Inactive Can't Update Mcafee Virus Software,can't go to Mcafee website

jhorn44 · 2009/03/29

[Inactive] Can't Update Mcafee Virus Software,can't go to Mcafee website

I can't update Mcafee Virus software. I can't go to the Mcafee update website. Google is redirected. I can't uninstall the Virus software. I get Mcafee dialog boxes that come up blank or in a foreign lanuage. I run Spysweeper, I tried running Ad-Aware and Superantispyware. They did not help.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Jeremiah at 16:04:26.56 on Sun 03/29/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1581 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SiteAdvisor\6172\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jeremiah\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080807
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080807
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe "
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe "
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe "
mRun: [SigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\sttray.exe "
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe "
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe "
mRun: [Persistence] "c:\windows\system32\igfxpers.exe "
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [McENUI] "c:\progra~1\mcafee\mhn\McENUI.exe" /hide
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe "
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\jeremiah\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5567/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-6 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-26 210216]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-3-23 1178728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-7 111616]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]

=============== Created Last 30 ================

2009-03-29 15:04 <DIR> --d----- c:\program files\Trend Micro
2009-03-29 12:37 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-03-29 12:37 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-03-29 12:37 <DIR> --d----- c:\users\jeremiah\appdata\roaming\SUPERAntiSpyware.com
2009-03-29 12:37 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-29 12:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-28 21:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-28 21:32 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 21:32 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 21:32 <DIR> --d----- c:\programdata\Lavasoft
2009-03-28 21:32 <DIR> --d----- c:\program files\Lavasoft
2009-03-28 20:00 <DIR> --d----- c:\program files\NoAdware
2009-03-26 09:37 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-23 21:19 <DIR> --d----- c:\program files\Ask.com
2009-03-23 21:18 <DIR> --d----- c:\program files\MSSOAP
2009-03-23 21:18 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-23 21:18 1,553,784 a------- c:\windows\WRSetup.dll
2009-03-23 21:18 <DIR> --d----- c:\users\jeremiah\appdata\roaming\Webroot
2009-03-23 21:18 <DIR> --d----- c:\programdata\Webroot
2009-03-23 21:18 <DIR> --d----- c:\progra~2\Webroot
2009-03-23 21:18 <DIR> --d----- c:\program files\Webroot
2009-03-23 21:18 164 a------- c:\windows\install.dat
2009-03-14 18:50 <DIR> --d----- c:\windows\McAfee.com
2009-03-11 02:47 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-11 02:47 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 02:47 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 02:47 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 02:47 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 02:47 268,288 a------- c:\windows\system32\schannel.dll
2009-03-07 23:51 <DIR> --d----- c:\program files\AIM6
2009-03-04 02:57 <DIR> --d----- c:\program files\LimeWire
2009-03-04 01:31 <DIR> --d----- c:\users\jeremiah\appdata\roaming\McAfee
2009-03-02 23:47 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-02 23:47 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-02 23:47 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-02 23:47 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-02 23:47 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-02 23:47 11,264 a------- c:\windows\system32\icardres.dll
2009-03-02 23:47 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-02 23:47 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-02 23:42 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-02 23:41 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-02 23:41 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-02 23:41 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-02 23:41 83,968 a------- c:\windows\system32\mscories.dll
2009-02-28 14:52 14,053 a------- c:\windows\system32\Config.MPF
2009-02-28 13:29 0 a---h--- C:\ProgramData.LOG2
2009-02-28 13:29 0 a---h--- C:\ProgramData.LOG1

==================== Find3M ====================

2009-03-28 14:12 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-28 14:12 51,200 a------- c:\windows\inf\infpub.dat
2009-03-28 14:12 86,016 a------- c:\windows\inf\infstor.dat
2009-02-26 04:12 268,435,456 a--sh--- C:\WinPEpge.sys
2009-02-25 18:24 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-25 18:24 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-25 18:24 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2008-08-15 12:47 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:05:01.58 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vistaâ„¢ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 8/6/2008 8:23:42 PM
System Uptime: 3/29/2009 1:22:06 PM (3 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 190.669 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.592 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
AIM 6
AOL Install
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
EarthLink Setup Files
EDocs
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 5
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NetWaiting
NetZeroInstallers
OutlookAddinSetup
QuickSet
QuickTime
RegCure 1.5.2.7
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spy Sweeper
Spy Sweeper Core
SUPERAntiSpyware Free Edition
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01

==== End Of File ===========================

wideawake · 2009/03/29

Did you shut off system restore before running AV & anti-malware programs?

jhorn44 · 2009/03/29

"wideawake said: ↑

Did you shut off system restore before running AV & anti-malware programs?
Click to expand...

I shutdown system restore before running AV.

Geri · 2009/04/06

Hi jhorn44
Welcome to WindowsBBS

First reinable System Restore and make a restore point. a infected restore point is better then none at all.

Please do this.

Download RootRepeal.zip to your Desktop.

Extract the compressed file to it's own folder.

Open the folder and doubleclick on RootRepeal.exe to run it.

Click on the Report tab, and then click on: Scan

A window opens asking what to include in the scan.

Check the following boxes then click OK:

Drivers

Files

Processes

SSDT

Stealth Objects

Hidden Services

You will then be asked which drive to scan.

Check C: (or the drive your operating system is installed on, if not C)

Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here

Thanks
Geri

jhorn44 · 2009/04/07

RootRepeal Scan

Since the last post, I have uninstalled Mcafee virus software and installed AVG Anti-Virus. However, I still can not go to the Mcafee virus update page.

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/04/07 23:00
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8DE00000 Size: 815104 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8F1E3000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{727c8714-23e5-11de-8b07-00219bdda8c7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6000.16708_none_c3d601207722394b\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6000.20864_none_c41abd3b90741b5f\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6001.18096_none_c558ee00749395e0\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6001.22208_none_c645dc918d666a06\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.16708_none_c7595a2aa4b56e63\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.20864_none_c79e1645be075077\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.18096_none_c8dc470aa226caf8\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.22208_none_c9c9359bbaf99f1e\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.16708_none_ddb4cf58a13aa0ca\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.20864_none_ddf98b73ba8c82de\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18096_none_df37bc389eabfd5f\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.22208_none_e024aac9b77ed185\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Locked to the Windows API!

Path: C:\Users\Jeremiah\AppData\Roaming\Webroot\Spy Sweeper\Logs\090404192816.ses
Status: Allocation size mismatch (API: 4096, Raw: 584)

Path: C:\Users\Jeremiah\AppData\Roaming\Webroot\Spy Sweeper\Logs\090405181056.ses
Status: Allocation size mismatch (API: 568, Raw: 0)

Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.162.Crwl
Status: Allocation size mismatch (API: 280, Raw: 8)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!

SSDT
-------------------
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x85909758

#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x85909e10

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x85909c08

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x85909a28

#: 255 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x859097d0

#: 261 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x85909668

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x859098c0

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x85909b18

#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x85909938

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x85909aa0

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x85909848

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8f0bcf20

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x859099b0

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x859096e0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x85909578

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0x859095f0

Stealth Objects
-------------------
Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1092) Address: 0x00cd0000 Size: 8192

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1092) Address: 0x01fe0000 Size: 323584

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1092) Address: 0x025c0000 Size: 323584

Object: Hidden Module [Name: profsvc.dll]
Process: svchost.exe (PID: 1092) Address: 0x73d90000 Size: 163840

Object: Hidden Module [Name: tquery.dll]
Process: svchost.exe (PID: 1092) Address: 0x6c520000 Size: 1589248

Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1092) Address: 0x6cae0000 Size: 8192

Object: Hidden Module [Name: win32spl.dll]
Process: svchost.exe (PID: 1092) Address: 0x6f2f0000 Size: 450560

Object: Hidden Module [Name: MpEvMsg.dll]
Process: svchost.exe (PID: 1092) Address: 0x73f70000 Size: 57344

Object: Hidden Module [Name: wevtapi.dll]
Process: svchost.exe (PID: 1092) Address: 0x759a0000 Size: 258048

Object: Hidden Module [Name: msvcm80.dll]
Process: bcmwltry.exe (PID: 1836) Address: 0x03ea0000 Size: 507904

Object: Hidden Module [Name: bcmwlrmt.dll]
Process: bcmwltry.exe (PID: 1836) Address: 0x03e20000 Size: 77824

Object: Hidden Module [Name: WLTRAY.EXE]
Process: bcmwltry.exe (PID: 1836) Address: 0x05560000 Size: 3821568

Object: Hidden Module [Name: msvcm80.dll]
Process: Explorer.EXE (PID: 512) Address: 0x073d0000 Size: 507904

Object: Hidden Module [Name: BCMWLCPL.CPL]
Process: Explorer.EXE (PID: 512) Address: 0x0ac40000 Size: 6598656

Object: Hidden Module [Name: imageres.dll]
Process: Explorer.EXE (PID: 512) Address: 0x65ae0000 Size: 15822848

Object: Hidden Module [Name: msvcm80.dll]
Process: WLTRAY.EXE (PID: 2372) Address: 0x04670000 Size: 507904

Object: Hidden Module [Name: bcmwlrmt.dll]
Process: WLTRAY.EXE (PID: 2372) Address: 0x04f20000 Size: 77824

Object: Hidden Module [Name: sprtmessage.dll]
Process: sprtcmd.exe (PID: 2436) Address: 0x01b70000 Size: 77824

Object: Hidden Module [Name: SupportSoft.Agent.Sprocket.SupportMessage.dll]
Process: sprtcmd.exe (PID: 2436) Address: 0x01e30000 Size: 45056

Object: Hidden Module [Name: SupportSoft.Agent.Sprocket.dll]
Process: sprtcmd.exe (PID: 2436) Address: 0x01e60000 Size: 28672

Object: Hidden Code [ETHREAD: 0x84b33968]
Process: System Address: 0x8ae75710 Size: -

Object: Hidden Code [ETHREAD: 0x84b92828]
Process: System Address: 0xb7b16988 Size: -

Object: Hidden Code [ETHREAD: 0x84b92580]
Process: System Address: 0x8d888668 Size: -

Object: Hidden Code [ETHREAD: 0x84b922d8]
Process: System Address: 0xa74f6ce8 Size: -

Object: Hidden Code [ETHREAD: 0x84b93020]
Process: System Address: 0x84b93214 Size: -

Object: Hidden Code [ETHREAD: 0x84b93828]
Process: System Address: 0x9534f088 Size: -

Object: Hidden Code [ETHREAD: 0x883e1918]
Process: System Address: 0xaaf76fe0 Size: -

Geri · 2009/04/08

Hi
OK that looks OK.

Lets run Combofix.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Geri

jhorn44 · 2009/04/09

Combofix Log

See combofix log results:

ComboFix 09-04-04.01 - Jeremiah 2009-04-09 23:25:06.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1960 [GMT -4:00]
Running from: c:\users\Jeremiah\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 23:11 . 2009-04-09 23:12 250,821,054 --a------ c:\windows\MEMORY.DMP
2009-04-07 22:59 . 2009-04-07 22:59 0 --a------ c:\windows\System32\settings.dat
2009-04-04 02:18 . 2009-04-09 14:44 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-04 02:18 . 2009-04-04 02:18 <DIR> d-------- c:\program files\AVG
2009-04-04 02:18 . 2009-04-04 02:18 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-04 02:18 . 2009-04-04 02:18 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-04 02:18 . 2009-04-04 02:18 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-02 22:44 . 2009-03-09 15:06 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-04-02 21:18 . 2009-04-02 21:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-29 15:04 . 2009-03-29 15:04 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 14:26 . 2009-03-29 14:29 <DIR> d-------- c:\program files\RegCure
2009-03-29 12:37 . 2009-03-29 13:24 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-29 12:37 . 2009-03-29 12:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-28 21:33 . 2009-03-09 15:06 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-03-28 21:32 . 2009-03-28 21:32 <DIR> d-------- c:\program files\Lavasoft
2009-03-28 20:00 . 2009-03-28 20:19 <DIR> d-------- c:\program files\NoAdware
2009-03-26 09:37 . 2009-03-26 09:37 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-23 21:19 . 2009-03-23 21:19 <DIR> d-------- c:\program files\Ask.com
2009-03-23 21:18 . 2009-03-23 21:18 <DIR> d-------- c:\program files\Webroot
2009-03-23 21:18 . 2009-03-23 21:18 <DIR> d-------- c:\program files\MSSOAP
2009-03-23 21:18 . 2009-03-05 20:10 1,553,784 --a------ c:\windows\WRSetup.dll
2009-03-23 21:18 . 2009-03-23 21:18 164 --a------ c:\windows\install.dat
2009-03-14 18:50 . 2009-03-14 18:50 <DIR> d-------- c:\windows\McAfee.com
2009-03-11 02:47 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 02:47 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 02:47 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 02:47 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 02:47 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 02:47 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 22:24 --------- d-----w c:\program files\Google
2009-04-06 21:39 --------- d-----w c:\program files\Common Files\Adobe
2009-04-05 22:43 --------- d-----w c:\program files\Java
2009-03-28 21:58 --------- d-----w c:\program files\LimeWire
2009-03-13 08:07 --------- d-----w c:\program files\Windows Mail
2009-03-08 03:52 --------- d-----w c:\program files\AIM6
2009-03-08 03:51 --------- d-----w c:\program files\Common Files\AOL
2009-02-26 08:12 268,435,456 --sha-w C:\WinPEpge.sys
2009-02-25 22:24 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-25 22:24 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-25 22:24 176,752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 18:06 764296 --a------ c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"SigmatelSysTrayApp "= "c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-04 1932568]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-03-05 6308728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-07 01:53 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6D33A6DF-3217-4494-A654-C3C08A5FF74A} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F850228-EBB5-439E-84E8-7D58C851C508} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DD57F5BE-F603-4C8C-9851-E2A14402FEAF} "= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{6B095205-0F41-4798-A621-E1FAA2B2C015} "= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{E8CCDA7A-AA79-4F08-A408-38C840733CE7} "= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{57B72F3A-FBC0-4065-B38A-E069D2350999} "= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{B906405F-A4DF-420C-8F18-EE8EF251E43F} "= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A78E6488-E687-491B-A700-B9CF612658D5} "= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{622471DC-11A7-4B48-8F21-3CE842C18A52} "= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5550F2C7-04A7-4102-A3D6-0D44A98A5988} "= UDP:c:\program files\AIM6\aim6.exe:AIM
"{5901ED50-B524-4B94-A11A-D4D2A67010D4} "= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{14FA2216-896D-4811-B077-942911BC6CDB}c:\\program files\\aim6\\aim6.exe "= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{ED3C5BC4-B634-4F94-94C7-0BEAE509FD71}c:\\program files\\aim6\\aim6.exe "= TCP:c:\program files\aim6\aim6.exe:AIM
"{580846F7-D9C7-437B-87D5-2A5ED184F1E7} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2EF54B64-9565-4F53-9676-6654C24547E1} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0E380C3A-2C97-4550-9B01-96F2E6F19CA2} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A53EEC1E-CE12-41F7-B050-77EC46CE3E29} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C4D6F177-529A-41E0-8958-FFED7953E6CB} "= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{420C6541-F409-4DB5-8002-F92EDC234EBB} "= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{564A1EAB-345C-42A1-A9E6-57ED19333BDD} "= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{281B6537-668B-4E29-88B3-DE0CD3EE72A2} "= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6A46FFB3-C42F-4327-A893-060F852E2FB9} "= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{F75E5320-B14E-4B98-8CD7-3C7B206AD097} "= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F62AB83B-B17C-40A0-BB6D-678FD23BFE56} "= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions "= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-28 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [2009-02-25 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-04 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-04 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-08-06 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-04 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-04 298264]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-03-23 1178728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-08-07 111616]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd70498-a914-11dd-9ba1-00219bdda8c7}]
\shell\AutoRun\command - CA_EdgeLitemobile.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]

2009-04-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:58]

2009-03-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:58]

2009-04-04 c:\windows\Tasks\wrSpySweeper_LAAE3F56EFEDA4611919907000E58D908.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-05 20:10]

2009-04-04 c:\windows\Tasks\wrSpySweeper_LAAE3F56EFEDA4611919907000E58D908.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-05 20:10]

2009-04-04 c:\windows\Tasks\wrSpySweeper_LAAE3F56EFEDA4611919907000E58D908.job
- C:\ [2009-04-09 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080807
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 23:27:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-09 23:29:39
ComboFix-quarantined-files.txt 2009-04-10 03:29:35

Pre-Run: 202,703,974,400 bytes free
Post-Run: 202,709,143,552 bytes free

197 --- E O F --- 2009-04-06 20:18:38

Geri · 2009/04/10

Hi
OK I'm seeing no malware.
If it is McAfee you want to use as your Anti-Virus program then I would make sure it is completely un-installed and the try downloading it again. remember you can only run 1 Anti-Virus program, so AVG would have to be deleted.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Go here to un-install McAfee

McAfee Removal instructions here.

McAfee

Geri

Log in or Sign up

Inactive Can't Update Mcafee Virus Software,can't go to Mcafee website

jhorn44 Inactive Thread Starter

wideawake Inactive

jhorn44 Inactive Thread Starter

Geri Inactive Alumni

jhorn44 Inactive Thread Starter

Geri Inactive Alumni

jhorn44 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Inactive Can't Update Mcafee Virus Software,can't go to Mcafee website

jhorn44 Inactive Thread Starter

wideawake Inactive

jhorn44 Inactive Thread Starter

Geri Inactive Alumni

jhorn44 Inactive Thread Starter

Geri Inactive Alumni

jhorn44 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches