Solved Windows Installer problem

[Resolved] Windows Installer problem

I, too, keep getting the error Windows installer 1.2. I have to hit cancel to get past it. I ran the scan and saved as you suggested but how do I now upload it to this thread?

 

Welcome to WindowsBBS 1andtwins

Just highlight and copy the contents of the reports then open a reply window to this topic and paste it in.

Please provide a bit more detail about the problem you're having too. Thanks!

 

Any time I open internet explorer I get a message that states I need to install "search stteings 1.2 ", when I click o.k. internet explorer shuts down. I have to click cancel each time for the message to go away. It pops up EVERY time I try to open internet explorer. After reading your sight, it says to run a "test" (which I did). I will know post what it said:
DDS (Ver_09-01-18.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/3/2007 9:23:13 AM
System Uptime: 1/18/2009 2:11:38 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 196.227 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP583: 10/20/2008 5:43:02 PM - System Checkpoint
RP584: 10/21/2008 5:53:29 PM - System Checkpoint
RP585: 10/22/2008 9:52:09 PM - System Checkpoint
RP586: 10/23/2008 11:00:43 PM - System Checkpoint
RP587: 10/24/2008 3:00:13 AM - Software Distribution Service 3.0
RP588: 10/25/2008 3:10:32 AM - System Checkpoint
RP589: 10/26/2008 4:22:32 AM - System Checkpoint
RP590: 10/27/2008 5:22:32 AM - System Checkpoint
RP591: 10/28/2008 6:10:34 AM - System Checkpoint
RP592: 10/29/2008 6:22:32 AM - System Checkpoint
RP593: 10/30/2008 7:27:39 AM - System Checkpoint
RP594: 10/31/2008 8:30:41 AM - System Checkpoint
RP595: 11/1/2008 10:43:48 AM - System Checkpoint
RP596: 11/2/2008 10:20:52 AM - System Checkpoint
RP597: 11/3/2008 10:35:46 AM - System Checkpoint
RP598: 11/4/2008 11:10:34 AM - System Checkpoint
RP599: 11/5/2008 11:13:09 AM - System Checkpoint
RP600: 11/6/2008 12:10:34 PM - System Checkpoint
RP601: 11/7/2008 1:11:37 PM - System Checkpoint
RP602: 11/8/2008 1:37:00 PM - System Checkpoint
RP603: 11/9/2008 2:40:08 PM - System Checkpoint
RP604: 11/10/2008 3:01:52 PM - System Checkpoint
RP605: 11/11/2008 3:02:57 PM - System Checkpoint
RP606: 11/12/2008 3:00:17 AM - Software Distribution Service 3.0
RP607: 11/13/2008 3:12:31 AM - System Checkpoint
RP608: 11/14/2008 5:12:34 AM - System Checkpoint
RP609: 11/15/2008 5:24:31 AM - System Checkpoint
RP610: 11/16/2008 6:12:31 AM - System Checkpoint
RP611: 11/17/2008 6:24:32 AM - System Checkpoint
RP612: 11/18/2008 8:22:30 AM - System Checkpoint
RP613: 11/19/2008 9:12:32 AM - System Checkpoint
RP614: 11/20/2008 9:20:05 AM - System Checkpoint
RP615: 11/21/2008 9:39:10 AM - System Checkpoint
RP616: 11/22/2008 11:01:09 AM - System Checkpoint
RP617: 11/23/2008 11:24:31 AM - System Checkpoint
RP618: 11/24/2008 12:12:31 PM - System Checkpoint
RP619: 11/25/2008 1:12:31 PM - System Checkpoint
RP620: 11/26/2008 1:24:31 PM - System Checkpoint
RP621: 11/27/2008 2:12:31 PM - System Checkpoint
RP622: 11/28/2008 2:24:31 PM - System Checkpoint
RP623: 11/29/2008 3:24:31 PM - System Checkpoint
RP624: 11/30/2008 4:24:31 PM - System Checkpoint
RP625: 12/1/2008 5:24:32 PM - System Checkpoint
RP626: 12/2/2008 5:54:48 PM - System Checkpoint
RP627: 12/3/2008 6:13:37 PM - System Checkpoint
RP628: 12/4/2008 6:30:36 PM - System Checkpoint
RP629: 12/5/2008 7:56:24 PM - System Checkpoint
RP630: 12/6/2008 8:28:20 PM - System Checkpoint
RP631: 12/7/2008 8:11:16 PM - Restore Operation
RP632: 12/8/2008 9:42:38 PM - System Checkpoint
RP633: 12/9/2008 10:19:46 PM - System Checkpoint
RP634: 12/10/2008 10:26:01 PM - System Checkpoint
RP635: 12/11/2008 11:07:45 PM - System Checkpoint
RP636: 12/12/2008 3:00:26 AM - Software Distribution Service 3.0
RP637: 12/12/2008 7:00:49 AM - Shockwave Player
RP638: 12/13/2008 7:26:08 AM - System Checkpoint
RP639: 12/14/2008 9:18:14 AM - System Checkpoint
RP640: 12/15/2008 10:42:03 AM - System Checkpoint
RP641: 12/16/2008 11:26:47 AM - System Checkpoint
RP642: 12/17/2008 12:09:17 PM - System Checkpoint
RP643: 12/18/2008 3:00:14 AM - Software Distribution Service 3.0
RP644: 12/19/2008 3:22:45 AM - System Checkpoint
RP645: 12/20/2008 4:10:42 AM - System Checkpoint
RP646: 12/20/2008 11:16:14 PM - Removed Qualxserve Service Agreement
RP647: 12/21/2008 11:33:35 PM - System Checkpoint
RP648: 12/22/2008 11:44:28 PM - System Checkpoint
RP649: 12/23/2008 11:47:28 PM - System Checkpoint
RP650: 12/25/2008 12:33:33 AM - System Checkpoint
RP651: 12/26/2008 1:33:35 AM - System Checkpoint
RP652: 12/27/2008 2:21:33 AM - System Checkpoint
RP653: 12/28/2008 3:33:35 AM - System Checkpoint
RP654: 12/29/2008 4:21:33 AM - System Checkpoint
RP655: 12/30/2008 4:33:33 AM - System Checkpoint
RP656: 12/31/2008 5:33:33 AM - System Checkpoint
RP657: 1/1/2009 6:21:33 AM - System Checkpoint
RP658: 1/2/2009 7:33:33 AM - System Checkpoint
RP659: 1/3/2009 8:21:33 AM - System Checkpoint
RP660: 1/4/2009 9:33:33 AM - System Checkpoint
RP661: 1/5/2009 10:33:33 AM - System Checkpoint
RP662: 1/6/2009 11:22:38 AM - System Checkpoint
RP663: 1/7/2009 12:33:33 PM - System Checkpoint
RP664: 1/8/2009 1:33:34 PM - System Checkpoint
RP665: 1/9/2009 2:33:33 PM - System Checkpoint
RP666: 1/10/2009 3:32:03 PM - System Checkpoint
RP667: 1/11/2009 4:21:33 PM - System Checkpoint
RP668: 1/12/2009 5:26:06 PM - System Checkpoint
RP669: 1/13/2009 6:29:22 PM - System Checkpoint
RP670: 1/14/2009 3:00:14 AM - Software Distribution Service 3.0
RP671: 1/15/2009 3:12:17 AM - System Checkpoint
RP672: 1/16/2009 3:25:49 AM - System Checkpoint
RP673: 1/17/2009 4:24:19 AM - System Checkpoint
RP674: 1/18/2009 5:24:17 AM - System Checkpoint

==== Installed Programs ======================

926plc32
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
Atari Anniversary Edition
Backyard Skateboarding
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
Custom Info
Dealio Toolbar 3.4
Dell CinePlayer
Dell Driver Reset Tool
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.2.1
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
EarthLink Common
EarthLink FastLane
EarthLink IM
EarthLink MailBox
EarthLink MDAC
EarthLink Popup Blocker
EarthLink Redistributed
EarthLink Setup
EarthLink TAR
EarthLink TotalAccess 2003
EarthLink Update Manager
EarthLink Webspace
eFax Messenger 4.3
ELNBonus
Fish Tycoon Free Trial
FUJIFILM USB Driver
Games, Music, & Photos Launcher
getPlus(R) for Adobe
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Internet Service Offers Launcher
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Modem Helper
MSN
MSN Toolbar
MSSoap
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Web Search (My Fun Cards)
NetWaiting
NetZeroInstallers
NickToons Winners Cup Racing
Norton PC Checkup
NVIDIA Drivers
Photo Viewer
Picasa 3
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Search Settings 1.2
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sonic Activation Module
Sonic Update Manager
Study Helpers Math Booster
Study Helpers Spelling Bee
The Weather Channel Desktop 6
The Weather Channel Toolbar
Typing Instructor Deluxe
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
URL Assistant
Viewpoint Media Player
Vstascan
Wal-Mart Digital Photo Manager
Weather Services
WebFldrs XP
Webshots Desktop
Webshots Toolbar
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
Zoo Tycoon 2

==== Event Viewer Messages From Past Week ========

1/12/2009 7:20:53 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/14/2009 3:09:03 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/18/2009 10:10:56 AM, error: Print [6161] - The document http://www.cars.com/go/googlemaps/map.jsp?paId=296128366&seller owned by Robin McCullough failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 689834. Number of bytes printed: 689834. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D7J5SVC1. Win32 error code returned by the print processor: 0 (0x0).
1/18/2009 12:42:56 PM, error: Print [6161] - The document Fixed Price Winners.xls owned by Robin McCullough failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 762756. Number of bytes printed: 762756. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7J5SVC1. Win32 error code returned by the print processor: 0 (0x0).
1/18/2009 12:54:38 PM, error: Print [22] - Failed to ugrade printer settings for printer Dell Photo AIO Printer 926 driver Dell Photo AIO Printer 926 error 1814.
1/18/2009 1:03:21 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Robin McCullough failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 9488. Number of bytes printed: 9488. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7J5SVC1. Win32 error code returned by the print processor: 0 (0x0).
1/18/2009 1:08:00 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

==== End Of File ===========================
DDS (Ver_09-01-18.01) - NTFSx86
Run by Robin McCullough at 14:29:29.04 on Sun 01/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1502 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robin McCullough\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: PnIEBrowserHelperObj Class: {4b5f2e08-6f39-479a-b547-b2026e4c7edf} - c:\program files\earthlink totalaccess\PnEL.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: DealioBHO Class: {6a87b991-a31f-4130-ae72-6d0c294bf082} - c:\program files\dealio\kb127\Dealio.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Pop-Up Blocker: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\WSToolbar4IE.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: Dealio: {e67c74f4-a00a-4f2c-9fec-fd9dc004a67f} - c:\program files\dealio\kb127\Dealio.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {C75C8E7E-5059-4469-AC11-D7544B260382} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [Atari Launcher 2] c:\program files\infogrames\atari anniversary edition\volume 2\Atari icon.exe
mRun: [AtariBanner] "c:\program files\infogrames\atari anniversary edition\volume 2\Banner.exe" /0
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [au] c:\program files\dealio\DealioAU.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe "
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe "
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\robinm~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYUS
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Compare Prices with &Dealio - c:\documents and settings\robin mccullough\application data\dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA} - c:\program files\dealio\kb127\Dealio.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-4-23 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-4-23 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-4-23 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-4-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-4-23 40488]
R4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-4-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-4-23 144704]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-27 24652]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-4-23 33832]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-5-3 15576]

=============== Created Last 30 ================

2009-01-18 12:52 <DIR> --d----- c:\program files\common files\Corel
2009-01-18 12:52 <DIR> --d----- c:\program files\Corel
2009-01-18 12:50 323,584 a------- c:\windows\system32\dlcxhcp.dll
2009-01-18 12:50 274,432 a------- c:\windows\system32\dlcxinst.dll
2009-01-18 12:50 <DIR> --d----- c:\program files\Dell Photo AIO Printer 926
2008-12-23 15:43 <DIR> --d----- c:\docume~1\robinm~1\applic~1\Search Settings
2008-12-23 15:43 <DIR> --d----- c:\program files\Search Settings
2008-12-23 15:42 <DIR> --d----- c:\program files\Dealio
2008-12-23 15:42 <DIR> --d----- c:\docume~1\robinm~1\applic~1\Dealio
2008-12-22 19:43 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-12-13 00:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-17 14:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-04 07:37 75,776 a------- c:\docume~1\robinm~1\applic~1\GDIPFONTCACHEV1.DAT
2008-03-26 15:50 60,968 a------- c:\documents and settings\robin mccullough\GoToAssistDownloadHelper.exe
2007-11-10 14:38 716,193 a------- c:\program files\address book.WAB
2008-05-01 08:54 104 ---shr-- c:\windows\system32\0C6ADA4348.sys
2008-05-01 08:54 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-24 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 14:30:13.43 ===============

 

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Here is my report from Combofix
ComboFix 09-01-19.05 - Robin McCullough 2009-01-20 11:57:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1524 [GMT -6:00]
Running from: c:\documents and settings\Robin McCullough\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robin McCullough\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\001CB58C
c:\program files\FunWebProducts\ScreenSaver\Cache\1FDCFFC5.jpg
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\001CE055.dat
c:\program files\FunWebProducts\ScreenSaver\Images\05CA5C7F.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0C29844D.dat
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\05CA5C7F.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\0C29844D.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\14859B37.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\1F1D6357.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\1FBA946E.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\1FB97D80.urr
c:\program files\FunWebProducts\ScreenSaver\Images\1FBA80F6.urr
c:\program files\FunWebProducts\ScreenSaver\Images\1FBA946E.dat
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\14F84AD6.dat
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\14ED6CCB
c:\program files\MyWebSearch\bar\Cache\14ED80A1
c:\program files\MyWebSearch\bar\Cache\14ED8218.bin
c:\program files\MyWebSearch\bar\Cache\14ED9012.bin
c:\program files\MyWebSearch\bar\Cache\14ED91B8.bin
c:\program files\MyWebSearch\bar\Cache\14ED9DDD.bin
c:\program files\MyWebSearch\bar\Cache\14F2AEDC.bin
c:\program files\MyWebSearch\bar\Cache\14F2BB8E.bin
c:\program files\MyWebSearch\bar\Cache\14F2C795.bin
c:\program files\MyWebSearch\bar\Cache\14F2D3CA.bin
c:\program files\MyWebSearch\bar\Cache\1FB0CA25.bin
c:\program files\MyWebSearch\bar\Cache\1FB0CB9C.bin
c:\program files\MyWebSearch\bar\Cache\1FB0CC86.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\recycler\ADAPT_Installer.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-18 12:52 . 2009-01-18 12:53 <DIR> d-------- c:\program files\Corel
2009-01-18 12:52 . 2009-01-18 12:52 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-18 12:50 . 2009-01-18 12:54 <DIR> d-------- c:\program files\Dell Photo AIO Printer 926
2009-01-18 12:50 . 2006-10-11 15:38 323,584 --a------ c:\windows\system32\dlcxhcp.dll
2009-01-18 12:50 . 2006-10-11 15:51 274,432 --a------ c:\windows\system32\dlcxinst.dll
2008-12-23 15:43 . 2008-12-23 15:43 <DIR> d-------- c:\program files\Search Settings
2008-12-23 15:43 . 2009-01-20 11:44 <DIR> d-------- c:\documents and settings\Robin McCullough\Application Data\Search Settings
2008-12-23 15:42 . 2008-12-23 15:42 <DIR> d-------- c:\program files\Dealio
2008-12-23 15:42 . 2008-12-23 15:42 <DIR> d-------- c:\documents and settings\Robin McCullough\Application Data\Dealio
2008-12-22 19:43 . 2008-12-22 19:43 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 18:02 --------- d-----w c:\program files\dl_cats
2009-01-18 23:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-18 18:58 --------- d-----w c:\program files\Dell PC Fax
2009-01-18 18:52 --------- d-----w c:\program files\Dell
2009-01-18 18:47 --------- d-----w c:\program files\McAfee
2009-01-18 18:44 --------- d-----w c:\program files\QuickTime
2009-01-18 18:44 --------- d-----w c:\program files\Coupons
2008-12-23 23:03 --------- d-----w c:\program files\Piolet
2008-12-17 13:22 --------- d-----w c:\program files\Norton PC Checkup
2008-12-16 23:27 --------- d-----w c:\program files\Google
2008-12-16 23:20 --------- d-----w c:\program files\Picasa2
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 01:50 --------- d-----w c:\program files\iTunes
2008-12-09 01:50 --------- d-----w c:\program files\iPod
2008-12-09 01:50 --------- d-----w c:\program files\Common Files\Apple
2008-12-09 01:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 01:37 --------- d-----w c:\program files\Safari
2008-10-04 13:37 75,776 ----a-w c:\documents and settings\Robin McCullough\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 21:50 60,968 ----a-w c:\documents and settings\Robin McCullough\GoToAssistDownloadHelper.exe
2007-11-10 20:38 716,193 ----a-w c:\program files\address book.WAB
2008-05-01 14:54 104 --sh--r c:\windows\system32\0C6ADA4348.sys
2008-05-01 14:54 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-24 20:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"DW6 "= "c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"FaxCenterServer "= "c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Atari Launcher 2 "= "c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe" [2001-05-22 55296]
"AtariBanner "= "c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 49152]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"au "= "c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"dlcxmon.exe "= "c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DLCXCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]

c:\documents and settings\Robin McCullough\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-05-11 157008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-03-26 15:50 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Robin McCullough^Start Menu^Programs^Startup^Backyard Skateboarding Registration.lnk]
path=c:\documents and settings\Robin McCullough\Start Menu\Programs\Startup\Backyard Skateboarding Registration.lnk
backup=c:\windows\pss\Backyard Skateboarding Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 09:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 19:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 03:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
--a------ 2007-01-12 10:57 292336 c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 01:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
--a------ 2003-05-19 09:43 577536 c:\program files\EarthLink TotalAccess\TaskPanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 11:21 116224 c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 16:09 312200 c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-04-23 11:53 169984 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-07-06 05:15 151552 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-04 01:33 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2006-11-03 16:04 304008 c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
--a------ 2007-11-26 09:46 141640 c:\program files\McAfee\MSK\mskagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-16 06:39 7323648 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-20 19:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-23 15:09 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-07-24 08:20 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\WINDOWS\\system32\\dlcxcoms.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP "= 8097:TCP:EarthLink UHP Modem Support
"135:TCP "= 135:TCP:TCP Port 135
"5000:TCP "= 5000:TCP:TCP Port 5000
"5001:TCP "= 5001:TCP:TCP Port 5001
"5002:TCP "= 5002:TCP:TCP Port 5002
"5003:TCP "= 5003:TCP:TCP Port 5003
"5004:TCP "= 5004:TCP:TCP Port 5004
"5005:TCP "= 5005:TCP:TCP Port 5005
"5006:TCP "= 5006:TCP:TCP Port 5006
"5007:TCP "= 5007:TCP:TCP Port 5007
"5008:TCP "= 5008:TCP:TCP Port 5008
"5009:TCP "= 5009:TCP:TCP Port 5009
"5010:TCP "= 5010:TCP:TCP Port 5010
"5011:TCP "= 5011:TCP:TCP Port 5011
"5012:TCP "= 5012:TCP:TCP Port 5012
"5013:TCP "= 5013:TCP:TCP Port 5013
"5014:TCP "= 5014:TCP:TCP Port 5014
"5015:TCP "= 5015:TCP:TCP Port 5015
"5016:TCP "= 5016:TCP:TCP Port 5016
"5017:TCP "= 5017:TCP:TCP Port 5017
"5018:TCP "= 5018:TCP:TCP Port 5018
"5019:TCP "= 5019:TCP:TCP Port 5019
"5020:TCP "= 5020:TCP:TCP Port 5020

R4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-27 24652]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-05-03 15576]
.
Contents of the 'Scheduled Tasks' folder

2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-15 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:22]

2009-01-18 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:22]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-DW4 - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-PopularScreensaversWallpaper - c:\progra~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYUS
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Compare Prices with &Dealio - c:\documents and settings\Robin McCullough\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 12:02:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Webshots\Webshots.scr
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-20 12:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-20 18:04:50

Pre-Run: 214,793,068,544 bytes free
Post-Run: 216,135,249,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

415 --- E O F --- 2009-01-14 09:02:10

 

Did you knowingly install Delio and Search Settings?

 

no I did not. Do I need these?

 

No, you don't need them. They are generally considered adware. See if they are listed in the Add/Remove programs list and uninstall them if so, then run DDS again and post the DDS.txt file created.

 

After I ran the Combo fix, the "problem" went away. Should I still remove Delio and Search Settings? Also, when you say run DDS, is that combofix? Thank you for being patient with me. I really appreciate your help.

 

Yes, you should uninstall Delio and Search Settings if they are listed in the Add/Remove programs list.

DDS is the initial scan tool obtained here.

 

Here is DDS report:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/3/2007 9:23:13 AM
System Uptime: 1/22/2009 9:22:34 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 201.201 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP588: 10/25/2008 3:10:32 AM - System Checkpoint
RP589: 10/26/2008 4:22:32 AM - System Checkpoint
RP590: 10/27/2008 5:22:32 AM - System Checkpoint
RP591: 10/28/2008 6:10:34 AM - System Checkpoint
RP592: 10/29/2008 6:22:32 AM - System Checkpoint
RP593: 10/30/2008 7:27:39 AM - System Checkpoint
RP594: 10/31/2008 8:30:41 AM - System Checkpoint
RP595: 11/1/2008 10:43:48 AM - System Checkpoint
RP596: 11/2/2008 10:20:52 AM - System Checkpoint
RP597: 11/3/2008 10:35:46 AM - System Checkpoint
RP598: 11/4/2008 11:10:34 AM - System Checkpoint
RP599: 11/5/2008 11:13:09 AM - System Checkpoint
RP600: 11/6/2008 12:10:34 PM - System Checkpoint
RP601: 11/7/2008 1:11:37 PM - System Checkpoint
RP602: 11/8/2008 1:37:00 PM - System Checkpoint
RP603: 11/9/2008 2:40:08 PM - System Checkpoint
RP604: 11/10/2008 3:01:52 PM - System Checkpoint
RP605: 11/11/2008 3:02:57 PM - System Checkpoint
RP606: 11/12/2008 3:00:17 AM - Software Distribution Service 3.0
RP607: 11/13/2008 3:12:31 AM - System Checkpoint
RP608: 11/14/2008 5:12:34 AM - System Checkpoint
RP609: 11/15/2008 5:24:31 AM - System Checkpoint
RP610: 11/16/2008 6:12:31 AM - System Checkpoint
RP611: 11/17/2008 6:24:32 AM - System Checkpoint
RP612: 11/18/2008 8:22:30 AM - System Checkpoint
RP613: 11/19/2008 9:12:32 AM - System Checkpoint
RP614: 11/20/2008 9:20:05 AM - System Checkpoint
RP615: 11/21/2008 9:39:10 AM - System Checkpoint
RP616: 11/22/2008 11:01:09 AM - System Checkpoint
RP617: 11/23/2008 11:24:31 AM - System Checkpoint
RP618: 11/24/2008 12:12:31 PM - System Checkpoint
RP619: 11/25/2008 1:12:31 PM - System Checkpoint
RP620: 11/26/2008 1:24:31 PM - System Checkpoint
RP621: 11/27/2008 2:12:31 PM - System Checkpoint
RP622: 11/28/2008 2:24:31 PM - System Checkpoint
RP623: 11/29/2008 3:24:31 PM - System Checkpoint
RP624: 11/30/2008 4:24:31 PM - System Checkpoint
RP625: 12/1/2008 5:24:32 PM - System Checkpoint
RP626: 12/2/2008 5:54:48 PM - System Checkpoint
RP627: 12/3/2008 6:13:37 PM - System Checkpoint
RP628: 12/4/2008 6:30:36 PM - System Checkpoint
RP629: 12/5/2008 7:56:24 PM - System Checkpoint
RP630: 12/6/2008 8:28:20 PM - System Checkpoint
RP631: 12/7/2008 8:11:16 PM - Restore Operation
RP632: 12/8/2008 9:42:38 PM - System Checkpoint
RP633: 12/9/2008 10:19:46 PM - System Checkpoint
RP634: 12/10/2008 10:26:01 PM - System Checkpoint
RP635: 12/11/2008 11:07:45 PM - System Checkpoint
RP636: 12/12/2008 3:00:26 AM - Software Distribution Service 3.0
RP637: 12/12/2008 7:00:49 AM - Shockwave Player
RP638: 12/13/2008 7:26:08 AM - System Checkpoint
RP639: 12/14/2008 9:18:14 AM - System Checkpoint
RP640: 12/15/2008 10:42:03 AM - System Checkpoint
RP641: 12/16/2008 11:26:47 AM - System Checkpoint
RP642: 12/17/2008 12:09:17 PM - System Checkpoint
RP643: 12/18/2008 3:00:14 AM - Software Distribution Service 3.0
RP644: 12/19/2008 3:22:45 AM - System Checkpoint
RP645: 12/20/2008 4:10:42 AM - System Checkpoint
RP646: 12/20/2008 11:16:14 PM - Removed Qualxserve Service Agreement
RP647: 12/21/2008 11:33:35 PM - System Checkpoint
RP648: 12/22/2008 11:44:28 PM - System Checkpoint
RP649: 12/23/2008 11:47:28 PM - System Checkpoint
RP650: 12/25/2008 12:33:33 AM - System Checkpoint
RP651: 12/26/2008 1:33:35 AM - System Checkpoint
RP652: 12/27/2008 2:21:33 AM - System Checkpoint
RP653: 12/28/2008 3:33:35 AM - System Checkpoint
RP654: 12/29/2008 4:21:33 AM - System Checkpoint
RP655: 12/30/2008 4:33:33 AM - System Checkpoint
RP656: 12/31/2008 5:33:33 AM - System Checkpoint
RP657: 1/1/2009 6:21:33 AM - System Checkpoint
RP658: 1/2/2009 7:33:33 AM - System Checkpoint
RP659: 1/3/2009 8:21:33 AM - System Checkpoint
RP660: 1/4/2009 9:33:33 AM - System Checkpoint
RP661: 1/5/2009 10:33:33 AM - System Checkpoint
RP662: 1/6/2009 11:22:38 AM - System Checkpoint
RP663: 1/7/2009 12:33:33 PM - System Checkpoint
RP664: 1/8/2009 1:33:34 PM - System Checkpoint
RP665: 1/9/2009 2:33:33 PM - System Checkpoint
RP666: 1/10/2009 3:32:03 PM - System Checkpoint
RP667: 1/11/2009 4:21:33 PM - System Checkpoint
RP668: 1/12/2009 5:26:06 PM - System Checkpoint
RP669: 1/13/2009 6:29:22 PM - System Checkpoint
RP670: 1/14/2009 3:00:14 AM - Software Distribution Service 3.0
RP671: 1/15/2009 3:12:17 AM - System Checkpoint
RP672: 1/16/2009 3:25:49 AM - System Checkpoint
RP673: 1/17/2009 4:24:19 AM - System Checkpoint
RP674: 1/18/2009 5:24:17 AM - System Checkpoint
RP675: 1/19/2009 6:15:44 AM - System Checkpoint
RP676: 1/20/2009 6:27:45 AM - System Checkpoint
RP677: 1/20/2009 11:55:03 AM - ComboFix created restore point
RP678: 1/21/2009 12:05:25 PM - System Checkpoint
RP679: 1/22/2009 12:06:30 PM - System Checkpoint
RP680: 1/22/2009 9:18:35 PM - Removed Dealio Toolbar 3.4.
RP681: 1/22/2009 9:21:23 PM - Removed Search Settings 1.2.

==== Installed Programs ======================

926plc32
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
Atari Anniversary Edition
Backyard Skateboarding
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
Custom Info
Dell CinePlayer
Dell Driver Reset Tool
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.2.1
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
EarthLink Common
EarthLink FastLane
EarthLink IM
EarthLink MailBox
EarthLink MDAC
EarthLink Popup Blocker
EarthLink Redistributed
EarthLink Setup
EarthLink TAR
EarthLink TotalAccess 2003
EarthLink Update Manager
EarthLink Webspace
eFax Messenger 4.3
ELNBonus
Fish Tycoon Free Trial
FUJIFILM USB Driver
Games, Music, & Photos Launcher
getPlus(R) for Adobe
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Internet Service Offers Launcher
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Modem Helper
MSN
MSN Toolbar
MSSoap
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Web Search (My Fun Cards)
NetWaiting
NetZeroInstallers
NickToons Winners Cup Racing
Norton PC Checkup
NVIDIA Drivers
Photo Viewer
Picasa 3
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sonic Activation Module
Sonic Update Manager
Study Helpers Math Booster
Study Helpers Spelling Bee
The Weather Channel Desktop 6
The Weather Channel Toolbar
Typing Instructor Deluxe
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
URL Assistant
Viewpoint Media Player
Vstascan
Wal-Mart Digital Photo Manager
Weather Services
WebFldrs XP
Webshots Desktop
Webshots Toolbar
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
Zoo Tycoon 2

==== Event Viewer Messages From Past Week ========

1/22/2009 9:18:46 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/18/2009 1:08:00 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/18/2009 1:03:21 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Robin McCullough failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 9488. Number of bytes printed: 9488. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7J5SVC1. Win32 error code returned by the print processor: 0 (0x0).
1/18/2009 12:54:38 PM, error: Print [22] - Failed to ugrade printer settings for printer Dell Photo AIO Printer 926 driver Dell Photo AIO Printer 926 error 1814.
1/18/2009 12:42:56 PM, error: Print [6161] - The document Fixed Price Winners.xls owned by Robin McCullough failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 762756. Number of bytes printed: 762756. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7J5SVC1. Win32 error code returned by the print processor: 0 (0x0).
1/18/2009 12:36:33 PM, error: Print [6161] - The document http://www.cars.com/go/googlemaps/map.jsp?paId=296128366&seller owned by Robin McCullough failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 689834. Number of bytes printed: 689834. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D7J5SVC1. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================

DDS (Ver_09-01-19.01) - NTFSx86
Run by Robin McCullough at 21:31:03.73 on Thu 01/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1531 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Robin McCullough\Local Settings\Temporary Internet Files\Content.IE5\516WGK4N\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: PnIEBrowserHelperObj Class: {4b5f2e08-6f39-479a-b547-b2026e4c7edf} - c:\program files\earthlink totalaccess\PnEL.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Pop-Up Blocker: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\WSToolbar4IE.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [Atari Launcher 2] c:\program files\infogrames\atari anniversary edition\volume 2\Atari icon.exe
mRun: [AtariBanner] "c:\program files\infogrames\atari anniversary edition\volume 2\Banner.exe" /0
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe "
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe "
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\robinm~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYUS
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194268425687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-4-23 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-4-23 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-4-23 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-4-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-4-23 40488]
R4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-4-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-4-23 144704]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-27 24652]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-4-23 33832]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-5-3 15576]

=============== Created Last 30 ================

2009-01-20 13:34 <DIR> --d----- c:\program files\common files\ODBC
2009-01-20 11:56 <DIR> a-dshr-- C:\cmdcons
2009-01-20 11:54 161,792 a------- c:\windows\SWREG.exe
2009-01-20 11:54 98,816 a------- c:\windows\sed.exe
2009-01-18 12:52 <DIR> --d----- c:\program files\common files\Corel
2009-01-18 12:52 <DIR> --d----- c:\program files\Corel
2009-01-18 12:50 323,584 a------- c:\windows\system32\dlcxhcp.dll
2009-01-18 12:50 274,432 a------- c:\windows\system32\dlcxinst.dll
2009-01-18 12:50 <DIR> --d----- c:\program files\Dell Photo AIO Printer 926

==================== Find3M ====================

2008-12-13 00:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-17 14:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-04 07:37 75,776 a------- c:\docume~1\robinm~1\applic~1\GDIPFONTCACHEV1.DAT
2008-03-26 15:50 60,968 a------- c:\documents and settings\robin mccullough\GoToAssistDownloadHelper.exe
2007-11-10 14:38 716,193 a------- c:\program files\address book.WAB
2008-05-01 08:54 104 ---shr-- c:\windows\system32\0C6ADA4348.sys
2008-05-01 08:54 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-24 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 21:31:29.79 ===============

 

Well done! Just a few more tidbits to clean up. Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

DDS::
mURLSearchHooks: H - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Next, do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Beginner here....I saved the text in the box but where do I go to save in a blank "notepad "?

 

You can just paste it here if you prefer.

To save in notepad, click Start>Run and type notepad
A blank notepad file will open, where you can paste the contents of the clipboard.
Now click File>Save as and give it a name and location to save.

 

ComboFix 09-01-21.04 - Robin McCullough 2009-01-23 10:43:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1432 [GMT -6:00]
Running from: c:\documents and settings\Robin McCullough\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robin McCullough\My Documents\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-18 12:52 . 2009-01-18 12:53 <DIR> d-------- c:\program files\Corel
2009-01-18 12:52 . 2009-01-18 12:52 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-18 12:50 . 2009-01-18 12:54 <DIR> d-------- c:\program files\Dell Photo AIO Printer 926
2009-01-18 12:50 . 2006-10-11 15:38 323,584 --a------ c:\windows\system32\dlcxhcp.dll
2009-01-18 12:50 . 2006-10-11 15:51 274,432 --a------ c:\windows\system32\dlcxinst.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 13:58 --------- d-----w c:\program files\dl_cats
2009-01-22 02:13 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-18 18:58 --------- d-----w c:\program files\Dell PC Fax
2009-01-18 18:52 --------- d-----w c:\program files\Dell
2009-01-18 18:47 --------- d-----w c:\program files\McAfee
2009-01-18 18:44 --------- d-----w c:\program files\QuickTime
2009-01-18 18:44 --------- d-----w c:\program files\Coupons
2008-12-23 23:03 --------- d-----w c:\program files\Piolet
2008-12-23 01:43 --------- d-----w c:\program files\Bonjour
2008-12-17 13:22 --------- d-----w c:\program files\Norton PC Checkup
2008-12-16 23:27 --------- d-----w c:\program files\Google
2008-12-16 23:20 --------- d-----w c:\program files\Picasa2
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 17:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 01:50 --------- d-----w c:\program files\iTunes
2008-12-09 01:50 --------- d-----w c:\program files\iPod
2008-12-09 01:50 --------- d-----w c:\program files\Common Files\Apple
2008-12-09 01:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 01:37 --------- d-----w c:\program files\Safari
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-04 13:37 75,776 ----a-w c:\documents and settings\Robin McCullough\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 21:50 60,968 ----a-w c:\documents and settings\Robin McCullough\GoToAssistDownloadHelper.exe
2007-11-10 20:38 716,193 ----a-w c:\program files\address book.WAB
2008-05-01 14:54 104 --sh--r c:\windows\system32\0C6ADA4348.sys
2008-05-01 14:54 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-24 20:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_12.04.12.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-12 09:03:28 167,936 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-01-20 19:34:46 167,936 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-12-12 09:03:28 2,560 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-01-20 19:34:46 2,560 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-12-12 09:03:28 34,304 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-01-20 19:34:46 34,304 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-12-12 09:03:28 8,192 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-20 19:34:46 8,192 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-12-12 09:03:28 3,584 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-01-20 19:34:47 3,584 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-12-12 09:03:28 114,688 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-01-20 19:34:47 114,688 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-12-12 09:03:28 16,384 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-01-20 19:34:46 16,384 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-12-12 09:03:28 30,720 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-01-20 19:34:46 30,720 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-12-12 09:03:28 22,528 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-01-20 19:34:47 22,528 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-12-12 09:03:28 45,056 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-01-20 19:34:46 45,056 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-12-12 09:03:28 90,112 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-01-20 19:34:46 90,112 ----a-r c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-01-20 14:06:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-23 13:33:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-20 14:06:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-23 13:33:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"DW6 "= "c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"FaxCenterServer "= "c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Atari Launcher 2 "= "c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe" [2001-05-22 55296]
"AtariBanner "= "c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 49152]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"dlcxmon.exe "= "c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DLCXCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]

c:\documents and settings\Robin McCullough\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-05-11 157008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-03-26 15:50 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Robin McCullough^Start Menu^Programs^Startup^Backyard Skateboarding Registration.lnk]
path=c:\documents and settings\Robin McCullough\Start Menu\Programs\Startup\Backyard Skateboarding Registration.lnk
backup=c:\windows\pss\Backyard Skateboarding Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 09:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 19:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 03:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
--a------ 2007-01-12 10:57 292336 c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 01:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
--a------ 2003-05-19 09:43 577536 c:\program files\EarthLink TotalAccess\TaskPanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 11:21 116224 c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 16:09 312200 c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-04-23 11:53 169984 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-07-06 05:15 151552 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-04 01:33 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2006-11-03 16:04 304008 c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
--a------ 2007-11-26 09:46 141640 c:\program files\McAfee\MSK\mskagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-16 06:39 7323648 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-20 19:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-23 15:09 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-07-24 08:20 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\WINDOWS\\system32\\dlcxcoms.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP "= 8097:TCP:EarthLink UHP Modem Support
"135:TCP "= 135:TCP:TCP Port 135
"5000:TCP "= 5000:TCP:TCP Port 5000
"5001:TCP "= 5001:TCP:TCP Port 5001
"5002:TCP "= 5002:TCP:TCP Port 5002
"5003:TCP "= 5003:TCP:TCP Port 5003
"5004:TCP "= 5004:TCP:TCP Port 5004
"5005:TCP "= 5005:TCP:TCP Port 5005
"5006:TCP "= 5006:TCP:TCP Port 5006
"5007:TCP "= 5007:TCP:TCP Port 5007
"5008:TCP "= 5008:TCP:TCP Port 5008
"5009:TCP "= 5009:TCP:TCP Port 5009
"5010:TCP "= 5010:TCP:TCP Port 5010
"5011:TCP "= 5011:TCP:TCP Port 5011
"5012:TCP "= 5012:TCP:TCP Port 5012
"5013:TCP "= 5013:TCP:TCP Port 5013
"5014:TCP "= 5014:TCP:TCP Port 5014
"5015:TCP "= 5015:TCP:TCP Port 5015
"5016:TCP "= 5016:TCP:TCP Port 5016
"5017:TCP "= 5017:TCP:TCP Port 5017
"5018:TCP "= 5018:TCP:TCP Port 5018
"5019:TCP "= 5019:TCP:TCP Port 5019
"5020:TCP "= 5020:TCP:TCP Port 5020

R4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-27 24652]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-05-03 15576]
.
Contents of the 'Scheduled Tasks' folder

2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-22 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:22]

2009-01-18 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYUS
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 10:44:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
Completion time: 2009-01-23 10:46:12
ComboFix-quarantined-files.txt 2009-01-23 16:46:02
ComboFix2.txt 2009-01-20 18:05:03

Pre-Run: 216,133,320,704 bytes free
Post-Run: 216,191,373,312 bytes free

275 --- E O F --- 2009-01-14 09:02:10

 

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 23, 2009 15:30:03
Records in database: 1675418


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 87662
Threat name 14
Infected objects 31
Suspicious objects 0
Duration of the scan 01:03:42

File name Threat name Threats count
C:\Program Files\Norton PC Checkup\executables\productScanner\downloader.vbs Infected: Trojan-Downloader.JS.Psyme.amv 1

C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

The selected area was scanned.

 

Looks great! Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.scr from your My Documents folder.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

Uninstall J2SE Runtime Environment 5.0 Update 6 and install the latest version from here.

That should finish things up.

 

Done, thanks TONS for your help.

 

I was happy to help. You're very welcome. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

Whenever I click on a link within a page (ie. in an e-mail, or on a website) it freezes us that page. I have to control, alt, delete to get out and start over. Suggestions?