Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help with crazy laptop


  • Please log in to reply
1 reply to this topic

#1 rookieintrng

rookieintrng

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:N cacalakis
  • Local time:02:48 AM

Posted 24 October 2009 - 01:06 PM

I have an old toshiba satelite pro laptop. the LT has XP SP3 up to date. The problem I have is that I notice this "Safety Center " thing took over the laptop and was going crazy. I really dont know what I did (i went to the registry, I ran hijack this etc) , but I manage to take that thing out. (I though). After I ran the anti virus, it said it was clean. But now I noticed that every time I do a search in Yahoo or Google it redirects me to other place. I scanned the laptop again and again with mcafee and nothing wrong with it. I ran spybot search and destroy, adaware, hijack this,malware bites,sdfix, combo fix., i try everything and the laptop still giving me problems.I also tried to do a system restore to previous time and dont let me. I went to safe mode to do the best know configuration and nothing. I also open the mcafee to configure or try to change the settings and it dont let me do anything and closes. my laptop has Windows Xp sp3, mcafee av/ firewall, I use Firefox and IE latest edition. I almost forgot It's also giving me problems with the mcafee (runtime error C++)and windows update is not letting update install.
What else I can do to fix it before reinstalling the OS. I dont have a xp disk with me and i dont really know how to do that .
Anybody can help me fix this?

I am also including my hijack this log from this morning and the combo fix from yesterday, I had to run combo fix with the mcafee enable cause i didnot let me shut it off.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:58 AM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\dotnetfx.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\install.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12698 bytes



ComboFix 09-10-22.01 - Owner 10/23/2009 15:46.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.171 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004723_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004735_.tmp.dll
c:\windows\system32\_004736_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004744_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004747_.tmp.dll
c:\windows\system32\_004748_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004757_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004762_.tmp.dll
c:\windows\system32\_004763_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004766_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004771_.tmp.dll
c:\windows\system32\_004772_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004784_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004946_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004949_.tmp.dll
c:\windows\system32\_004951_.tmp.dll
c:\windows\system32\_004952_.tmp.dll
c:\windows\system32\_004953_.tmp.dll
c:\windows\system32\_004954_.tmp.dll
c:\windows\system32\_004956_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004960_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004964_.tmp.dll
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004971_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004973_.tmp.dll
c:\windows\system32\_004974_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004978_.tmp.dll
c:\windows\system32\_004979_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004982_.tmp.dll
c:\windows\system32\_004985_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004987_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004993_.tmp.dll
c:\windows\system32\_004994_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_004999_.tmp.dll
c:\windows\system32\_005000_.tmp.dll
c:\windows\system32\_005002_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005004_.tmp.dll
c:\windows\system32\_005005_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005013_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005016_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005022_.tmp.dll
c:\windows\system32\_005023_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005028_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005038_.tmp.dll
c:\windows\system32\_005039_.tmp.dll
c:\windows\system32\_006997_.tmp.dll
c:\windows\system32\_006998_.tmp.dll
c:\windows\system32\_006999_.tmp.dll
c:\windows\system32\_007000_.tmp.dll
c:\windows\system32\_007007_.tmp.dll
c:\windows\system32\_007008_.tmp.dll
c:\windows\system32\_007009_.tmp.dll
c:\windows\system32\_007010_.tmp.dll
c:\windows\system32\_007012_.tmp.dll
c:\windows\system32\_007013_.tmp.dll
c:\windows\system32\_007016_.tmp.dll
c:\windows\system32\_007017_.tmp.dll
c:\windows\system32\_007019_.tmp.dll
c:\windows\system32\_007020_.tmp.dll
c:\windows\system32\_007021_.tmp.dll
c:\windows\system32\_007023_.tmp.dll
c:\windows\system32\_007026_.tmp.dll
c:\windows\system32\_007027_.tmp.dll
c:\windows\system32\_007031_.tmp.dll
c:\windows\system32\_007032_.tmp.dll
c:\windows\system32\_007034_.tmp.dll
c:\windows\system32\_007037_.tmp.dll
c:\windows\system32\_007039_.tmp.dll
c:\windows\system32\_007040_.tmp.dll
c:\windows\system32\_007041_.tmp.dll
c:\windows\system32\_007042_.tmp.dll
c:\windows\system32\_007043_.tmp.dll
c:\windows\system32\_007046_.tmp.dll
c:\windows\system32\_007047_.tmp.dll
c:\windows\system32\_007048_.tmp.dll
c:\windows\system32\_007049_.tmp.dll
c:\windows\system32\_007050_.tmp.dll
c:\windows\system32\_007055_.tmp.dll
c:\windows\system32\_007057_.tmp.dll
c:\windows\system32\logs
c:\windows\system32\logs\Settings.dat
c:\windows\system32\ndisapi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_VSPF
-------\Legacy_VSPF_HK


((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-23 17:33 . 2009-10-23 17:33 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-10-23 17:04 . 2009-10-23 17:04 -------- d-----w- c:\windows\ERUNT
2009-10-23 16:51 . 2009-10-23 18:25 -------- d-----w- C:\SDFix
2009-10-23 16:24 . 2009-10-23 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-23 16:18 . 2009-10-23 16:18 -------- d-----w- c:\program files\Citrix
2009-10-23 16:17 . 2009-10-23 16:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Citrix
2009-10-23 16:17 . 2009-10-23 16:17 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
2009-10-23 06:08 . 2009-10-23 06:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-23 05:14 . 2009-10-23 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-23 05:08 . 2009-10-23 05:08 -------- d-----w- c:\program files\Common Files\iS3
2009-10-23 05:08 . 2009-10-23 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-23 01:17 . 2009-10-23 01:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-23 01:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 01:15 . 2009-10-23 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-23 01:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 01:15 . 2009-10-23 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-10-23 00:26 . 2009-10-23 00:26 -------- d-----w- c:\program files\IObit
2009-10-22 23:04 . 2009-10-23 00:11 -------- d-----w- c:\program files\ThreatFire
2009-10-22 21:47 . 2009-10-22 22:14 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-22 21:46 . 2009-10-22 22:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-22 20:48 . 2009-10-22 20:48 46808 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-22 17:33 . 2009-10-22 17:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-10-22 16:33 . 2009-10-22 16:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-18 18:02 . 2007-12-20 14:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2009-10-17 04:26 . 2009-10-17 04:26 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-17 04:25 . 2009-10-17 04:25 -------- d-----w- c:\program files\MSECACHE
2009-10-14 18:14 . 2009-10-14 18:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-10-14 06:24 . 2009-10-14 06:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-10 22:24 . 2009-10-10 22:24 -------- d-----w- c:\program files\iPod
2009-10-10 22:23 . 2009-10-10 22:27 -------- d-----w- c:\program files\iTunes
2009-10-10 22:23 . 2009-10-10 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 21:55 . 2009-10-10 21:56 -------- d-----w- c:\program files\Safari
2009-10-06 05:39 . 2009-10-06 05:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-06 02:15 . 2009-10-06 02:15 -------- d-----w- c:\program files\Trend Micro
2009-09-26 07:04 . 2009-09-26 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FXhome
2009-09-26 07:04 . 2009-09-26 07:18 -------- d-----w- c:\program files\FXhome PhotoKey 2 Demo
2009-09-24 17:58 . 2009-09-26 02:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-09-24 17:56 . 2009-09-24 17:56 262144 ----a-w- C:\ntuser.dat
2009-09-24 03:38 . 2009-09-24 03:47 -------- d-----w- c:\program files\Free Window Registry Repair
2009-09-24 03:10 . 2009-09-24 03:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-09-24 03:07 . 2009-09-29 17:33 -------- d-----w- c:\program files\Buddy Spy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 18:13 . 2009-10-23 17:59 1336 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-10-23 18:13 . 2009-10-23 17:58 1208 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-23 15:39 . 2007-05-01 21:56 -------- d-----w- c:\program files\McAfee
2009-10-23 14:38 . 2008-10-02 21:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-23 04:42 . 2009-05-23 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-10-22 22:14 . 2006-11-16 22:09 -------- d-----w- c:\program files\Spyware Doctor
2009-10-22 18:00 . 2005-03-13 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-22 16:18 . 2005-03-13 19:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-22 16:12 . 2005-03-19 05:34 52888 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 05:50 . 2005-03-17 00:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 18:04 . 2009-05-14 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-18 02:42 . 2006-09-07 21:56 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 09:03 . 2009-03-10 04:04 52888 -c--a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 17:09 . 2009-05-23 00:48 -------- d-----w- c:\documents and settings\Owner\Application Data\iolo
2009-10-10 22:42 . 2006-02-02 20:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-10 22:24 . 2009-05-19 21:03 -------- d-----w- c:\program files\Common Files\Apple
2009-10-10 22:19 . 2006-02-02 19:58 -------- d-----w- c:\program files\QuickTime
2009-10-06 02:31 . 2003-09-23 05:00 1385744 ----a-w- c:\windows\system32\MSVBVM60.DLL
2009-09-30 16:03 . 2009-05-12 20:50 -------- d-----w- c:\program files\Lx_cats
2009-09-26 05:17 . 2006-08-29 16:22 -------- d-----w- c:\program files\The Weather Channel FW
2009-09-26 02:52 . 2006-04-21 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-25 17:12 . 2006-11-06 21:45 -------- d--h--r- c:\documents and settings\Owner\Application Data\yahoo!
2009-09-24 17:56 . 2007-01-22 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-09-24 17:56 . 2005-03-24 02:55 -------- d-----w- c:\program files\Yahoo!
2009-09-21 01:09 . 2009-09-21 01:09 -------- d-----w- c:\program files\Windows Resource Kits
2009-09-21 00:10 . 2009-09-21 00:10 526 ----a-w- c:\documents and settings\Owner\SP3.bat
2009-09-18 23:43 . 2008-03-26 01:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-18 22:15 . 2009-09-18 22:15 -------- d-----w- c:\program files\MSBuild
2009-09-18 22:14 . 2009-09-18 22:14 -------- d-----w- c:\program files\Reference Assemblies
2009-09-18 21:59 . 2009-09-18 21:59 -------- d-----w- c:\program files\MSXML 6.0
2009-09-16 14:22 . 2007-05-01 21:57 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2007-05-01 21:57 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2007-05-01 21:57 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2007-05-01 21:57 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2007-05-01 21:57 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 04:22 . 2009-09-16 04:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-09-11 14:18 . 2009-09-20 22:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 00:43 . 2007-05-01 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-04 21:03 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 17:42 . 2009-05-12 04:10 -------- d-----w- c:\program files\Lexmark 5400 Series
2009-08-31 17:42 . 2006-02-25 16:46 -------- d-----w- c:\program files\Incomplete
2009-08-30 17:12 . 2009-05-19 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-29 08:08 . 2004-01-08 20:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-05-19 21:05 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-05-19 21:05 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 14:29 . 2009-09-18 21:26 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-08-28 14:29 . 2009-05-23 01:03 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-08-26 19:42 . 2009-05-23 01:02 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 19:42 . 2009-05-23 01:02 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-26 08:00 . 2001-08-18 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2001-08-18 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2009-09-20 22:27 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2009-09-20 22:28 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-11-30 18:14 . 2008-11-29 17:13 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Owner\Application Data\iolo"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active@ Eraser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 4:22 PM 210216]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/22/2009 9:03 PM 609792]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/22/2009 9:03 PM 609792]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/29/2008 1:13 PM 29744]
S3 I97DRIVER;I97DRIVER;\??\c:\program files\VCOM\SystemSuite\dgs.sys --> c:\program files\VCOM\SystemSuite\dgs.sys [?]
S3 MR97310_VGA_DUAL_CAMERA;Argus Digital Camera;c:\windows\system32\drivers\mr97310v.sys [4/15/2005 10:37 PM 116279]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [8/30/2009 1:11 PM 17408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 VAPSpy;VAPSpy;\??\c:\program files\Common Files\WinSoftware\VAPSpy.SYS --> c:\program files\Common Files\WinSoftware\VAPSpy.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2001-08-18 00:12]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-01 16:22]

2009-10-23 c:\windows\Tasks\User_Feed_Synchronization-{7BB5BF34-8083-4F1C-8A7D-A8F542BF4920}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q4urjrgl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q4urjrgl.default\extensions\{48f270ae-42ea-4ace-8ee2-7c99a454fe49}\components\FFAlert.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-system test - (no file)
MSConfigStartUp-ooVoo - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxctcoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Mcafee\MWL\MwlSvc.exe
c:\program files\Mcafee\MWL\MwlGui.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\combo-fix\CF4519.exe
c:\program files\iPod\bin\iPodService.exe
c:\combo-fix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 20:42

Pre-Run: 22,169,235,456 bytes free
Post-Run: 21,985,652,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 0922283EE748A23FDB72A21FC685EEBC

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:48 AM

Posted 01 November 2009 - 10:59 AM

Hello rookieintrng

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users