Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected with Vitrumonde


  • This topic is locked This topic is locked
3 replies to this topic

#1 cunley

cunley

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 06 October 2009 - 05:52 PM

I have all sorts of pop ups of advert that also slows down my computer.Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3ve9155r.tmp\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 17:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9B3C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE3C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7316000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xBA63B000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\administrator\local settings\temp\~dfc428.tmp
Status: Allocation size mismatch (API: 65536, Raw: 16384)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89683318

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8964c0d0

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8968e170

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8964b118

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89716ef0

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xba6b2d72

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x89683088

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xba6939a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xba693b98

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x89697280

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89670880

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8964b1f8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3820

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x896b30f8

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x89692768

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x89683178

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89683258

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x896d6b40

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x89692688

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8968b2d8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xba6b1a80

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x89698098

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8968e240

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8968b118

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x896b3188

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x89697008

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3c8a

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89689e68

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8964c008

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x89649a60

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8964b2d8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3036

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8968b1f8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8964c1b0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xba693656

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8964c290

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89692650

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8968e0a0

Stealth Objects
-------------------
Object: Hidden Module [Name: msisip.dll]
Process: explorer.exe (PID: 3068) Address: 0x011a0000 Size: 24576

Object: Hidden Module [Name: msisip.dll]
Process: explorer.exe (PID: 3068) Address: 0x01830000 Size: 24576

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x01850000 Size: 110592

Object: Hidden Module [Name: msisip.dll]
Process: explorer.exe (PID: 3068) Address: 0x02cd0000 Size: 24576

Object: Hidden Module [Name: MsnlNamespaceMgr.dll]
Process: explorer.exe (PID: 3068) Address: 0x02d10000 Size: 311296

Object: Hidden Module [Name: pwrshsip.dll]
Process: explorer.exe (PID: 3068) Address: 0x03510000 Size: 32768

Object: Hidden Module [Name: __c002FDBA.dat]
Process: explorer.exe (PID: 3068) Address: 0x03640000 Size: 40960

Object: Hidden Module [Name: wshext.dll]
Process: explorer.exe (PID: 3068) Address: 0x064a0000 Size: 86016

Object: Hidden Module [Name: wshext.dll]
Process: explorer.exe (PID: 3068) Address: 0x06480000 Size: 86016

Object: Hidden Module [Name: MsnlNamespaceMgr.dll]
Process: explorer.exe (PID: 3068) Address: 0x064e0000 Size: 311296

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x064c0000 Size: 110592

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x06570000 Size: 110592

Object: Hidden Module [Name: pwrshsip.dll]
Process: explorer.exe (PID: 3068) Address: 0x06530000 Size: 32768

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x06590000 Size: 110592

Object: Hidden Module [Name: MsnlNamespaceMgr.dll]
Process: explorer.exe (PID: 3068) Address: 0x065f0000 Size: 311296

Object: Hidden Module [Name: pwrshsip.dll]
Process: explorer.exe (PID: 3068) Address: 0x06690000 Size: 32768

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x066b0000 Size: 110592

Object: Hidden Module [Name: __c002FDBA.dat]
Process: explorer.exe (PID: 3068) Address: 0x066e0000 Size: 40960

Object: Hidden Module [Name: MsnlNamespaceMgr.dll]
Process: explorer.exe (PID: 3068) Address: 0x066f0000 Size: 311296

Object: Hidden Module [Name: wshext.dll]
Process: explorer.exe (PID: 3068) Address: 0x06740000 Size: 86016

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x06810000 Size: 110592

Object: Hidden Module [Name: MsnlNamespaceMgr.dll]
Process: explorer.exe (PID: 3068) Address: 0x06b80000 Size: 311296

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x099d0000 Size: 110592

Object: Hidden Module [Name: pwrshsip.dll]
Process: explorer.exe (PID: 3068) Address: 0x461f0000 Size: 32768

Object: Hidden Module [Name: msisip.dll]
Process: explorer.exe (PID: 3068) Address: 0x605f0000 Size: 24576

Object: Hidden Module [Name: mprmsg.dll]
Process: explorer.exe (PID: 3068) Address: 0x61510000 Size: 110592

Object: Hidden Module [Name: actxprxy.dll]
Process: explorer.exe (PID: 3068) Address: 0x71d40000 Size: 106496

Object: Hidden Module [Name: wshext.dll]
Process: explorer.exe (PID: 3068) Address: 0x7dfa0000 Size: 86016

Object: Hidden Module [Name: wficaUI.dll]
Process: iexplore.exe (PID: 1784) Address: 0x00d30000 Size: 32768

Object: Hidden Module [Name: winshfhc.dll]
Process: iexplore.exe (PID: 1784) Address: 0x00df0000 Size: 28672

Object: Hidden Module [Name: __c002FDBA.dat]
Process: iexplore.exe (PID: 1784) Address: 0x02a10000 Size: 40960

Object: Hidden Module [Name: ccIPC.dll]
Process: iexplore.exe (PID: 1784) Address: 0x04290000 Size: 151552

Object: Hidden Module [Name: slctrl.dll]
Process: iexplore.exe (PID: 1784) Address: 0x05b80000 Size: 491520

Object: Hidden Module [Name: slcore.dll]
Process: iexplore.exe (PID: 1784) Address: 0x06620000 Size: 2367488

Object: Hidden Module [Name: slcore.dll]
Process: iexplore.exe (PID: 1784) Address: 0x063d0000 Size: 2367488

Object: Hidden Module [Name: slctrl.dll]
Process: iexplore.exe (PID: 1784) Address: 0x06870000 Size: 491520

Object: Hidden Module [Name: audiodev.dll]
Process: iexplore.exe (PID: 1784) Address: 0x07160000 Size: 282624

Object: Hidden Module [Name: wficaUI.dll]
Process: iexplore.exe (PID: 1784) Address: 0x0f850000 Size: 32768

Object: Hidden Module [Name: wmasf.dll]
Process: iexplore.exe (PID: 1784) Address: 0x0f960000 Size: 233472

Object: Hidden Module [Name: wmasf.dll]
Process: iexplore.exe (PID: 1784) Address: 0x0fbf0000 Size: 233472

Object: Hidden Module [Name: wficaUI.dll]
Process: iexplore.exe (PID: 1784) Address: 0x0fff0000 Size: 32768

Object: Hidden Module [Name: wficaUI.dll]
Process: iexplore.exe (PID: 1784) Address: 0x10800000 Size: 32768

Object: Hidden Module [Name: wficaUI.dll]
Process: iexplore.exe (PID: 1784) Address: 0x107f0000 Size: 32768

Object: Hidden Module [Name: WMVCore.dll]
Process: iexplore.exe (PID: 1784) Address: 0x15110000 Size: 2469888

Object: Hidden Module [Name: wmasf.dll]
Process: iexplore.exe (PID: 1784) Address: 0x11c70000 Size: 233472

Object: Hidden Module [Name: WMVCore.dll]
Process: iexplore.exe (PID: 1784) Address: 0x11cb0000 Size: 2469888

Object: Hidden Module [Name: WMVCore.dll]
Process: iexplore.exe (PID: 1784) Address: 0x13160000 Size: 2469888

Object: Hidden Module [Name: WpdShext.dll]
Process: iexplore.exe (PID: 1784) Address: 0x16210000 Size: 2609152

Object: Hidden Module [Name: wiashext.dll]
Process: iexplore.exe (PID: 1784) Address: 0x593f0000 Size: 593920

Object: Hidden Module [Name: wups.dll]
Process: iexplore.exe (PID: 1784) Address: 0x50640000 Size: 36864

Object: Hidden Module [Name: winshfhc.dll]
Process: iexplore.exe (PID: 1784) Address: 0x5a680000 Size: 28672

Object: Hidden Module [Name: isDataPr.dll]
Process: iexplore.exe (PID: 1784) Address: 0x67620000 Size: 483328

Object: Hidden Module [Name: ccIPC.dll]
Process: iexplore.exe (PID: 1784) Address: 0x6ad80000 Size: 151552

Object: Hidden Module [Name: ccSubEng.dll]
Process: iexplore.exe (PID: 1784) Address: 0x6aff0000 Size: 249856

Object: Hidden Module [Name: IDSxpx86.dll]
Process: iexplore.exe (PID: 1784) Address: 0x6be20000 Size: 499712

Object: Hidden Module [Name: buShell.dll]
Process: iexplore.exe (PID: 1784) Address: 0x6f180000 Size: 2449408

Object: Hidden Module [Name: buComm.dll]
Process: iexplore.exe (PID: 1784) Address: 0x6ef00000 Size: 331776

Object: Hidden Module [Name: BuEng.dll]
Process: iexplore.exe (PID: 1784) Address: 0x6ef80000 Size: 1458176

Object: Hidden Module [Name: wdmaud.drv]
Process: iexplore.exe (PID: 1784) Address: 0x72d20000 Size: 32768

Object: Hidden Module [Name: shgina.dll]
Process: iexplore.exe (PID: 1784) Address: 0x73d70000 Size: 73728

Object: Hidden Module [Name: msvcrt40.dll]
Process: iexplore.exe (PID: 4948) Address: 0x04460000 Size: 65536

Object: Hidden Module [Name: normaliz.dll]
Process: iexplore.exe (PID: 4948) Address: 0x01e50000 Size: 32768

Object: Hidden Module [Name: __c002FDBA.dat]
Process: iexplore.exe (PID: 4948) Address: 0x02840000 Size: 40960

Object: Hidden Module [Name: ccIPC.dll]
Process: iexplore.exe (PID: 4948) Address: 0x048e0000 Size: 151552

Object: Hidden Module [Name: slctrl.dll]
Process: iexplore.exe (PID: 4948) Address: 0x061d0000 Size: 491520

Object: Hidden Module [Name: audiodev.dll]
Process: iexplore.exe (PID: 4948) Address: 0x07160000 Size: 282624

Object: Hidden Module [Name: slcore.dll]
Process: iexplore.exe (PID: 4948) Address: 0x06a10000 Size: 2367488

Object: Hidden Module [Name: slctrl.dll]
Process: iexplore.exe (PID: 4948) Address: 0x06eb0000 Size: 491520

Object: Hidden Module [Name: slcore.dll]
Process: iexplore.exe (PID: 4948) Address: 0x06c60000 Size: 2367488

Object: Hidden Module [Name: WMVCore.dll]
Process: iexplore.exe (PID: 4948) Address: 0x15110000 Size: 2469888

Object: Hidden Module [Name: wmasf.dll]
Process: iexplore.exe (PID: 4948) Address: 0x11c70000 Size: 233472

Object: Hidden Module [Name: wininet.dll]
Process: iexplore.exe (PID: 4948) Address: 0x3d930000 Size: 937984

Object: Hidden Module [Name: WpdShext.dll]
Process: iexplore.exe (PID: 4948) Address: 0x16210000 Size: 2609152

Object: Hidden Module [Name: wiashext.dll]
Process: iexplore.exe (PID: 4948) Address: 0x593f0000 Size: 593920

Object: Hidden Module [Name: isDataPr.dll]
Process: iexplore.exe (PID: 4948) Address: 0x67620000 Size: 483328

Object: Hidden Module [Name: ccIPC.dll]
Process: iexplore.exe (PID: 4948) Address: 0x6ad80000 Size: 151552

Object: Hidden Module [Name: ccSubEng.dll]
Process: iexplore.exe (PID: 4948) Address: 0x6aff0000 Size: 249856

Object: Hidden Module [Name: IDSxpx86.dll]
Process: iexplore.exe (PID: 4948) Address: 0x6be20000 Size: 499712

Object: Hidden Module [Name: buShell.dll]
Process: iexplore.exe (PID: 4948) Address: 0x6f180000 Size: 2449408

Object: Hidden Module [Name: buComm.dll]
Process: iexplore.exe (PID: 4948) Address: 0x6ef00000 Size: 331776

Object: Hidden Module [Name: BuEng.dll]
Process: iexplore.exe (PID: 4948) Address: 0x6ef80000 Size: 1458176

Object: Hidden Module [Name: msapsspc.dll]
Process: iexplore.exe (PID: 4948) Address: 0x71e50000 Size: 81920

Object: Hidden Module [Name: wdmaud.drv]
Process: iexplore.exe (PID: 4948) Address: 0x72d20000 Size: 32768

Object: Hidden Module [Name: shgina.dll]
Process: iexplore.exe (PID: 4948) Address: 0x73d70000 Size: 73728

Object: Hidden Module [Name: msnsspc.dll]
Process: iexplore.exe (PID: 4948) Address: 0x747b0000 Size: 286720

Object: Hidden Module [Name: digest.dll]
Process: iexplore.exe (PID: 4948) Address: 0x75b00000 Size: 81920

Object: Hidden Module [Name: schannel.dll]
Process: iexplore.exe (PID: 4948) Address: 0x767f0000 Size: 159744

Object: Hidden Module [Name: msvcrt40.dll]
Process: iexplore.exe (PID: 4948) Address: 0x78080000 Size: 65536

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x896a6050

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x88adc050

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x89648738

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x89654910

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x89af92d0

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89e01bb0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x89af0268

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x89d5ca80

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x89aefda0

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x89ae4d80

==EOF==
DDS (Ver_09-09-29.01) - NTFSx86
Run by Administrator at 17:19:55.93 on Tue 10/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.593 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {98828DED-A591-462F-83BA-D2F62A68B8B8} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [A00F40C22.exe] c:\docume~1\admini~1\locals~1\temp\_A00F40C22.exe
uRun: [A00F82B741.exe] c:\docume~1\admini~1\locals~1\temp\_A00F82B741.exe
uRun: [A00F3043676.exe] c:\docume~1\admini~1\locals~1\temp\_A00F3043676.exe
uRun: [A00F299C5.exe] c:\docume~1\admini~1\locals~1\temp\_A00F299C5.exe
uRun: [A00F36051.exe] c:\docume~1\admini~1\locals~1\temp\_A00F36051.exe
uRun: [A00F3D40A.exe] c:\docume~1\admini~1\locals~1\temp\_A00F3D40A.exe
uRun: [A00F54DD9.exe] c:\docume~1\admini~1\locals~1\temp\_A00F54DD9.exe
uRun: [A00F8335D.exe] c:\docume~1\admini~1\locals~1\temp\_A00F8335D.exe
uRun: [A00F1D097CA.exe] c:\docume~1\admini~1\locals~1\temp\_A00F1D097CA.exe
uRun: [A00F826BB.exe] c:\docume~1\admini~1\locals~1\temp\_A00F826BB.exe
uRun: [A00F188E210.exe] c:\docume~1\admini~1\locals~1\temp\_A00F188E210.exe
uRun: [A00FA924C.exe] c:\docume~1\admini~1\locals~1\temp\_A00FA924C.exe
uRun: [A00F5EAC5.exe] c:\docume~1\admini~1\locals~1\temp\_A00F5EAC5.exe
uRun: [A00F2978B3.exe] c:\docume~1\admini~1\locals~1\temp\_A00F2978B3.exe
uRun: [A00F7D9700.exe] c:\docume~1\admini~1\locals~1\temp\_A00F7D9700.exe
uRun: [A00F7D501.exe] c:\docume~1\admini~1\locals~1\temp\_A00F7D501.exe
uRun: [A00F80400.exe] c:\docume~1\admini~1\locals~1\temp\_A00F80400.exe
uRun: [A00F6A971.exe] c:\docume~1\admini~1\locals~1\temp\_A00F6A971.exe
uRun: [A00FA0493.exe] c:\docume~1\admini~1\locals~1\temp\_A00FA0493.exe
uRun: [A00F1A1B2A.exe] c:\docume~1\admini~1\locals~1\temp\_A00F1A1B2A.exe
uRun: [A00F4BC8AE3.exe] c:\docume~1\admini~1\locals~1\temp\_A00F4BC8AE3.exe
uRun: [A00F82CF4.exe] c:\docume~1\admini~1\locals~1\temp\_A00F82CF4.exe
uRun: [A00F53A2D3.exe] c:\docume~1\admini~1\locals~1\temp\_A00F53A2D3.exe
uRun: [A00F8EC4D.exe] c:\docume~1\admini~1\locals~1\temp\_A00F8EC4D.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.1\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: 309cc062669 - c:\windows\system32\icm3232.dll
Notify: __c002FDBA - c:\windows\system32\__c002FDBA.dat
AppInit_DLLs: c:\windows\system32\icm3232.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-15 206256]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2009-9-8 310320]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-9-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-9-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-16 329080]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-28 144704]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2009-8-31 117640]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-28 40552]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091006.005\NAVENG.SYS [2009-10-6 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091006.005\NAVEX15.SYS [2009-10-6 1323568]
S2 0285611254143279mcinstcleanup;McAfee Application Installer Cleanup (0285611254143279);c:\docume~1\admini~1\locals~1\temp\028561~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\028561~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-28 359952]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-28 34248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-15 1097096]

=============== Created Last 30 ================

2009-10-05 21:25 9,784 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-05 21:24 472 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-10-05 21:19 28,160 a------- c:\windows\system32\__c002FDBA.dat
2009-10-05 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-05 20:54 <DIR> --d----- c:\program files\STOPzilla!
2009-10-05 20:54 <DIR> --d----- c:\program files\common files\iS3
2009-10-05 20:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-05 20:15 <DIR> --d----- c:\program files\Enigma Software Group
2009-10-05 19:58 28,160 a------- c:\windows\system32\__c004CA71.dat
2009-10-05 19:52 523,264 a--sh--- c:\windows\system32\C.tmp
2009-10-05 10:04 28,160 a------- c:\windows\system32\__c0046362.dat
2009-10-02 13:26 0 a------- c:\windows\system32\37C.tmp
2009-10-02 13:26 0 a------- c:\windows\system32\37B.tmp
2009-09-28 08:14 9,025 a------- c:\windows\system32\Config.MPF
2009-09-28 08:08 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-28 08:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-28 08:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-28 08:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-09-28 08:06 <DIR> --d----- c:\program files\common files\McAfee
2009-09-28 08:06 <DIR> --d----- c:\program files\McAfee.com
2009-09-28 08:06 <DIR> --d----- c:\program files\McAfee
2009-09-28 08:01 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-26 09:47 0 a------- c:\windows\system32\59.tmp
2009-09-26 09:47 0 a------- c:\windows\system32\58.tmp
2009-09-24 11:18 <DIR> --dsh--- c:\windows\system32\LocalService
2009-09-23 23:08 151 a------- c:\windows\PhotoSnapViewer.INI
2009-09-21 04:58 0 a------- c:\windows\system32\4F6.tmp
2009-09-21 04:58 0 a------- c:\windows\system32\4F5.tmp
2009-09-17 09:20 14,776 a---h--- c:\windows\system32\mlfcache.dat
2009-09-17 00:22 1,803 a------- c:\windows\system32\__c004CDF5.exe
2009-09-16 23:25 69 a------- c:\windows\NeroDigital.ini
2009-09-16 23:19 1,939 a------- c:\windows\system32\__c00F17CC.exe
2009-09-16 23:08 1,939 a------- c:\windows\system32\__c0012970.exe
2009-09-15 15:43 5 a------- c:\windows\system32\Band4
2009-09-15 15:43 7 a------- c:\windows\system32\Class13
2009-09-15 12:12 57 a------- C:\xcrashdump.dat
2009-09-15 12:08 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-15 12:07 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 12:07 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-15 12:07 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-15 12:07 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-15 12:07 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-15 12:07 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-15 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-15 12:07 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-09-15 10:05 17,810 a------- c:\windows\GnuHashes.ini
2009-09-15 09:58 1,728 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-09-15 09:57 523,264 a--sh--- c:\windows\system32\C2.tmp
2009-09-15 09:57 121,344 a------- c:\windows\system32\icm3232.dll
2009-09-15 09:53 48,281 a------- c:\windows\system32\kphchrvtel.exe
2009-09-14 10:01 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-14 10:00 <DIR> --d----- c:\program files\iPod
2009-09-14 09:59 <DIR> --d----- c:\program files\iTunes
2009-09-14 09:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 06:56 442,368 a------- c:\windows\system32\ylxoojekvmbytz.dll
2009-09-08 16:53 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-08-18 21:43 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 21:43 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-08-18 21:43 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-18 21:43 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 21:43 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-18 21:43 107,368 a----r-- c:\windows\system32\GEARAspi.dll
2009-08-18 14:20 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 15:52 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-07-09 15:52 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-07-09 15:51 385,024 a----r-- c:\windows\system32\IS3UI5.dll
2009-07-09 15:51 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-07-09 15:51 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-07-09 15:50 225,280 a----r-- c:\windows\system32\IS3Win325.dll
2009-07-09 15:50 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-07-09 15:50 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-07-09 15:47 724,992 a----r-- c:\windows\system32\IS3Base5.dll
2009-07-08 19:52 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 17:24:57.50 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2008 9:14:28 AM
System Uptime: 10/5/2009 9:18:54 PM (20 hours ago)

Motherboard: Dell Inc. | | 0G8310
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2993/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 64.69 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/15/2009 11:02:52 AM - System Checkpoint
RP2: 9/15/2009 11:10:50 AM - Restore Operation
RP3: 9/16/2009 11:32:09 AM - System Checkpoint
RP4: 9/17/2009 12:56:28 AM - Norton 360 Registry Clean
RP5: 9/18/2009 1:50:15 PM - System Checkpoint
RP6: 9/20/2009 12:45:40 PM - System Checkpoint
RP7: 9/21/2009 1:15:24 PM - System Checkpoint
RP8: 9/23/2009 8:29:31 PM - System Checkpoint
RP9: 9/24/2009 9:46:38 PM - System Checkpoint
RP10: 9/25/2009 9:50:13 PM - System Checkpoint
RP11: 9/26/2009 10:50:12 PM - System Checkpoint
RP12: 9/28/2009 8:44:30 AM - System Checkpoint
RP13: 9/30/2009 3:30:45 PM - System Checkpoint
RP14: 10/1/2009 4:19:35 PM - System Checkpoint
RP15: 10/2/2009 9:28:58 PM - System Checkpoint
RP16: 10/4/2009 1:54:56 PM - System Checkpoint
RP17: 10/5/2009 6:58:38 PM - System Checkpoint
RP18: 10/5/2009 8:54:31 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Citrix XenApp Plugin for Hosted Apps
Critical Update for Windows Media Player 11 (KB959772)
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Product Detection
InstallMgr
Intel® Graphics Media Accelerator Driver
iPhone Configuration Utility
iTunes
Java™ 6 Update 14
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSN Toolbar
Nero PhotoShow Express
Nero Suite
Norton 360
NVIDIA Drivers
OpenOffice.org 2.1
PowerDVD 5.1
QuickTime
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Spyware Doctor 6.1
STOPzilla
Symantec Ghost Console Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Voipwise
VZAccess Manager for RIM
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/30/2009 1:46:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Proxy Service service to connect.
9/30/2009 1:46:44 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2009 9:23:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
10/5/2009 9:23:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
10/5/2009 8:58:06 PM, error: Service Control Manager [7034] - The QoS RSVP service terminated unexpectedly. It has done this 1 time(s).
10/5/2009 8:58:05 PM, error: RSVP [10008] - Unable to Load DLL IPHLPAPI.DLL and find the required IP helper functions, RSVP will not be able to function without this DLL.
10/5/2009 8:58:05 PM, error: RSVP [10003] - QoS RSVP service failed to start with error A device attached to the system is not functioning. .
10/5/2009 8:36:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Services service to connect.
10/5/2009 8:36:20 AM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2009 8:33:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001422391A16 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/4/2009 9:33:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
10/4/2009 9:33:29 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
10/1/2009 8:53:00 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
10/1/2009 8:52:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Personal Firewall Service service to connect.
10/1/2009 8:52:46 AM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2009 8:46:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
10/1/2009 8:46:50 AM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Attached Files

  • Attached File  ark.txt   30.92KB   0 downloads


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 23 October 2009 - 03:39 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 26 October 2009 - 07:03 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 28 October 2009 - 07:05 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users