20080407 18-08-47 : Scan aborted by user. 20080407 18-08-47 : Scan aborted by user. 20080407 18-08-47 : Full scan ended. 20080407 18-12-17 : Scheduled init. 20080407 18-12-17 : Full scan started. 20080407 18-15-30 : Scheduled init. 20080407 18-15-30 : Full scan started. 20080407 18-28-26 : Scheduled init. 20080407 18-28-26 : Full scan started. 20080407 18-42-48 : Scan aborted by user. 20080407 18-42-48 : Scan aborted by user. 20080407 18-42-48 : Full scan ended. 20080407 21-46-43 : Smart scan started. 20080407 21-49-38 : Smart scan started. 20080407 21-49-45 : Scan aborted by user. 20080407 21-49-45 : Scan aborted by user. 20080407 21-49-45 : Scan aborted by user. 20080407 21-49-45 : Smart scan ended. 20080407 21-50-09 : Smart scan started. 20080407 21-50-12 : Scan aborted by user. 20080407 21-50-12 : Scan aborted by user. 20080407 21-50-12 : Scan aborted by user. 20080407 21-50-12 : Smart scan ended. 20080408 08-36-06 : Smart scan started. 20080408 11-37-49 : Smart scan started. 20080408 15-39-20 : Smart scan started. 20080408 16-33-26 : Smart scan started. 20080408 16-54-44 : Checking for updates. 20080408 16-55-02 : Checking for updates succeeded. 20080408 16-55-07 : Started downloading updates. 20080408 16-55-33 : Installing updates. 20080408 17-09-52 : Full scan started.