1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Google Redirects/Security Certificate Problems

Discussion in 'Malware and Virus Removal Archive' started by ImDaLittleMan, 2010/07/18.

Thread Status:
Not open for further replies.
  1. 2010/07/18
    ImDaLittleMan

    ImDaLittleMan Inactive Thread Starter

    Joined:
    2010/07/18
    Messages:
    5
    Likes Received:
    0
    [Inactive] Google Redirects/Security Certificate Problems

    I've been having the Google redirect issue ever since I installed Opera a few months back. It wasn't that big of a problem until now. I can't go anywhere in Google anymore. I downloaded "tdsskiller ", but after restarting the computer, my problem was still present. Also, I think spyware or malware has infected my computer because an ".exe" process called "Mn2.exe" or "Mn0.exe" started popping up a few days ago, bringing my computer to a complete standstill until I end the processes in Windows Task Manager. They stay away for about 10-15 minutes before returning. And I can't log onto YouTube or even access Gmail anymore because there's something wrong with the "Google Security Certificate ".

    I downloaded Spyware Terminator and had a full scan done. It found a lot of issues and critical objects and ended up removing most of them, but it also said that I have to manually uninstall certain things. Anyway, even after using Spyware Terminator, it didn't fix anything. I've been trying to get things back to normal for days, but I've run out of ideas. Any help would be much appreciated. Thank you!

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Alex at 18:29:58.82 on Sun 07/18/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.262 [GMT -5:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINNT\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINNT\System32\svchost.exe -k netsvcs
    C:\WINNT\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\rundll32.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\WINNT\system32\ZuneBusEnum.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\1102190321\ee\AOLSoftware.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINNT\System32\svchost.exe -k imgsvc
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Opera\opera.exe
    C:\WINNT\system32\taskmgr.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Documents and Settings\Alex\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Bar = hxxp://search.imesh.com/sidebar.html?src=ssb
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://ie.search.msn.com
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60347
    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
    uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio

    toolbar\aolradiotb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    mURLSearchHooks: MapQuest Toolbar Search Class: {2731c719-b8c5-4282-993d-b5ad0e77531d} - c:\program files\mapquest

    toolbar\mqtb.dll
    mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
    BHO: iMeshPersonalization: {2e172451-9577-461f-bd9d-16d2e88d0f50} - c:\program files\imesh

    applications\personalization\iMeshPersonalizationIE_v1047.dll
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh mediabar\iMeshIEHelper.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: MapQuest Toolbar Loader: {e34f0e11-ab79-487c-9773-36c594dff5aa} - c:\program files\mapquest toolbar\mqtb.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
    TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
    TB: MapQuest Toolbar: {57abf0dd-577c-4ec6-855c-8dc29768c2b0} - c:\program files\mapquest toolbar\mqtb.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
    TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar

    runtime\3.9.0\IEViewBar.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
    TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
    EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
    uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
    uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
    uRun: [iMeshPersonalization] "c:\program files\imesh applications\personalization\iMeshPersonalization.exe "
    uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe "
    mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe "
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [HostManager] c:\program files\common files\aol\1102190321\ee\AOLSoftware.exe
    mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
    mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe "
    dRun: [AOL Fast Start] "c:\progra~1\aol9~1.1\AOL.EXE" -b
    dRun: [8b38edf6-0379-4149-9442-fd5b194029ec_44] rundll32.exe "c:\documents and settings\localservice\application

    data\8b38edf6-0379-4149-9442-fd5b194029ec_44.avi ", start
    dRun: [JDK5SWFMZY] c:\winnt\temp\Mn2.exe
    StartupFolder: c:\docume~1\alex\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uleadp~1.lnk - c:\program files\ulead systems\ulead photo express 4.0

    se\CalCheck.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
    IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
    IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}
    Trusted Zone: att.net
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
    DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
    DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.1.4.29/wordjong/wordjong-ob-assets.cab
    DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

    hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

    hxxps://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -

    hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - hxxp://www.mtv.com/overdrive/bin/setup.exe
    TCP: NameServer = 93.188.162.65,93.188.161.205
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\winnt\system32\rundll32.exe c:\winnt\system32\advpack.dll,launchinfsectionex

    c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 89.149.210.113 www.google.com
    Hosts: 89.149.210.113 us.
    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\ww5mhst9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
    FF - component: c:\documents and settings\alex\application

    data\mozilla\firefox\profiles\ww5mhst9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
    FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

    c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-1-8 64160]
    R0 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2010-4-14 385536]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\winnt\system32\drivers\sp_rsdrv2.sys [2010-7-18 142592]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\winnt\system32\drivers\mfesmfk.sys [2010-6-27 40552]
    R4 PCTCore;PCTools KDS;c:\winnt\system32\drivers\pctcore.sys --> c:\winnt\system32\drivers\PCTCore.sys [?]
    S0 tclondrv;tclondrv; [x]
    S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [2004-9-9 19140]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\winnt\system32\drivers\mfeavfk.sys [2010-6-27 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\winnt\system32\drivers\mfebopk.sys [2009-9-1 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\winnt\system32\drivers\mferkdk.sys [2009-9-1 34248]
    S3 MusCDriverV32;MusCDriverV32;c:\winnt\system32\drivers\MusCDriverV32.sys [2008-9-4 509312]
    S3 MusCVideo32;MusCVideo32;c:\winnt\system32\drivers\MusCVideo32.sys [2008-9-4 3768]
    S3 PCDRDRV;Pcdr Helper Driver; [x]

    ============== File Associations ===============

    regfile= "regedit.exe" "%1 "

    =============== Created Last 30 ================

    2010-07-18 06:10:12 0 d-----w- c:\program files\Crawler
    2010-07-18 06:09:55 142592 ----a-w- c:\winnt\system32\drivers\sp_rsdrv2.sys
    2010-07-18 06:09:52 0 d-----w- c:\docume~1\alex\applic~1\Spyware Terminator
    2010-07-18 06:09:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
    2010-07-18 06:09:35 0 d-----w- c:\program files\Spyware Terminator
    2010-07-17 09:27:14 47616 ---ha-w- c:\winnt\system32\drmuetsh.dll
    2010-07-17 08:03:14 767952 ----a-w- c:\winnt\BDTSupport.dll
    2010-07-17 08:01:29 0 d-----w- c:\program files\common files\PC Tools
    2010-07-17 08:01:28 0 d-----w- c:\program files\Spyware Doctor
    2010-07-15 02:36:36 75776 --sha-r- c:\winnt\system32\igfxritas.dll
    2010-07-15 02:32:46 1024 ----a-w- c:\winnt\system32\file.exe
    2010-07-01 17:18:42 0 d-----w- c:\program files\iTunes
    2010-07-01 17:00:39 0 d-----w- c:\program files\Bonjour
    2010-06-28 00:30:23 15697 ----a-w- c:\winnt\system32\Config.MPF
    2010-06-28 00:20:25 40552 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
    2010-06-28 00:20:24 79816 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
    2010-06-28 00:20:12 120136 ----a-w- c:\winnt\system32\drivers\Mpfp.sys
    2010-06-28 00:19:13 0 d-----w- c:\program files\common files\McAfee
    2010-06-28 00:19:11 0 d-----w- c:\program files\McAfee.com
    2010-06-28 00:17:54 0 d-----w- c:\program files\McAfee
    2010-06-26 23:02:03 0 d-----w- c:\program files\MemTurbo 4

    ==================== Find3M ====================

    2010-07-17 07:24:14 36352 ----a-w- c:\winnt\system32\drivers\intelppm.sys
    2010-06-04 02:40:39 20 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
    2010-05-18 21:35:16 91424 ----a-w- c:\winnt\system32\dnssd.dll
    2010-05-18 21:35:16 107808 ----a-w- c:\winnt\system32\dns-sd.exe
    2005-05-13 22:12:00 217073 -csha-r- c:\winnt\meta4.exe
    2005-10-24 16:13:58 66560 -csha-r- c:\winnt\MOTA113.exe
    2005-10-14 02:27:00 422400 -csha-r- c:\winnt\x2.64.exe
    2005-10-08 00:14:52 308224 --sha-r- c:\winnt\system32\avisynth.dll
    2005-07-14 17:31:20 27648 --sha-r- c:\winnt\system32\AVSredirect.dll
    2005-06-26 20:32:28 616448 --sha-r- c:\winnt\system32\cygwin1.dll
    2005-06-22 03:37:42 45568 --sha-r- c:\winnt\system32\cygz.dll
    2004-01-25 05:00:00 70656 --sha-r- c:\winnt\system32\i420vfw.dll
    2006-04-27 15:24:24 2945024 -csha-r- c:\winnt\system32\Smab.dll
    2005-02-28 18:16:22 240128 --sha-r- c:\winnt\system32\x.264.exe
    2004-01-25 05:00:00 70656 --sha-r- c:\winnt\system32\yv12vfw.dll
    2009-11-04 22:33:51 245760 -csha-w- c:\winnt\system32\config\systemprofile\ietldcache\index.dat
    2008-09-15 07:54:42 32768 -csha-w- c:\winnt\system32\config\systemprofile\local

    settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 18:34:38.01 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/6/2004 9:34:10 PM
    System Uptime: 7/18/2010 12:05:04 PM (6 hours ago)

    Motherboard: Intel Corporation | | D845GRG
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | J2E1 |

    2399/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 34.581 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 7/15/2010 11:52:05 PM - System Checkpoint
    RP2: 7/18/2010 1:29:54 AM - Spyware Terminator - restore point
    RP3: 7/18/2010 3:23:59 AM - Spyware Terminator - restore point
    RP4: 7/18/2010 4:17:23 AM - Configured VeohTV BETA

    ==== Installed Programs ======================

    µTorrent
    AAA Logo 1.21
    Acoustica Effects Pack
    Ad-Aware
    Adobe Acrobat 5.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player
    Advanced Registry Optimizer
    AIM 6
    AIM Toolbar
    AIMTunes
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Deskbar
    AOL Explorer
    AOL Instant Messenger
    AOL Radio Toolbar
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    ASIO4ALL
    AT&T Yahoo! Applications
    Battlefield 1942
    Blubster 2.5
    Bonjour
    BroadJump Client Foundation
    Collab
    Command & Conquer Red Alert 2
    Command && Conquer Red Alert 2 - Yuri's Revenge
    Crawler Toolbar with Web Security Guard
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Web Player
    Do More 6.0
    Download Updater (AOL LLC)
    DreamLight Photo Editor 2.04
    DVD
    Easy CD Creator 5 Basic
    Edirol HQ Orchestral v1.01
    EPSON Printer Software
    Expedia Fare Alert
    FL Studio 8
    FormatFactory 1.90
    Free Audio CD Burner version 1.2
    Free Music Zilla
    Free YouTube to MP3 Converter version 3.2
    FreeSpace 2: Colossus
    FrostWire 4.18.3
    Gateway Desktop Manager
    Gateway Drivers and Applications Recovery
    Gateway IE Customizations
    Gateway Power Management
    Gateway Rhapsody
    Google Earth
    Hard Disk Tune-Up 1.0
    Hardcore
    HelpSpot
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    IL Download Manager
    iMesh
    Imikimi Plugin
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet II
    InterActual Player
    iPod for Windows 2005-09-23
    iTunes
    Java(TM) 6 Update 16
    jlGui 3.0
    Learn2 Player (Uninstall Only)
    MapQuest Toolbar for Internet Explorer
    McAfee SecurityCenter
    McAfee Virtual Technician
    MechWarrior 4 Mercenaries
    MechWarrior Black Knight
    MechWarrior Vengeance
    MediaBar 2.0 (iMesh)
    MemTurbo 4
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Encarta Encyclopedia Standard 2003
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows Journal Viewer
    Microsoft WinUsb 1.0
    Microsoft Word 2002
    Microsoft Works 2003 Setup Launcher
    Microsoft Works 7.0
    Microsoft Works Suite Add-in for Microsoft Word
    Mini-stream Ripper 2.9.7.273 2008.01.02
    MobileMe Control Panel
    Move Networks Media Player for Internet Explorer
    Move Networks Player for Firefox
    Move Networks Player for Internet Explorer
    Moyea DVD Ripper version 1.6.1.2
    Mozilla Firefox (3.5.7)
    MSN Gaming Zone
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Muziic Player & Encoder
    NI Service Center
    Nikon Message Center
    Nikon Transfer
    OpenOffice.org Installer 1.0
    Opera 10.60
    PC-Doctor for Windows
    PhoneTools
    PoiZone
    QuickTime
    RealPlayer
    Registry Easy v5.6
    Rhapsody Player Engine
    Safari
    Sawer
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB980470)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Setup Wizard
    Shockwave
    Spyware Terminator
    The Sims Deluxe Edition
    TomTom HOME 2.6.1.1549
    TomTom HOME Visual Studio Merge Modules
    Toxic Biohazard
    Ulead COOL 360 1.0
    Ulead DVD PictureShow 2 SE Basic
    Ulead Photo Explorer 8.0 SE Basic
    Ulead Photo Express 4.0 SE
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb981433)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VeohTV BETA
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    ViviCam 3765 Digital Camera Driver
    ViviCam 3765(Documents)
    WebFldrs XP
    Westwood Shared Internet Components
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WingMan Software
    WinRAR archiver
    Works Suite OS Pack
    Yahoo! Browser Services
    Yahoo! Software Update
    Zune
    Zune Language Pack (DE)
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    Zune Language Pack (IT)

    ==== Event Viewer Messages From Past Week ========

    7/17/2010 2:42:37 AM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the Windows Image Acquisition (WIA)

    service to connect.
    7/17/2010 2:42:37 AM, error: Service Control Manager [7000] - The

    Windows Image Acquisition (WIA) service failed to start due to the

    following error: The service did not respond to the start or control request

    in a timely fashion.
    7/17/2010 2:25:23 AM, error: Service Control Manager [7026] - The

    following boot-start or system-start driver(s) failed to load: adpu160m

    agp440 IntelIde ultra ViaIde
    7/17/2010 2:25:14 AM, error: sr [1] - The System Restore filter

    encountered the unexpected error '0xC0000001' while processing the file

    '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    7/17/2010 12:35:50 AM, error: Service Control Manager [7011] - Timeout

    (30000 milliseconds) waiting for a transaction response from the

    McShield service.
    7/17/2010 12:22:43 AM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the PrismXL service to connect.
    7/17/2010 12:22:43 AM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the McAfee Personal Firewall Service

    service to connect.
    7/17/2010 12:22:43 AM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the Intel(R) NMS service to connect.
    7/17/2010 12:22:43 AM, error: Service Control Manager [7000] - The

    McAfee Personal Firewall Service service failed to start due to the

    following error: The service did not respond to the start or control request

    in a timely fashion.
    7/17/2010 12:22:43 AM, error: Service Control Manager [7000] - The

    Intel(R) NMS service failed to start due to the following error: The service

    did not respond to the start or control request in a timely fashion.
    7/16/2010 3:24:04 AM, error: Service Control Manager [7000] - The

    McAfee Real-time Scanner service failed to start due to the following

    error: The service did not respond to the start or control request in a

    timely fashion.
    7/16/2010 3:24:03 AM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the McAfee Real-time Scanner service to

    connect.
    7/16/2010 3:15:44 PM, error: Service Control Manager [7031] - The

    McAfee Real-time Scanner service terminated unexpectedly. It has done

    this 2 time(s). The following corrective action will be taken in 60000

    milliseconds: Restart the service.
    7/16/2010 10:19:49 AM, error: Service Control Manager [7011] - Timeout

    (30000 milliseconds) waiting for a transaction response from the stisvc

    service.
    7/15/2010 11:52:35 PM, error: Service Control Manager [7011] - Timeout

    (30000 milliseconds) waiting for a transaction response from the

    mcmscsvc service.
    7/15/2010 11:50:40 PM, error: Dhcp [1002] - The IP address lease

    192.168.1.64 for the Network Card with network address

    0007E9BFDFEC has been denied by the DHCP server 192.168.0.1 (The

    DHCP Server sent a DHCPNACK message).
    7/15/2010 11:50:28 PM, error: Ftdisk [49] - Configuring the Page file for

    crash dump failed. Make sure there is a page file on the boot partition and

    that is large enough to contain all physical memory.
    7/15/2010 11:50:28 PM, error: Ftdisk [45] - The system could not

    sucessfully load the crash dump driver.
    7/14/2010 4:54:55 PM, error: Service Control Manager [7031] - The

    McAfee Real-time Scanner service terminated unexpectedly. It has done

    this 1 time(s). The following corrective action will be taken in 60000

    milliseconds: Restart the service.
    7/14/2010 4:47:42 PM, error: Server [2505] - The server could not bind to

    the transport \Device\NetbiosSmb because another computer on the

    network has the same name. The server could not start.
    7/13/2010 2:43:39 PM, error: Service Control Manager [7011] - Timeout

    (30000 milliseconds) waiting for a transaction response from the

    ZuneBusEnum service.
    7/12/2010 6:04:47 PM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the McAfee SystemGuards service to

    connect.
    7/12/2010 6:04:47 PM, error: Service Control Manager [7000] - The

    McAfee SystemGuards service failed to start due to the following error:

    The service did not respond to the start or control request in a timely

    fashion.
    7/11/2010 3:30:10 AM, error: Service Control Manager [7009] - Timeout

    (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service

    service to connect.
    7/11/2010 3:30:10 AM, error: Service Control Manager [7000] - The

    IMAPI CD-Burning COM Service service failed to start due to the following

    error: The service did not respond to the start or control request in a

    timely fashion.

    ==== End Of File ===========================
     
    Last edited: 2010/07/18
    ImDaLittleMan,
    #1
  2. 2010/07/18
    ImDaLittleMan

    ImDaLittleMan Inactive Thread Starter

    Joined:
    2010/07/18
    Messages:
    5
    Likes Received:
    0
    Sorry, I missed the part about posting logs. Here's DDS:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Alex at 18:29:58.82 on Sun 07/18/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.262 [GMT -5:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINNT\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINNT\System32\svchost.exe -k netsvcs
    C:\WINNT\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\rundll32.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\WINNT\system32\ZuneBusEnum.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\1102190321\ee\AOLSoftware.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINNT\System32\svchost.exe -k imgsvc
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Opera\opera.exe
    C:\WINNT\system32\taskmgr.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Documents and Settings\Alex\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Bar = hxxp://search.imesh.com/sidebar.html?src=ssb
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://ie.search.msn.com
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60347
    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
    uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio

    toolbar\aolradiotb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    mURLSearchHooks: MapQuest Toolbar Search Class: {2731c719-b8c5-4282-993d-b5ad0e77531d} - c:\program files\mapquest

    toolbar\mqtb.dll
    mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
    BHO: iMeshPersonalization: {2e172451-9577-461f-bd9d-16d2e88d0f50} - c:\program files\imesh

    applications\personalization\iMeshPersonalizationIE_v1047.dll
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh mediabar\iMeshIEHelper.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: MapQuest Toolbar Loader: {e34f0e11-ab79-487c-9773-36c594dff5aa} - c:\program files\mapquest toolbar\mqtb.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
    TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
    TB: MapQuest Toolbar: {57abf0dd-577c-4ec6-855c-8dc29768c2b0} - c:\program files\mapquest toolbar\mqtb.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
    TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar

    runtime\3.9.0\IEViewBar.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
    TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
    EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
    uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
    uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
    uRun: [iMeshPersonalization] "c:\program files\imesh applications\personalization\iMeshPersonalization.exe "
    uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe "
    mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe "
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [HostManager] c:\program files\common files\aol\1102190321\ee\AOLSoftware.exe
    mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
    mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe "
    dRun: [AOL Fast Start] "c:\progra~1\aol9~1.1\AOL.EXE" -b
    dRun: [8b38edf6-0379-4149-9442-fd5b194029ec_44] rundll32.exe "c:\documents and settings\localservice\application

    data\8b38edf6-0379-4149-9442-fd5b194029ec_44.avi ", start
    dRun: [JDK5SWFMZY] c:\winnt\temp\Mn2.exe
    StartupFolder: c:\docume~1\alex\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uleadp~1.lnk - c:\program files\ulead systems\ulead photo express 4.0

    se\CalCheck.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
    IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
    IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}
    Trusted Zone: att.net
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
    DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
    DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.1.4.29/wordjong/wordjong-ob-assets.cab
    DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

    hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

    hxxps://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -

    hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - hxxp://www.mtv.com/overdrive/bin/setup.exe
    TCP: NameServer = 93.188.162.65,93.188.161.205
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\winnt\system32\rundll32.exe c:\winnt\system32\advpack.dll,launchinfsectionex

    c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 89.149.210.113 www.google.com
    Hosts: 89.149.210.113 us.
    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\ww5mhst9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
    FF - component: c:\documents and settings\alex\application

    data\mozilla\firefox\profiles\ww5mhst9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
    FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

    c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-1-8 64160]
    R0 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2010-4-14 385536]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\winnt\system32\drivers\sp_rsdrv2.sys [2010-7-18 142592]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\winnt\system32\drivers\mfesmfk.sys [2010-6-27 40552]
    R4 PCTCore;PCTools KDS;c:\winnt\system32\drivers\pctcore.sys --> c:\winnt\system32\drivers\PCTCore.sys [?]
    S0 tclondrv;tclondrv; [x]
    S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [2004-9-9 19140]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\winnt\system32\drivers\mfeavfk.sys [2010-6-27 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\winnt\system32\drivers\mfebopk.sys [2009-9-1 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\winnt\system32\drivers\mferkdk.sys [2009-9-1 34248]
    S3 MusCDriverV32;MusCDriverV32;c:\winnt\system32\drivers\MusCDriverV32.sys [2008-9-4 509312]
    S3 MusCVideo32;MusCVideo32;c:\winnt\system32\drivers\MusCVideo32.sys [2008-9-4 3768]
    S3 PCDRDRV;Pcdr Helper Driver; [x]

    ============== File Associations ===============

    regfile= "regedit.exe" "%1 "

    =============== Created Last 30 ================

    2010-07-18 06:10:12 0 d-----w- c:\program files\Crawler
    2010-07-18 06:09:55 142592 ----a-w- c:\winnt\system32\drivers\sp_rsdrv2.sys
    2010-07-18 06:09:52 0 d-----w- c:\docume~1\alex\applic~1\Spyware Terminator
    2010-07-18 06:09:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
    2010-07-18 06:09:35 0 d-----w- c:\program files\Spyware Terminator
    2010-07-17 09:27:14 47616 ---ha-w- c:\winnt\system32\drmuetsh.dll
    2010-07-17 08:03:14 767952 ----a-w- c:\winnt\BDTSupport.dll
    2010-07-17 08:01:29 0 d-----w- c:\program files\common files\PC Tools
    2010-07-17 08:01:28 0 d-----w- c:\program files\Spyware Doctor
    2010-07-15 02:36:36 75776 --sha-r- c:\winnt\system32\igfxritas.dll
    2010-07-15 02:32:46 1024 ----a-w- c:\winnt\system32\file.exe
    2010-07-01 17:18:42 0 d-----w- c:\program files\iTunes
    2010-07-01 17:00:39 0 d-----w- c:\program files\Bonjour
    2010-06-28 00:30:23 15697 ----a-w- c:\winnt\system32\Config.MPF
    2010-06-28 00:20:25 40552 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
    2010-06-28 00:20:24 79816 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
    2010-06-28 00:20:12 120136 ----a-w- c:\winnt\system32\drivers\Mpfp.sys
    2010-06-28 00:19:13 0 d-----w- c:\program files\common files\McAfee
    2010-06-28 00:19:11 0 d-----w- c:\program files\McAfee.com
    2010-06-28 00:17:54 0 d-----w- c:\program files\McAfee
    2010-06-26 23:02:03 0 d-----w- c:\program files\MemTurbo 4

    ==================== Find3M ====================

    2010-07-17 07:24:14 36352 ----a-w- c:\winnt\system32\drivers\intelppm.sys
    2010-06-04 02:40:39 20 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
    2010-05-18 21:35:16 91424 ----a-w- c:\winnt\system32\dnssd.dll
    2010-05-18 21:35:16 107808 ----a-w- c:\winnt\system32\dns-sd.exe
    2005-05-13 22:12:00 217073 -csha-r- c:\winnt\meta4.exe
    2005-10-24 16:13:58 66560 -csha-r- c:\winnt\MOTA113.exe
    2005-10-14 02:27:00 422400 -csha-r- c:\winnt\x2.64.exe
    2005-10-08 00:14:52 308224 --sha-r- c:\winnt\system32\avisynth.dll
    2005-07-14 17:31:20 27648 --sha-r- c:\winnt\system32\AVSredirect.dll
    2005-06-26 20:32:28 616448 --sha-r- c:\winnt\system32\cygwin1.dll
    2005-06-22 03:37:42 45568 --sha-r- c:\winnt\system32\cygz.dll
    2004-01-25 05:00:00 70656 --sha-r- c:\winnt\system32\i420vfw.dll
    2006-04-27 15:24:24 2945024 -csha-r- c:\winnt\system32\Smab.dll
    2005-02-28 18:16:22 240128 --sha-r- c:\winnt\system32\x.264.exe
    2004-01-25 05:00:00 70656 --sha-r- c:\winnt\system32\yv12vfw.dll
    2009-11-04 22:33:51 245760 -csha-w- c:\winnt\system32\config\systemprofile\ietldcache\index.dat
    2008-09-15 07:54:42 32768 -csha-w- c:\winnt\system32\config\systemprofile\local

    settings\history\history.ie5\mshist012008091520080916\index.dat

    ============= FINISH: 18:34:38.01 ===============
     
    ImDaLittleMan,
    #2


  3. to hide this advert.

  4. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, make sure to disable "word wrap" in Notepad, because your logs are hard to read.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    ============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2010/07/18
    ImDaLittleMan

    ImDaLittleMan Inactive Thread Starter

    Joined:
    2010/07/18
    Messages:
    5
    Likes Received:
    0
    Sorry about the word wrap. Here's the .exehelper log:

    exeHelper by Raktor
    Build 20100414
    Run at 19:57:45 on 07/18/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    And then the ComboFix Log:

    ComboFix 10-07-16.02 - Alex 07/18/2010 20:19:26.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.215 [GMT -5:00]
    Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    The following files were disabled during the run:
    c:\winnt\system32\drmuetsh.dll


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Alex\Application Data\Desktopicon
    c:\documents and settings\Alex\Application Data\WeatherDPA
    c:\documents and settings\Alex\Application Data\WeatherDPA\Weather\WeatherStartup.xml
    c:\documents and settings\Alex\Application Data\Zango
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\1385232.sdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15162
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21060
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\242437
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29308
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\304155
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\367353
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\378860
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42372
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427205
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45837
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\471072
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\477253
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56815
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59844
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69156
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71531
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72748
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72912
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737665
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73840
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745343
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\746718
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753250
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82155
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82511
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83282
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91986
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\ustat\377b.dat
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\ustat\377c.dat
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\dynamic\ustat\377d.dat
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\avatar.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\components.cdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\cursors.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\default.cdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\icons2.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\progress.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
    c:\documents and settings\Alex\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
    c:\documents and settings\Alex\GoToAssistDownloadHelper.exe
    c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    c:\documents and settings\All Users\Application Data\SalesMonitor
    c:\documents and settings\All Users\Favorites\_favdata.dat
    c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard
    c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard\SetupWizard.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard\Uninstall SetupWizard.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    c:\documents and settings\LocalService\Application Data\8b38edf6-0379-4149-9442-fd5b194029ec_44.avi
    c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Ssk.log
    c:\program files\Mozilla Firefox\components\npclntax.xpt
    c:\program files\Setup Wizard
    c:\program files\Setup Wizard\notepad.exe
    c:\program files\Setup Wizard\settings.ini
    c:\program files\Setup Wizard\SetupWizard.exe
    c:\program files\Setup Wizard\unins000.dat
    c:\program files\Setup Wizard\unins000.exe
    c:\winnt\system\oeminfo.ini
    c:\winnt\system32\aplib.dll
    c:\winnt\system32\Cache
    c:\winnt\system32\config.dat
    c:\winnt\system32\ernel32.dll
    c:\winnt\system32\file.exe
    c:\winnt\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    c:\winnt\xpsp1hfm.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_ZESOFT


    ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
    .

    2010-07-18 08:33 . 2010-07-18 08:33 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Threat Expert
    2010-07-18 06:10 . 2010-07-18 06:10 -------- d-----w- c:\program files\Crawler
    2010-07-18 06:09 . 2010-07-18 06:09 142592 ----a-w- c:\winnt\system32\drivers\sp_rsdrv2.sys
    2010-07-18 06:09 . 2010-07-19 01:01 -------- d-----w- c:\documents and settings\Alex\Application Data\Spyware Terminator
    2010-07-18 06:09 . 2010-07-18 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2010-07-18 06:09 . 2010-07-19 01:01 -------- d-----w- c:\program files\Spyware Terminator
    2010-07-17 09:27 . 2010-07-17 09:27 47616 ----a-w- c:\winnt\system32\drmuetsh.dll
    2010-07-15 02:36 . 2010-07-15 02:36 75776 --sha-r- c:\winnt\system32\igfxritas.dll
    2010-07-10 06:53 . 2010-07-10 06:53 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\axcwsnkid
    2010-07-05 08:22 . 2010-07-05 08:23 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\jrkqgowpt
    2010-07-01 17:18 . 2010-07-01 17:22 -------- d-----w- c:\program files\iTunes
    2010-07-01 17:00 . 2010-07-01 17:00 -------- d-----w- c:\program files\Bonjour
    2010-06-28 00:20 . 2010-02-17 21:52 40552 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
    2010-06-28 00:20 . 2010-02-17 21:52 79816 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
    2010-06-28 00:20 . 2009-07-16 17:32 120136 ----a-w- c:\winnt\system32\drivers\Mpfp.sys
    2010-06-28 00:19 . 2010-06-28 00:20 -------- d-----w- c:\program files\Common Files\McAfee
    2010-06-28 00:19 . 2010-06-28 00:19 -------- d-----w- c:\program files\McAfee.com
    2010-06-28 00:17 . 2010-06-30 04:33 -------- d-----w- c:\program files\McAfee
    2010-06-26 23:02 . 2010-06-26 23:02 -------- d-----w- c:\program files\MemTurbo 4
    2010-06-21 07:51 . 2010-06-21 07:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Viewpoint
    2010-06-21 07:49 . 2010-06-21 07:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
    2010-06-20 07:34 . 2010-06-20 07:34 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\Viewpoint

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-18 09:21 . 2008-09-04 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-18 09:14 . 2009-08-01 04:17 -------- d-----w- c:\program files\Acoustica Shared Effects
    2010-07-18 06:30 . 2004-01-28 22:55 -------- d-----w- c:\program files\Viewpoint
    2010-07-17 07:24 . 2004-08-04 05:59 36352 ----a-w- c:\winnt\system32\drivers\intelppm.sys
    2010-07-16 17:56 . 2008-03-14 21:58 664 ----a-w- c:\winnt\system32\d3d9caps.dat
    2010-07-01 17:19 . 2006-01-13 23:59 -------- d-----w- c:\program files\iPod
    2010-07-01 17:19 . 2007-07-23 03:03 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-01 16:43 . 2008-07-17 08:12 -------- d-----w- c:\program files\Safari
    2010-07-01 16:10 . 2010-01-09 16:41 -------- d-----w- c:\program files\Opera
    2010-06-28 00:30 . 2009-09-02 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-06-27 01:00 . 2007-05-24 06:31 -------- d-----w- c:\program files\AIM6
    2010-06-26 18:25 . 2009-11-01 21:26 -------- d-----w- c:\program files\Hard Disk Tune-Up
    2010-06-26 17:54 . 2009-11-01 19:46 -------- d-----w- c:\program files\Advanced Registry Optimizer
    2010-06-24 03:33 . 2009-03-09 22:42 -------- d-----w- c:\program files\Muziic
    2010-06-21 07:49 . 2004-12-04 20:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AOL
    2010-06-04 02:40 . 2008-01-15 20:02 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2010-06-02 07:28 . 2004-10-27 02:27 -------- d-----w- c:\program files\Winamp
    2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\winnt\system32\dnssd.dll
    2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\winnt\system32\dns-sd.exe
    2010-04-25 00:12 . 2004-09-22 04:04 90656 -c--a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-13 22:12 . 2005-05-13 22:12 217073 -csha-r- c:\winnt\meta4.exe
    2005-10-24 16:13 . 2005-10-24 16:13 66560 -csha-r- c:\winnt\MOTA113.exe
    2005-10-14 02:27 . 2005-10-14 02:27 422400 -csha-r- c:\winnt\x2.64.exe
    2005-10-08 00:14 . 2005-10-08 00:14 308224 --sha-r- c:\winnt\system32\avisynth.dll
    2005-07-14 17:31 . 2005-07-14 17:31 27648 --sha-r- c:\winnt\system32\AVSredirect.dll
    2005-06-26 20:32 . 2005-06-26 20:32 616448 --sha-r- c:\winnt\system32\cygwin1.dll
    2005-06-22 03:37 . 2005-06-22 03:37 45568 --sha-r- c:\winnt\system32\cygz.dll
    2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\winnt\system32\i420vfw.dll
    2006-04-27 15:24 . 2006-04-27 15:24 2945024 -csha-r- c:\winnt\system32\Smab.dll
    2005-02-28 18:16 . 2005-02-28 18:16 240128 --sha-r- c:\winnt\system32\x.264.exe
    2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\winnt\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2008-04-17 07:42 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E34F0E11-AB79-487c-9773-36C594DFF5AA}]
    2008-03-18 21:35 1267040 ----a-w- c:\program files\MapQuest Toolbar\mqtb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{57ABF0DD-577C-4ec6-855C-8DC29768C2B0} "= "c:\program files\MapQuest Toolbar\mqtb.dll" [2008-03-18 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57abf0dd-577c-4ec6-855c-8dc29768c2b0}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2374E959-A5FE-424f-9F20-47FB6195D175}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{57ABF0DD-577C-4EC6-855C-8DC29768C2B0} "= "c:\program files\MapQuest Toolbar\mqtb.dll" [2008-03-18 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57abf0dd-577c-4ec6-855c-8dc29768c2b0}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2374E959-A5FE-424f-9F20-47FB6195D175}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6 "= "c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
    "Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]
    "Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
    "iMeshPersonalization "= "c:\program files\iMesh Applications\Personalization\iMeshPersonalization.exe" [2008-04-29 1255856]
    "SpywareTerminatorUpdate "= "c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-07-18 3037696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\winnt\System32\igfxtray.exe" [2003-11-18 155648]
    "HotKeysCmds "= "c:\winnt\System32\hkcmd.exe" [2003-11-18 118784]
    "AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-04 684032]
    "AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-20 180269]
    "HostManager "= "c:\program files\Common Files\AOL\1102190321\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Ulead AutoDetector "= "c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-10-23 45056]
    "YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-07 524632]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
    "Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AOL Fast Start "= "c:\progra~1\AOL9~1.1\AOL.EXE" [2008-11-06 50472]

    c:\documents and settings\Alex\Start Menu\Programs\Startup\
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\America Online 9.0a\\waol.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltsmon.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltpspd.exe "=
    "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe "=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1102190321\\ee\\aolservicehost.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\AIM\\aim.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe "=
    "c:\\Program Files\\Common Files\\aol\\1102190321\\EE\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\aol\\1102190321\\EE\\aim6.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\FrostWire\\FrostWire.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Alex\\Desktop\\utorrent.exe "=
    "c:\\Program Files\\AOL 9.1\\waol.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe "=
    "c:\\Program Files\\Opera\\opera.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\WINNT\\system32\\spoolsv.exe "=

    R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [1/8/2010 10:41 PM 64160]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\winnt\system32\drivers\sp_rsdrv2.sys [7/18/2010 1:09 AM 142592]
    R2 Hard Disk Tune-Up;Hard Disk Tune-Up;c:\program files\Hard Disk Tune-Up\HDTuneUpSrv.exe [11/1/2009 4:26 PM 448272]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
    S0 tclondrv;tclondrv; [x]
    S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [9/9/2004 6:37 PM 19140]
    S3 MusCDriverV32;MusCDriverV32;c:\winnt\system32\drivers\MusCDriverV32.sys [9/4/2008 3:40 PM 509312]
    S3 MusCVideo32;MusCVideo32;c:\winnt\system32\drivers\MusCVideo32.sys [9/4/2008 3:40 PM 3768]
    S3 PCDRDRV;Pcdr Helper Driver; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\winnt\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-11 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:06]

    2010-07-18 c:\winnt\Tasks\Ad-Aware.job
    - c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2009-03-09 04:06]

    2010-07-06 c:\winnt\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

    2010-07-06 c:\winnt\Tasks\Disk Cleanup.job
    - c:\winnt\system32\cleanmgr.exe [2002-09-03 00:12]

    2010-07-15 c:\winnt\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-28 17:22]

    2010-07-01 c:\winnt\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-28 17:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://ie.search.msn.com
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: att.net
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.1.4.29/wordjong/wordjong-ob-assets.cab
    DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - hxxp://www.mtv.com/overdrive/bin/setup.exe
    FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\ww5mhst9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
    FF - component: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\ww5mhst9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-Acoustica Effects Pack - c:\progra~1\ACOUST~2\UNWISE.EXE
    AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
    AddRemove-Viewpoint Toolbar - c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-18 20:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1516)
    c:\winnt\system32\WININET.dll
    c:\winnt\system32\ieframe.dll
    c:\winnt\system32\webcheck.dll
    c:\winnt\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\winnt\system32\PortableDeviceTypes.dll
    c:\winnt\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\winnt\system32\rundll32.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files\Viewpoint\Common\ViewpointService.exe
    c:\winnt\wanmpsvc.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\winnt\system32\ZuneBusEnum.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\winnt\System32\wbem\unsecapp.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\progra~1\Yahoo!\browser\ycommon.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\AIM6\aolsoftware.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    c:\winnt\system32\taskmgr.exe
    c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
    c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
    c:\progra~1\mcafee\msc\mcupdmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-18 21:22:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-19 02:22

    Pre-Run: 37,073,498,112 bytes free
    Post-Run: 37,685,780,480 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINNT= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - D3CABD6A7CDC6498374F926CECEB359C
     
    ImDaLittleMan,
    #4
  6. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ==============================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\winnt\system32\drmuetsh.dll
c:\winnt\system32\igfxritas.dll


Folder::
c:\documents and settings\Alex\Local Settings\Application Data\axcwsnkid
c:\documents and settings\Alex\Local Settings\Application Data\jrkqgowpt


Driver::
tclondrv
PCDRDRV

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
 "DisableMonitoring "=-

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #5
  7. 2010/07/18
    ImDaLittleMan

    ImDaLittleMan Inactive Thread Starter

    Joined:
    2010/07/18
    Messages:
    5
    Likes Received:
    0
    After the first ComboFix finished, I checked Google and YouTube and everything is back to normal. I can search on Google without redirects and sign into G-Mail and YouTube again.

    I saved the notepad as a CFScript.txt like you said. However, when I was ready to drag it to ComboFix, I noticed the icon was gone. I tried downloading ComboFix again from the link you supplied earlier, but my McAfee keeps detecting it as a Trojan. McAfee has automatically blocked and removed a Trojan. This is what it says:

    About this Trojan
    Detected: Artemis!1CF922383FCF (Trojan), Artemis!1CF922383FCF (Trojan)
    Location: C:\Documents and Settings\Alex\Desktop\ComboFix.exe

    Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

    I'm unable to download ComboFix without this alert popping up.
     
    ImDaLittleMan,
    #6
  8. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    As my instructions say, you have disable McAfee, when dealing with Combofix.
    I'm sorry to say, but McAfee is a very dumb security program.
    This is not the first case, when it blocks legit program, or marks a legit site as dangerous.
     
    broni,
    #7
  9. 2010/07/19
    ImDaLittleMan

    ImDaLittleMan Inactive Thread Starter

    Joined:
    2010/07/18
    Messages:
    5
    Likes Received:
    0
    Here is the second log:

    ComboFix 10-07-16.02 - Alex 07/19/2010 0:30.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.219 [GMT -5:00]
    Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt

    FILE ::
    "c:\winnt\system32\drmuetsh.dll "
    "c:\winnt\system32\igfxritas.dll "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Alex\Local Settings\Application Data\axcwsnkid
    c:\documents and settings\Alex\Local Settings\Application Data\jrkqgowpt
    c:\winnt\system32\drmuetsh.dll
    c:\winnt\system32\igfxritas.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_PCDRDRV
    -------\Service_tclondrv


    ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
    .

    2010-07-18 06:09 . 2010-07-19 04:49 -------- d-----w- c:\documents and settings\Alex\Application Data\Spyware Terminator
    2010-07-18 06:09 . 2010-07-18 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2010-06-21 07:51 . 2010-06-21 07:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Viewpoint
    2010-06-20 07:34 . 2010-06-20 07:34 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\Viewpoint

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-19 04:15 . 2004-01-30 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-07-19 01:01 . 2010-07-18 06:09 -------- d-----w- c:\program files\Spyware Terminator
    2010-07-18 09:21 . 2008-09-04 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-18 09:14 . 2009-08-01 04:17 -------- d-----w- c:\program files\Acoustica Shared Effects
    2010-07-18 06:10 . 2010-07-18 06:10 -------- d-----w- c:\program files\Crawler
    2010-07-18 06:09 . 2010-07-18 06:09 142592 ----a-w- c:\winnt\system32\drivers\sp_rsdrv2.sys
    2010-07-17 07:24 . 2004-08-04 05:59 36352 ----a-w- c:\winnt\system32\drivers\intelppm.sys
    2010-07-16 17:56 . 2008-03-14 21:58 664 ----a-w- c:\winnt\system32\d3d9caps.dat
    2010-07-01 17:22 . 2010-07-01 17:18 -------- d-----w- c:\program files\iTunes
    2010-07-01 17:19 . 2006-01-13 23:59 -------- d-----w- c:\program files\iPod
    2010-07-01 17:19 . 2007-07-23 03:03 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-01 17:00 . 2010-07-01 17:00 -------- d-----w- c:\program files\Bonjour
    2010-07-01 16:43 . 2008-07-17 08:12 -------- d-----w- c:\program files\Safari
    2010-07-01 16:10 . 2010-01-09 16:41 -------- d-----w- c:\program files\Opera
    2010-06-30 04:33 . 2010-06-28 00:17 -------- d-----w- c:\program files\McAfee
    2010-06-28 00:30 . 2009-09-02 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-06-28 00:20 . 2010-06-28 00:19 -------- d-----w- c:\program files\Common Files\McAfee
    2010-06-28 00:19 . 2010-06-28 00:19 -------- d-----w- c:\program files\McAfee.com
    2010-06-27 01:00 . 2007-05-24 06:31 -------- d-----w- c:\program files\AIM6
    2010-06-26 23:02 . 2010-06-26 23:02 -------- d-----w- c:\program files\MemTurbo 4
    2010-06-26 18:25 . 2009-11-01 21:26 -------- d-----w- c:\program files\Hard Disk Tune-Up
    2010-06-26 17:54 . 2009-11-01 19:46 -------- d-----w- c:\program files\Advanced Registry Optimizer
    2010-06-24 03:33 . 2009-03-09 22:42 -------- d-----w- c:\program files\Muziic
    2010-06-21 07:49 . 2004-12-04 20:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AOL
    2010-06-04 02:40 . 2008-01-15 20:02 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2010-06-02 07:28 . 2004-10-27 02:27 -------- d-----w- c:\program files\Winamp
    2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\winnt\system32\dnssd.dll
    2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\winnt\system32\dns-sd.exe
    2010-04-25 00:12 . 2004-09-22 04:04 90656 -c--a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-13 22:12 . 2005-05-13 22:12 217073 -csha-r- c:\winnt\meta4.exe
    2005-10-24 16:13 . 2005-10-24 16:13 66560 -csha-r- c:\winnt\MOTA113.exe
    2005-10-14 02:27 . 2005-10-14 02:27 422400 -csha-r- c:\winnt\x2.64.exe
    2005-10-08 00:14 . 2005-10-08 00:14 308224 --sha-r- c:\winnt\system32\avisynth.dll
    2005-07-14 17:31 . 2005-07-14 17:31 27648 --sha-r- c:\winnt\system32\AVSredirect.dll
    2005-06-26 20:32 . 2005-06-26 20:32 616448 --sha-r- c:\winnt\system32\cygwin1.dll
    2005-06-22 03:37 . 2005-06-22 03:37 45568 --sha-r- c:\winnt\system32\cygz.dll
    2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\winnt\system32\i420vfw.dll
    2006-04-27 15:24 . 2006-04-27 15:24 2945024 -csha-r- c:\winnt\system32\Smab.dll
    2005-02-28 18:16 . 2005-02-28 18:16 240128 --sha-r- c:\winnt\system32\x.264.exe
    2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\winnt\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2008-04-17 07:42 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E34F0E11-AB79-487c-9773-36C594DFF5AA}]
    2008-03-18 21:35 1267040 ----a-w- c:\program files\MapQuest Toolbar\mqtb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{57ABF0DD-577C-4ec6-855C-8DC29768C2B0} "= "c:\program files\MapQuest Toolbar\mqtb.dll" [2008-03-18 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57abf0dd-577c-4ec6-855c-8dc29768c2b0}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2374E959-A5FE-424f-9F20-47FB6195D175}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{57ABF0DD-577C-4EC6-855C-8DC29768C2B0} "= "c:\program files\MapQuest Toolbar\mqtb.dll" [2008-03-18 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57abf0dd-577c-4ec6-855c-8dc29768c2b0}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2374E959-A5FE-424f-9F20-47FB6195D175}]
    [HKEY_CLASSES_ROOT\MQTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6 "= "c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
    "Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]
    "Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
    "iMeshPersonalization "= "c:\program files\iMesh Applications\Personalization\iMeshPersonalization.exe" [2008-04-29 1255856]
    "SpywareTerminatorUpdate "= "c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-07-18 3037696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\winnt\System32\igfxtray.exe" [2003-11-18 155648]
    "HotKeysCmds "= "c:\winnt\System32\hkcmd.exe" [2003-11-18 118784]
    "AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-04 684032]
    "AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-20 180269]
    "HostManager "= "c:\program files\Common Files\AOL\1102190321\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Ulead AutoDetector "= "c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-10-23 45056]
    "YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-07 524632]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
    "Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "McAfee Backup "= "c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AOL Fast Start "= "c:\progra~1\AOL9~1.1\AOL.EXE" [2008-11-06 50472]

    c:\documents and settings\Alex\Start Menu\Programs\Startup\
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\America Online 9.0a\\waol.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltsmon.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltpspd.exe "=
    "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe "=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1102190321\\ee\\aolservicehost.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\AIM\\aim.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe "=
    "c:\\Program Files\\Common Files\\aol\\1102190321\\EE\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\aol\\1102190321\\EE\\aim6.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\FrostWire\\FrostWire.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Alex\\Desktop\\utorrent.exe "=
    "c:\\Program Files\\AOL 9.1\\waol.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe "=
    "c:\\Program Files\\Opera\\opera.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\WINNT\\system32\\spoolsv.exe "=

    R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [1/8/2010 10:41 PM 64160]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\winnt\system32\drivers\sp_rsdrv2.sys [7/18/2010 1:09 AM 142592]
    S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [9/9/2004 6:37 PM 19140]
    S3 MusCDriverV32;MusCDriverV32;c:\winnt\system32\drivers\MusCDriverV32.sys [9/4/2008 3:40 PM 509312]
    S3 MusCVideo32;MusCVideo32;c:\winnt\system32\drivers\MusCVideo32.sys [9/4/2008 3:40 PM 3768]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - NMSCFG

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\winnt\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-11 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:06]

    2010-07-18 c:\winnt\Tasks\Ad-Aware.job
    - c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2009-03-09 04:06]

    2010-07-06 c:\winnt\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

    2010-07-06 c:\winnt\Tasks\Disk Cleanup.job
    - c:\winnt\system32\cleanmgr.exe [2002-09-03 00:12]

    2010-07-15 c:\winnt\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-28 17:22]

    2010-07-01 c:\winnt\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-28 17:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://ie.search.msn.com
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: att.net
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.1.4.29/wordjong/wordjong-ob-assets.cab
    DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - hxxp://www.mtv.com/overdrive/bin/setup.exe
    FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\ww5mhst9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
    FF - component: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\ww5mhst9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-19 00:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(676)
    c:\winnt\system32\WININET.dll
    c:\winnt\system32\ieframe.dll
    c:\winnt\system32\webcheck.dll
    c:\winnt\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\winnt\system32\PortableDeviceTypes.dll
    c:\winnt\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\AAWService.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Hard Disk Tune-Up\HDTuneUpSrv.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\winnt\System32\NMSSvc.exe
    c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\winnt\wanmpsvc.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\winnt\system32\ZuneBusEnum.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\winnt\System32\wbem\unsecapp.exe
    c:\winnt\system32\wscntfy.exe
    c:\progra~1\Yahoo!\browser\ycommon.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\AIM6\aolsoftware.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-19 01:13:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-19 06:13
    ComboFix2.txt 2010-07-19 02:22

    Pre-Run: 37,620,989,952 bytes free
    Post-Run: 37,592,768,512 bytes free

    - - End Of File - - 135F610122643CFBF23F00C6D26F543E
     
    ImDaLittleMan,
    #8
  10. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is redirection?

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...