Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alfa Cleaner and numberous hidden malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Explicit1

Explicit1

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 January 2011 - 08:59 PM

Hello..

So far I have ran updated malwarebytes with nothing found. I then booted in safe mode and also ran again and nothing found. I ran rogue remover and it found the following:

Malwarebytes' RogueRemover
Malwarebytes ©2007 http://www.malwarebytes.org
6290 total fingerprints loaded.

Loading database ...
Expanding environmental variables ...

Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].

RogueRemover has detected rogue antispyware components! Results below...

Type: Folder
Vendor: AlfaCleaner
Location: C:\Documents and Settings\Steve\Application Data\Skinux
Selected for removal: Yes

RogueRemover has found the objects above.



I then ran dds and here is the reports:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Steve at 17:41:02.82 on Sun 01/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2494 [GMT -8:00]

FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\explorer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\AOL\1287028308\ee\AOLSoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\AOL\1287028308\ee\AOLDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Steve\Desktop\dds.scr
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\real\realplayer\RealPlay.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.inbox.com/?tbid=70077
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.inbox.com/search/ie.aspx?tb_id=70077
mCustomizeSearch = hxxp://dnl.inbox.com/support/sa_customize.aspx?TbId=70077
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mWinlogon: Shell=c:\windows\explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\inbox\toolbar\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100511180437.dll
BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn7\YTSingleInstance.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: &Inbox.com Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\inbox\toolbar\ctbr.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HostManager] c:\program files\common files\aol\1287028308\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Inbox Search - tbr:iemenu
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\inbox\ssaver\CSSaver.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\steve\start menu\programs\>imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118438275578
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: maven-8110 - {5A694321-C6B7-4297-94EE-6CE972F88B78} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\inbox\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\2t25k1q2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 385536]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [2004-11-22 3072]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-11 82952]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-11 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-11 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-11 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-11 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-11 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-20 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-31 152320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-11 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-11 88480]
S0 vdhoyf;vdhoyf;c:\windows\system32\drivers\dfbmcrr.sys --> c:\windows\system32\drivers\dfbmcrr.sys [?]
S2 0159391273676314mcinstcleanup;McAfee Application Installer Cleanup (0159391273676314);c:\windows\temp\015939~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015939~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1ca3eef70ca82ca;Google Update Service (gupdate1ca3eef70ca82ca);c:\program files\google\update\GoogleUpdate.exe [2009-9-26 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
S3 71c0a0c0-c51a-480e-b612-1c5c02e0ebdc;71c0a0c0-c51a-480e-b612-1c5c02e0ebdc;\??\g:\cds300\cds300.dll --> g:\cds300\cds300.dll [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-11 55456]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-31 51688]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-11 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-11 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-31 40552]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido\security suite\ewidoguard.exe [2005-7-19 163904]

=============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2011-01-03 01:41:16 -------- d-----w- c:\docume~1\steve\applic~1\Skinux
2010-12-25 19:02:24 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-12-25 19:02:03 -------- d-----w- c:\program files\common files\xing shared
2010-12-25 19:01:44 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-12-25 19:01:25 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-12-24 16:46:26 -------- d-----w- C:\Stephs pics
2010-12-24 05:36:08 -------- d-----w- c:\program files\iPod
2010-12-24 05:36:03 -------- d-----w- c:\program files\iTunes
2010-12-24 05:30:25 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 02:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 00:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-14 02:22:37 9094 ----a-w- c:\windows\system32\p.dll
2010-10-14 02:22:37 48283 ----a-w- c:\windows\system32\a.dll
2010-10-14 02:22:37 35308 ----a-w- c:\windows\system32\o.dll
2010-10-14 02:22:37 16011 ----a-w- c:\windows\system32\d.dll
2010-10-14 02:22:37 12110 ----a-w- c:\windows\system32\n.dll
2010-10-14 02:18:53 1285120 ----a-w- c:\windows\system32\ole32.dll
2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 20:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 17:44:45.64 ===============




HERE IS THE ATTACH.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/10/2005 11:14:57 AM
System Uptime: 1/2/2011 5:39:20 PM (0 hours ago)

Motherboard: Intel Corporation | | D865GBF
Processor: Intel® Pentium® 4 CPU 2.60GHz | J2E1 | 2593/200mhz
Processor: Intel® Pentium® 4 CPU 2.60GHz | J2E1 | 2593/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 4.288 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 12.486 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 14.217 GiB free.
F: is FIXED (NTFS) - 34 GiB total, 27.681 GiB free.
G: is CDROM ()
H: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is Removable
N: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP61: 11/8/2010 6:56:47 AM - System Checkpoint
RP62: 11/9/2010 9:48:01 AM - System Checkpoint
RP63: 11/10/2010 9:12:09 AM - Software Distribution Service 3.0
RP64: 11/11/2010 10:47:22 AM - System Checkpoint
RP65: 11/12/2010 11:32:03 AM - System Checkpoint
RP66: 11/13/2010 4:09:41 PM - System Checkpoint
RP67: 11/15/2010 7:48:47 AM - System Checkpoint
RP68: 11/16/2010 1:24:02 PM - System Checkpoint
RP69: 11/17/2010 2:24:28 PM - System Checkpoint
RP70: 11/18/2010 2:56:49 PM - System Checkpoint
RP71: 11/19/2010 3:48:47 PM - System Checkpoint
RP72: 11/20/2010 5:03:58 PM - System Checkpoint
RP73: 11/21/2010 5:23:57 PM - System Checkpoint
RP74: 11/22/2010 5:46:22 PM - System Checkpoint
RP75: 11/23/2010 5:58:44 PM - System Checkpoint
RP76: 11/24/2010 6:57:17 PM - System Checkpoint
RP77: 11/25/2010 9:01:24 PM - System Checkpoint
RP78: 11/26/2010 10:01:01 PM - System Checkpoint
RP79: 11/27/2010 9:30:04 AM - Installed Singlesnet
RP80: 11/28/2010 10:03:12 AM - System Checkpoint
RP81: 11/29/2010 10:52:12 AM - System Checkpoint
RP82: 11/30/2010 11:58:58 AM - System Checkpoint
RP83: 12/1/2010 3:03:13 PM - System Checkpoint
RP84: 12/2/2010 8:41:42 PM - System Checkpoint
RP85: 12/4/2010 6:51:41 AM - System Checkpoint
RP86: 12/5/2010 3:55:00 AM - Installed Windows XP KB932716-v2.
RP87: 12/5/2010 3:56:36 AM - Installed Windows XP KB945060-v3.
RP88: 12/6/2010 9:13:41 AM - System Checkpoint
RP89: 12/7/2010 11:01:50 AM - System Checkpoint
RP90: 12/8/2010 11:55:03 AM - System Checkpoint
RP91: 12/9/2010 2:42:54 PM - System Checkpoint
RP92: 12/10/2010 3:29:22 PM - System Checkpoint
RP93: 12/12/2010 9:55:21 AM - System Checkpoint
RP94: 12/13/2010 10:23:29 AM - System Checkpoint
RP95: 12/14/2010 5:39:59 PM - System Checkpoint
RP96: 12/15/2010 8:49:18 AM - Software Distribution Service 3.0
RP97: 12/17/2010 11:04:22 AM - System Checkpoint
RP98: 12/18/2010 1:42:21 PM - System Checkpoint
RP99: 12/19/2010 2:03:23 PM - System Checkpoint
RP100: 12/20/2010 4:17:36 PM - System Checkpoint
RP101: 12/22/2010 12:12:06 AM - System Checkpoint
RP102: 12/23/2010 6:40:07 AM - System Checkpoint
RP103: 12/24/2010 9:12:39 AM - System Checkpoint
RP104: 12/25/2010 10:59:42 AM - Installed Windows XP WgaNotify.
RP105: 12/26/2010 12:26:34 PM - System Checkpoint
RP106: 12/27/2010 6:49:34 PM - System Checkpoint
RP107: 12/28/2010 9:48:30 PM - System Checkpoint
RP108: 12/30/2010 9:08:53 AM - System Checkpoint
RP109: 12/30/2010 9:11:02 PM - Installed Java™ 6 Update 23

==== Installed Programs ======================


Acrobat.com
Ad-aware 6 Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe® Photoshop® Album Starter Edition 3.0
ALOT Toolbar
AOL Registration
AOL Toolbar for Firefox
AOL Toolbar for Internet Explorer
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Bandlink
Bonjour
Bud Screen
CCleaner (remove only)
CCScore
DVD Shrink 3.2
DVDFab HD Decrypter 3.1.6.2
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ewido security suite
EZ Cards (remove only)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HD Screensavers 1.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
hp officejet 4100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 4100 series
HP Product Detection
Inbox.com 3D Marine & Tropical Aquarium Screensaver
Inbox.com Toolbar
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 23
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Keyboarding Pro 4
Kodak EasyShare software
Learn2 Player (Uninstall Only)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
McAfee Total Protection
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.7)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My.Freeze.com Toolbar
MySpaceIM
Napster for Windows Media Player
Nero 6 Ultra Edition
netbrdg
OfotoXMI
QuickTime
QuickTime 3.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ResumeMaker
Rhapsody Player Engine
Safari
Seagate DiscWizard
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SFR
SFR2
SHASTA
Singlesnet
SiSoftware Sandra Professional 2003
skin0001
SKINXSDK
SoundMAX
staticcr
Stedman's Medical Dictionary for the Health Professions and Nursing 1.0
tooltips
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online DSL
Verizon Online Help & Support
Verizon Servicepoint 1.3.21
Verizon Yahoo! Applications
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip 12.0
WIRELESS
Yahoo! Browser Services
Yahoo! BrowserPlus 2.7.1
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/28/2010 7:16:37 AM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/28/2010 5:51:53 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
12/28/2010 5:51:53 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
12/28/2010 5:51:53 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/28/2010 5:31:08 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
12/28/2010 5:31:08 PM, error: Service Control Manager [7000] - The AOL Spyware Protection Service service failed to start due to the following error: The system cannot find the file specified.
12/26/2010 10:02:08 AM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 000CF18542F5 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
1/2/2011 5:17:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:16:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 05 January 2011 - 02:26 PM

Hello..

I have ran updated Malwarebytes and it finds nothing? I uninstalled Mcaffee and reinstalled Norton and it found several viruses. I rebooted and the lsass.exe and services.exe were now showing error on bootup and I had to do a XP PRO Repair Disc (Repair Mode). The computer is now bootable with no errors but the system is not running correctly.

I have the following logs:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Steve at 11:15:38.73 on Wed 01/05/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2213 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\AOL\1287028308\ee\AOLSoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1287028308\ee\AOLDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.inbox.com/?tbid=70077
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\inbox\toolbar\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn7\YTSingleInstance.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
TB: &Inbox.com Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\inbox\toolbar\ctbr.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HostManager] c:\program files\common files\aol\1287028308\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Inbox Search - tbr:iemenu
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\inbox\ssaver\CSSaver.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\steve\start menu\programs\>imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118438275578
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: maven-8110 - {5A694321-C6B7-4297-94EE-6CE972F88B78} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\inbox\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\2t25k1q2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [2004-11-22 3072]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-20 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-3 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110103.001\naveng.sys [2011-1-3 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110103.001\navex15.sys [2011-1-3 1360760]
S0 vdhoyf;vdhoyf;c:\windows\system32\drivers\dfbmcrr.sys --> c:\windows\system32\drivers\dfbmcrr.sys [?]
S2 0159391273676314mcinstcleanup;McAfee Application Installer Cleanup (0159391273676314);c:\windows\temp\015939~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015939~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1ca3eef70ca82ca;Google Update Service (gupdate1ca3eef70ca82ca);c:\program files\google\update\GoogleUpdate.exe [2009-9-26 133104]
S3 71c0a0c0-c51a-480e-b612-1c5c02e0ebdc;71c0a0c0-c51a-480e-b612-1c5c02e0ebdc;\??\g:\cds300\cds300.dll --> g:\cds300\cds300.dll [?]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI3;EraserUtilDrvI3;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi3.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI3.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido\security suite\ewidoguard.exe [2005-7-19 163904]

=============== Created Last 30 ================

2011-01-05 17:59:08 -------- d-----w- c:\program files\ESET
2011-01-05 17:28:23 98816 ----a-w- c:\windows\sed.exe
2011-01-05 17:28:23 89088 ----a-w- c:\windows\MBR.exe
2011-01-05 17:28:23 256512 ----a-w- c:\windows\PEV.exe
2011-01-05 17:28:23 161792 ----a-w- c:\windows\SWREG.exe
2011-01-05 04:32:33 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-01-05 04:18:59 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-01-05 04:17:58 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-05 04:16:58 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2011-01-05 03:51:56 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-05 03:46:37 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-05 03:46:37 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-05 03:46:37 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-05 03:46:37 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-05 03:46:15 13753 ----a-r- c:\windows\SET188.tmp
2011-01-05 03:46:09 1086058 ----a-r- c:\windows\SET17C.tmp
2011-01-05 03:46:05 1042903 ----a-r- c:\windows\SET179.tmp
2011-01-05 00:59:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Geek Squad
2011-01-03 03:57:01 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\Symantec
2011-01-03 03:56:11 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-03 03:56:11 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-03 03:55:29 -------- d-----w- c:\program files\Symantec AntiVirus
2011-01-03 01:41:16 -------- d-----w- c:\docume~1\steve\applic~1\Skinux
2010-12-25 19:02:24 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-12-25 19:02:03 -------- d-----w- c:\program files\common files\xing shared
2010-12-25 19:01:44 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-12-25 19:01:25 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-12-24 16:46:26 -------- d-----w- C:\Stephs pics
2010-12-24 05:36:08 -------- d-----w- c:\program files\iPod
2010-12-24 05:36:03 -------- d-----w- c:\program files\iTunes
2010-12-24 05:30:25 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 02:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 00:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 20:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 11:16:39.73 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/4/2011 8:19:40 PM
System Uptime: 1/5/2011 9:42:59 AM (2 hours ago)

Motherboard: Intel Corporation | | D865GBF
Processor: Intel® Pentium® 4 CPU 2.60GHz | J2E1 | 2593/200mhz
Processor: Intel® Pentium® 4 CPU 2.60GHz | J2E1 | 2593/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 5.864 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 12.466 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 14.197 GiB free.
F: is FIXED (NTFS) - 34 GiB total, 27.666 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 466 GiB total, 463.418 GiB free.
N: is CDROM ()
O: is Removable
P: is Removable
Q: is Removable
R: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Acrobat.com
Ad-aware 6 Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe® Photoshop® Album Starter Edition 3.0
ALOT Toolbar
AOL Registration
AOL Toolbar for Firefox
AOL Toolbar for Internet Explorer
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Bandlink
Bonjour
CCleaner (remove only)
CCScore
DVD Shrink 3.2
DVDFab HD Decrypter 3.1.6.2
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ewido security suite
EZ Cards (remove only)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HD Screensavers 1.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Memories Disc
hp officejet 4100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 4100 series
HP Product Detection
Inbox.com 3D Marine & Tropical Aquarium Screensaver
Inbox.com Toolbar
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 23
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Keyboarding Pro 4
Kodak EasyShare software
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.7)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MySpaceIM
Napster for Windows Media Player
Nero 6 Ultra Edition
netbrdg
OfotoXMI
QuickTime
QuickTime 3.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ResumeMaker
Rhapsody Player Engine
Safari
Seagate DiscWizard
SFR
SFR2
SHASTA
Singlesnet
SiSoftware Sandra Professional 2003
skin0001
SKINXSDK
SoundMAX
staticcr
Stedman's Medical Dictionary for the Health Professions and Nursing 1.0
Symantec AntiVirus
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Verizon Online DSL
Verizon Online Help & Support
Verizon Servicepoint 1.3.21
Verizon Yahoo! Applications
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch
WebFldrs XP
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinZip 12.0
WIRELESS
Yahoo! Browser Services
Yahoo! BrowserPlus 2.7.1
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/30/2010 8:32:56 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
12/30/2010 8:32:56 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
12/30/2010 8:32:56 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/5/2011 9:26:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL sf SPBBCDrv SYMTDI Tcpip
1/4/2011 8:32:39 PM, error: DCOM [10005] - DCOM got error "%1083" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/4/2011 8:31:47 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
1/4/2011 8:31:47 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
1/4/2011 8:31:30 PM, error: DCOM [10005] - DCOM got error "%1083" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/4/2011 8:21:53 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
1/4/2011 8:14:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
1/4/2011 8:03:10 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
1/2/2011 7:14:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/2/2011 7:12:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
1/2/2011 6:33:26 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MFESMFK\0000 disappeared from the system without first being prepared for removal.
1/2/2011 6:33:26 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MFERKDK\0000 disappeared from the system without first being prepared for removal.
1/2/2011 6:33:26 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without first being prepared for removal.
1/2/2011 6:33:26 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without first being prepared for removal.
1/2/2011 6:33:26 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without first being prepared for removal.
1/2/2011 5:40:21 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
1/2/2011 5:40:21 PM, error: Service Control Manager [7000] - The AOL Spyware Protection Service service failed to start due to the following error: The system cannot find the file specified.
1/2/2011 5:32:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2011 5:17:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 5:17:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2011 4:56:03 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

==== End Of File ===========================

#3 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 05 January 2011 - 02:27 PM

I have also ran ComboFic with the folllowing results:

ComboFix 11-01-02.02 - Steve 01/05/2011 9:32.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2777 [GMT -8:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Application Data\Microsoft
c:\documents and settings\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
c:\documents and settings\Steve\Application Data\alot
c:\documents and settings\Steve\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Steve\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Steve\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Steve\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Steve\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Steve\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Steve\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Steve\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Steve\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Steve\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Steve\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Steve\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Steve\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Steve\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Steve\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Steve\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Steve\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Steve\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Steve\Application Data\alot\products\products.xml
c:\documents and settings\Steve\Application Data\alot\products\products.xml.backup
c:\documents and settings\Steve\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Steve\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Steve\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_3\images\6057_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_3\images\6057_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_4\images\2827_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_4\images\2827_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_5\images\5973_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_5\images\5973_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\clear.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\cloudy.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\mcloud.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\nclear.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\nmcloud.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\pcloud.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\rain.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\shower.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_6\images\snow.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_7\images\5809_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_7\images\5809_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_8\images\3562_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_8\images\3562_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\Button_9\images\4539_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Button_9\images\4539_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Steve\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Steve\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Steve\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\Steve\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\Steve\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Steve\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Steve\Application Data\alot\toolbar.xml
c:\documents and settings\Steve\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Steve\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Steve\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Steve\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Steve\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Steve\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Steve\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Steve\GoToAssistDownloadHelper.exe
c:\windows\system32\a.dll
c:\windows\system32\coredb
c:\windows\system32\coredb\storage
c:\windows\system32\d.dll
c:\windows\system32\drivers\atmapi.sys
c:\windows\system32\n.dll
c:\windows\system32\o.dll
c:\windows\system32\p.dll
c:\windows\system32\vvvvvvvvvvv
c:\windows\worklog0

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SYSREST.SYS
-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))
.

2011-01-05 04:33 . 2011-01-05 04:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2011-01-05 04:32 . 2004-11-02 15:58 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-01-05 04:18 . 2001-08-23 21:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-01-05 04:17 . 2001-08-23 21:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-05 04:16 . 2004-08-04 06:31 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2011-01-05 04:15 . 2011-01-05 04:15 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-01-05 03:51 . 2004-08-04 06:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-05 03:46 . 2001-08-23 21:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-05 03:46 . 2001-08-23 21:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-05 03:46 . 2001-08-23 21:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-05 03:46 . 2001-08-23 21:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-05 03:46 . 2004-08-04 09:58 13753 ----a-r- c:\windows\SET188.tmp
2011-01-05 03:46 . 2004-08-04 09:57 1086058 ----a-r- c:\windows\SET17C.tmp
2011-01-05 03:46 . 2004-08-04 10:03 1042903 ----a-r- c:\windows\SET179.tmp
2011-01-05 00:59 . 2011-01-05 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad
2011-01-03 03:57 . 2011-01-03 03:57 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Symantec
2011-01-03 03:56 . 2011-01-03 03:56 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-03 03:56 . 2011-01-03 03:56 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-03 03:55 . 2011-01-05 04:35 -------- d-----w- c:\program files\Symantec AntiVirus
2011-01-03 01:41 . 2011-01-03 01:41 -------- d-----w- c:\documents and settings\Steve\Application Data\Skinux
2011-01-03 00:50 . 2011-01-03 00:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-25 19:02 . 2010-12-25 19:02 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-12-25 19:02 . 2010-12-25 19:02 -------- d-----w- c:\program files\Common Files\xing shared
2010-12-25 19:01 . 2010-12-25 19:01 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-12-25 19:01 . 2010-12-25 19:01 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-12-24 16:46 . 2010-12-24 16:46 -------- d-----w- C:\Stephs pics
2010-12-24 05:36 . 2010-12-24 05:36 -------- d-----w- c:\program files\iPod
2010-12-24 05:36 . 2010-12-24 05:37 -------- d-----w- c:\program files\iTunes
2010-12-24 05:30 . 2010-12-24 05:30 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2008-08-21 01:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2008-08-21 01:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 02:53 . 2010-10-25 22:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 00:34 . 2007-05-13 01:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-09-16 06:35 . 2007-12-16 19:32 66408 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 . 2007-12-16 19:32 54112 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 . 2007-12-16 19:32 34688 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 . 2007-12-16 19:32 46456 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 . 2007-12-16 19:32 171880 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HostManager"="c:\program files\Common Files\AOL\1287028308\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-25 274608]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk
backup=c:\windows\pss\hp officejet 4100 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Steve\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Steve\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 18:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 08:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 15:59 126976 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 16:03 155648 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-03-23 23:26 217088 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Singlesnet]
2009-12-10 17:32 2797096 ----a-w- c:\program files\Singlesnet\Singlesnet\Singlesnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 15:27 860160 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-07-27 20:48 1388544 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
2005-03-15 09:46 196608 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2006-02-02 01:33 1880064 ----a-w- c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-04-29 16:38 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\AOL\\1287028308\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1287028308\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [11/22/2004 6:15 AM 3072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/20/2007 9:12 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/3/2011 7:47 AM 102448]
S0 vdhoyf;vdhoyf;c:\windows\system32\drivers\dfbmcrr.sys --> c:\windows\system32\drivers\dfbmcrr.sys [?]
S2 0159391273676314mcinstcleanup;McAfee Application Installer Cleanup (0159391273676314);c:\windows\TEMP\015939~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\015939~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1ca3eef70ca82ca;Google Update Service (gupdate1ca3eef70ca82ca);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2009 1:22 PM 133104]
S3 71c0a0c0-c51a-480e-b612-1c5c02e0ebdc;71c0a0c0-c51a-480e-b612-1c5c02e0ebdc;\??\g:\cds300\cds300.dll --> g:\cds300\cds300.dll [?]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI3;EraserUtilDrvI3;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI3.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI3.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-04 08:56 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2005-12-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 4100 series5E771253C1676EBED677BF361FDFC537825E15B8118619697.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

2011-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 02:15]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 21:22]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 21:22]

2011-01-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1580818891-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1580818891-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/?tbid=70077
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Inbox Search - tbr:iemenu
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Inbox\SSaver\CSSaver.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Steve\Start Menu\Programs\>IMVU\Run IMVU.lnk
Handler: maven-8110 - {5A694321-C6B7-4297-94EE-6CE972F88B78} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Inbox\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\2t25k1q2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AOL Fast Start - c:\program files\AOL 9.1\AOL.EXE
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1198649282\ee\AOLSoftware.exe
MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe
AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe
AddRemove-AOL Toolbar 5.0 - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe
AddRemove-Maven.c7a01b4da7a51c1a3c14ea9530e643d0 - f:\program files\Bud Screen\bin\bin-0\Bud Screen.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-05 09:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_045e&Pid_00e5&Col02\6&1cfaad84&0&0001\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\ewido\security suite\ewidoctrl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\AOL\1287028308\ee\AOLDesktop.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-01-05 09:52:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-05 17:52

Pre-Run: 3,698,835,456 bytes free
Post-Run: 3,778,531,328 bytes free

- - End Of File - - 44C8F0E8798D1319B2F7BC62827C5388

Edited by Orange Blossom, 08 January 2011 - 11:46 PM.
Merged topics. Posts 2 and 3 from 2nd topic. ~ OB


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:47 PM

Posted 08 January 2011 - 01:18 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



IMPORTANT NOTE: :exclame:

If the system has been used after topic creation time we need to take a look at fresh logs. So, please post fresh copies of dds.




Regards,
Georgi :hello:

cXfZ4wS.png


#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 15 January 2011 - 10:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users