[SOLVED] Dell imspiron 9300 spyware doctor problem - Page 4

tetonbob · 06-29-2009, 09:31 PM

Looking good...

As far as McAfee goes, reverse the settings which were made using these instructions

Double-click the taskbar icon to open the Security Center
Click Advanced Menu (lower left)
Click Configure (left)
Click Computer & Files (upper left)
VirusScan can be disabled on the right, and set when it should resume (30 minutes should be sufficient) or you choose Never, and re-enable manually after ComboFix has completed it's tasks.

So, navigate to that panel, and change the settings to enabled.

Let's leave Spyware Doctor disabled for now.

Before we continue, I'd like a bit more information.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

WIZARD6 · 06-29-2009, 09:36 PM

Adobe Acrobat - Reader 6.0.2 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Search
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bat
BearShare MediaBar
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Digital Line Detect
Direct Show Ogg Vorbis Filter (remove only)
FileMaker Pro 6
Get High Speed Internet!
ImageMixer VCD2
Imation Disk Manager V a Service
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
LimeWire 4.14.10
Macromedia Flash Player
McAfee SecurityCenter
McAfee VirusScan
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft IntelliPoint 5.4
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
Picaboo
Picture Package
Picture Package Music Transfer
PowerDVD 5.3
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spyware Doctor 5.1
UltraISO Premium V8.61
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

tetonbob · 06-29-2009, 09:45 PM

Great, we're making progress.

Next steps....please take your time and read the instructions carefully. They're self explanatory, and all should go smoothly if you follow each step.

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( BearShare MediaBar, LimeWire 4.14.10 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar<<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

Also uninstall these:

Bat
My Way Search Assistant

You may receive notification that these have already been uninstalled, or are otherwise corrupt, would you like to remove them from the list. Please click on Yes, or OK.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 14 -"
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.

For you, it is these:

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

Please run DDS once again, and post it's logs.

WIZARD6 · 06-30-2009, 12:53 AM

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 5.1.2600 Service Pack 2

6/30/2009 2:50:32 AM
mbam-log-2009-06-30 (02-50-32).txt

Scan type: Quick Scan
Objects scanned: 93985
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

WIZARD6 · 06-30-2009, 01:01 AM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Kathy at 2:54:50.51 on Tue 06/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.181 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kathy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = mihproxy.broward.k12.fl.us:8888
uInternet Settings,ProxyOverride = web
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {1a84989c-e083-4a5d-bd8f-857127a99ec2} - No File
BHO: {645d0c7e-ed58-4794-8919-312f43261aeb} - No File
BHO: {86C984C9-AAA6-414E-9370-C0CF070DE00F} - No File
BHO: {A1CBCCEA-D995-4C17-B660-9265A99C3895} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-10-6 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-10-6 122368]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-2-22 41288]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-2-22 62280]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-2-22 79688]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-3-18 245760]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-10-6 114464]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2008-2-22 311112]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2008-2-22 1418056]

=============== Created Last 30 ================

2009-06-30 02:01 <DIR> --d----- c:\docume~1\kathy\applic~1\Malwarebytes
2009-06-30 02:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 02:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-30 02:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 02:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-30 01:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-30 01:45 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-30 00:39 <DIR> --d----- c:\windows\ie8updates
2009-06-29 20:40 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-29 20:35 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-29 20:35 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-06-29 20:34 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-29 20:34 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-29 20:34 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-29 20:33 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-29 20:32 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-06-29 20:32 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-06-29 20:32 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-29 20:32 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-29 20:30 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-06-29 20:26 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-29 20:20 142,464 a------- c:\windows\system32\drivers\aec.sys
2009-06-29 20:20 108,791 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-06-29 20:20 60,800 a------- c:\windows\system32\drivers\arp1394.sys
2009-06-29 20:20 14,336 a------- c:\windows\system32\drivers\asyncmac.sys
2009-06-28 19:06 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-28 18:29 <DIR> a-dshr-- C:\cmdcons
2009-06-28 18:03 161,792 a------- c:\windows\SWREG.exe
2009-06-28 18:03 155,136 a------- c:\windows\PEV.exe
2009-06-28 18:03 98,816 a------- c:\windows\sed.exe
2009-06-28 16:19 <DIR> --d----- c:\program files\trend micro
2009-06-28 12:55 <DIR> --dsh--- c:\documents and settings\kathy\IECompatCache
2009-06-28 12:55 <DIR> --dsh--- c:\documents and settings\kathy\PrivacIE
2009-06-28 12:43 <DIR> --dsh--- c:\documents and settings\kathy\IETldCache
2009-06-28 12:10 <DIR> -cd-h--- c:\windows\ie8
2009-06-28 01:17 <DIR> --d----- c:\docume~1\kathy\applic~1\AOL

==================== Find3M ====================

2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 11:11 584,192 a------- c:\windows\system32\dllcache\rpcrt4.dll
2007-05-19 11:37 1,664 ac------ c:\docume~1\kathy\applic~1\ViewerApp.dat

============= FINISH: 2:55:37.50 ===============

WIZARD6 · 06-30-2009, 01:01 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2005 4:59:46 PM
System Uptime: 6/30/2009 2:28:23 AM (0 hours ago)

Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 399/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 59.06 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP381: 6/28/2009 7:04:12 PM - System Checkpoint
RP382: 6/28/2009 7:04:12 PM - Software Distribution Service 3.0
RP383: 6/28/2009 7:04:12 PM - System Checkpoint
RP384: 6/28/2009 7:04:13 PM - System Checkpoint
RP385: 6/28/2009 7:04:13 PM - System Checkpoint
RP386: 6/28/2009 7:04:13 PM - System Checkpoint
RP387: 6/28/2009 7:04:13 PM - System Checkpoint
RP388: 6/28/2009 7:04:14 PM - System Checkpoint
RP389: 6/28/2009 7:04:14 PM - System Checkpoint
RP390: 6/28/2009 7:04:14 PM - System Checkpoint
RP391: 6/28/2009 7:04:15 PM - System Checkpoint
RP392: 6/28/2009 7:04:15 PM - System Checkpoint
RP393: 6/28/2009 7:04:15 PM - System Checkpoint
RP394: 6/28/2009 7:04:15 PM - System Checkpoint
RP395: 6/28/2009 7:04:16 PM - System Checkpoint
RP396: 6/28/2009 7:04:16 PM - System Checkpoint
RP397: 6/28/2009 7:04:16 PM - System Checkpoint
RP398: 6/28/2009 7:04:17 PM - System Checkpoint
RP399: 6/28/2009 7:04:17 PM - Software Distribution Service 3.0
RP400: 6/28/2009 7:04:17 PM - System Checkpoint
RP401: 6/28/2009 7:04:18 PM - System Checkpoint
RP402: 6/28/2009 7:04:18 PM - System Checkpoint
RP403: 6/28/2009 7:04:19 PM - System Checkpoint
RP404: 6/28/2009 7:04:19 PM - System Checkpoint
RP405: 6/28/2009 7:04:19 PM - System Checkpoint
RP406: 6/28/2009 7:04:19 PM - System Checkpoint
RP407: 6/28/2009 7:04:19 PM - System Checkpoint
RP408: 6/28/2009 7:04:20 PM - System Checkpoint
RP409: 6/28/2009 7:04:20 PM - System Checkpoint
RP410: 6/28/2009 7:04:20 PM - System Checkpoint
RP411: 6/28/2009 7:04:20 PM - System Checkpoint
RP412: 6/28/2009 7:04:20 PM - System Checkpoint
RP413: 6/28/2009 7:04:21 PM - System Checkpoint
RP414: 6/28/2009 7:04:21 PM - System Checkpoint
RP415: 6/28/2009 7:04:21 PM - System Checkpoint
RP416: 6/28/2009 7:04:21 PM - System Checkpoint
RP417: 6/28/2009 7:04:21 PM - System Checkpoint
RP418: 6/28/2009 7:04:22 PM - System Checkpoint
RP419: 6/28/2009 7:04:22 PM - System Checkpoint
RP420: 6/28/2009 7:04:22 PM - System Checkpoint
RP421: 6/28/2009 7:04:22 PM - System Checkpoint
RP422: 6/28/2009 7:04:22 PM - Software Distribution Service 3.0
RP423: 6/28/2009 7:04:23 PM - System Checkpoint
RP424: 6/28/2009 7:04:23 PM - System Checkpoint
RP425: 6/28/2009 7:04:23 PM - System Checkpoint
RP426: 6/28/2009 7:04:23 PM - System Checkpoint
RP427: 6/28/2009 7:04:23 PM - System Checkpoint
RP428: 6/28/2009 7:04:23 PM - System Checkpoint
RP429: 6/28/2009 7:04:23 PM - System Checkpoint
RP430: 6/28/2009 7:04:24 PM - System Checkpoint
RP431: 6/28/2009 7:04:24 PM - System Checkpoint
RP432: 6/28/2009 7:04:24 PM - System Checkpoint
RP433: 6/28/2009 7:04:24 PM - Last known good configuration
RP434: 6/28/2009 7:04:30 PM - Installed Windows Internet Explorer 8.
RP435: 6/28/2009 7:05:04 PM - Last known good configuration
RP436: 6/29/2009 10:17:02 PM - System Checkpoint
RP437: 6/30/2009 12:21:00 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP438: 6/30/2009 12:23:04 AM - Removed Java(TM) 6 Update 2
RP439: 6/30/2009 12:27:53 AM - Software Distribution Service 3.0
RP440: 6/30/2009 1:11:13 AM - Installed Windows XP WgaNotify.
RP441: 6/30/2009 1:43:30 AM - Installed Java(TM) 6 Update 14

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Search
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Digital Line Detect
Direct Show Ogg Vorbis Filter (remove only)
FileMaker Pro 6
Get High Speed Internet!
Hotfix for Windows XP (KB952287)
ImageMixer VCD2
Imation Disk Manager V a Service
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 14
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee VirusScan
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft IntelliPoint 5.4
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
Picaboo
Picture Package
Picture Package Music Transfer
PowerDVD 5.3
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spyware Doctor 5.1
UltraISO Premium V8.61
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

==== Event Viewer Messages From Past Week ========

6/30/2009 2:30:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
6/29/2009 7:44:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm
6/29/2009 2:16:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/29/2009 2:12:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2009 2:12:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/29/2009 2:12:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 2:12:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 2:12:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 2:12:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 2:12:39 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 11:14:36 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/29/2009 10:18:35 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
6/29/2009 10:17:55 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 2 time(s).
6/29/2009 1:26:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
6/29/2009 1:26:25 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 9:38:15 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 819d1da0, parameter3 819d1f14, parameter4 805c773e.
6/28/2009 9:37:01 PM, error: Service Control Manager [7022] - The msncache service hung on starting.
6/28/2009 8:37:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
6/28/2009 8:37:06 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The UStorage Server Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 8:36:59 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: Access is denied.
6/28/2009 8:36:59 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
6/28/2009 8:36:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2009 7:24:38 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
6/28/2009 6:46:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
6/28/2009 6:46:47 PM, error: Service Control Manager [7034] - The MsSecurity Updated service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 6:01:20 PM, error: Service Control Manager [7034] - The Security Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 4:15:07 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/28/2009 12:23:11 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 12:10:14 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/28/2009 12:10:11 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
6/28/2009 10:19:46 PM, error: Service Control Manager [7034] - The sopidkc Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 1:10:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
6/28/2009 1:10:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee WSC Integration service to connect.
6/28/2009 1:10:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
6/28/2009 1:10:05 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 1:10:05 PM, error: Service Control Manager [7000] - The McAfee WSC Integration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 1:10:05 PM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/27/2009 12:43:04 PM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
6/27/2009 12:40:32 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f8a9bb6c, parameter3 f8a9b868, parameter4 f83cf6d4.
6/26/2009 11:31:02 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

==== End Of File ===========================

tetonbob · 06-30-2009, 08:24 AM

One more script to run.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

DDS::
uInternet Settings,ProxyOverride = web
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {1a84989c-e083-4a5d-bd8f-857127a99ec2} - No File
BHO: {645d0c7e-ed58-4794-8919-312f43261aeb} - No File
BHO: {86C984C9-AAA6-414E-9370-C0CF070DE00F} - No File
BHO: {A1CBCCEA-D995-4C17-B660-9265A99C3895} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Go here to run an online scannner from ESET.
- Note: You will need to use Internet explorer for this scan
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

WIZARD6 · 06-30-2009, 10:30 AM

(Turn off the real time scanner of any existing antivirus program while performing the online scan )
not sure what this is or where to find it ---thanks

tetonbob · 06-30-2009, 10:32 AM

This is the same as we've been doing all along with McAfee. If you did not re-enable it after running ComboFix, it should still be disabled.

WIZARD6 · 06-30-2009, 11:00 AM

ComboFix 09-06-29.04 - Kathy 06/30/2009 12:40.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.229 [GMT -4:00]
Running from: c:\documents and settings\Kathy\Desktop\cbfix.exe
Command switches used :: c:\documents and settings\Kathy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 06:01 . 2009-06-30 06:01 -------- d-----w- c:\documents and settings\Kathy\Application Data\Malwarebytes
2009-06-30 06:01 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 06:01 . 2009-06-30 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 06:01 . 2009-06-30 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 06:01 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 05:45 . 2009-06-30 05:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-30 05:11 . 2009-06-30 05:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-30 04:39 . 2009-06-30 04:39 -------- d-----w- c:\windows\ie8updates
2009-06-30 00:40 . 2009-06-30 01:29 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-30 00:35 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-30 00:35 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-06-30 00:34 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-30 00:34 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-30 00:34 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-30 00:33 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-30 00:32 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-06-30 00:32 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-06-30 00:32 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-30 00:32 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-30 00:30 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-30 00:26 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-30 00:20 . 2006-02-15 00:22 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-06-30 00:20 . 2004-11-16 22:03 108791 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-06-30 00:20 . 2004-08-04 11:00 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-06-30 00:20 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2009-06-28 23:14 . 2009-06-28 23:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- c:\program files\trend micro
2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- C:\rsit
2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\IECompatCache
2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\PrivacIE
2009-06-28 16:43 . 2009-06-28 16:43 -------- d-sh--w- c:\documents and settings\Kathy\IETldCache
2009-06-28 16:10 . 2009-06-28 16:12 -------- dc-h--w- c:\windows\ie8
2009-06-28 05:17 . 2009-06-28 05:17 -------- d-----w- c:\documents and settings\Kathy\Application Data\AOL
2009-06-28 05:17 . 2009-06-28 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 05:43 . 2005-03-18 18:01 -------- d-----w- c:\program files\Java
2009-06-30 04:55 . 2008-01-02 00:50 -------- d-----w- c:\program files\BearShare Applications
2009-06-30 04:00 . 2005-03-18 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-30 04:00 . 2005-03-18 18:29 -------- d-----w- c:\program files\Viewpoint
2009-06-29 22:10 . 2005-03-18 18:25 -------- d-----w- c:\program files\McAfee.com
2009-06-28 17:53 . 2005-04-24 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-06-28 05:04 . 2008-02-22 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 05:15 . 2004-08-11 23:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2004-08-11 23:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2004-08-11 23:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-11 23:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_23.00.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 20:45 . 2008-09-30 20:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-06-30 06:30 . 2009-06-30 06:30 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat
+ 2005-05-26 08:16 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2005-03-23 21:04 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2004-08-11 23:12 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2007-01-29 08:58 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
+ 2009-06-30 00:22 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-30 00:22 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2004-08-11 23:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-11 23:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-11 23:00 . 2009-06-30 04:53 62332 c:\windows\system32\perfc009.dat
- 2004-08-11 23:00 . 2008-03-09 20:31 62332 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:11 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 23:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-11 23:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 23:11 . 2004-08-04 11:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 23:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2004-08-11 23:00 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
- 2004-08-11 23:00 . 2005-01-28 17:44 96768 c:\windows\system32\logagent.exe
+ 2004-08-11 23:00 . 2008-06-10 09:52 96768 c:\windows\system32\logagent.exe
+ 2004-08-11 23:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 23:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2005-03-23 21:04 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2004-08-11 23:12 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-11 23:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-11 23:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-11 23:11 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-11 23:11 . 2004-08-04 11:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-11 23:00 . 2008-06-10 09:52 96768 c:\windows\system32\dllcache\logagent.exe
- 2004-08-11 23:00 . 2005-01-28 17:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-11 23:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-11 23:00 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-11 23:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-11 23:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2009-06-30 04:29 . 2009-06-30 04:29 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-06-30 04:39 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-30 04:39 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
- 2005-03-18 18:02 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
+ 2005-03-18 18:02 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-11 23:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2006-06-19 20:19 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe
+ 2006-06-19 20:20 . 2009-03-11 02:18 239496 c:\windows\system32\WgaLogon.dll
+ 2004-08-11 23:11 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 23:11 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 23:11 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 23:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-11 23:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2004-08-11 23:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2004-08-11 23:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2004-08-11 23:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-11 23:00 . 2009-06-30 04:53 402994 c:\windows\system32\perfh009.dat
- 2004-08-11 23:00 . 2008-03-09 20:31 402994 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-11 23:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-11 23:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-11 23:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 245248 c:\windows\system32\mswsock.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-11 23:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-11 23:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2009-06-30 05:45 . 2009-06-30 05:44 148888 c:\windows\system32\javaws.exe
+ 2009-06-30 05:45 . 2009-06-30 05:44 144792 c:\windows\system32\javaw.exe
+ 2009-06-30 05:45 . 2009-06-30 05:44 144792 c:\windows\system32\java.exe
- 2004-08-11 23:12 . 2007-08-21 06:15 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-11 23:12 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-11 23:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 23:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-11 23:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 23:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2004-08-11 23:06 . 2008-04-12 11:31 297256 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 23:06 . 2009-06-30 04:45 297256 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 23:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-11 23:00 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-11 23:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-11 23:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2004-08-11 23:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-11 23:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-11 23:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-11 23:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
- 2004-08-11 23:00 . 2008-02-20 05:32 148992 c:\windows\system32\dnsapi.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-11 23:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-11 23:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-06-19 20:19 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2006-06-19 20:20 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
+ 2006-08-16 09:37 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-11 23:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-11 23:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-04-21 06:12 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-11 23:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2004-08-11 23:00 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-11 23:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-11 23:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-11 23:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-11 23:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-07-13 08:48 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-11 23:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-11 23:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-11 23:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-11 23:11 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-11 23:00 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-11 23:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-11 23:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-11 23:12 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2004-08-11 23:12 . 2007-08-21 06:15 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-11 23:00 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-11 23:00 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-11 23:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-11 23:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-11 23:11 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-11 23:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-11 23:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-11 23:00 . 2008-02-20 05:32 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2004-08-11 23:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-11 23:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2009-06-30 04:39 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-30 04:39 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-30 04:39 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-30 04:39 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-30 04:39 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-30 04:39 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2005-01-19 04:26 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-06-30 00:35 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-06-30 00:31 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-11 23:00 . 2008-06-10 11:07 2376760 c:\windows\system32\WMVCore.dll
+ 2004-08-11 23:00 . 2008-06-10 10:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2004-08-11 23:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2004-08-11 23:00 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
- 2004-08-11 23:00 . 2007-10-29 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-11 23:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-11 23:00 . 2009-02-06 17:24 2180480 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\system32\msxml4.dll
+ 2004-08-11 23:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-11 23:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
+ 2006-06-19 20:19 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll
- 2009-03-08 08:32 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-11 23:00 . 2008-06-10 11:07 2376760 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-11 23:00 . 2008-06-10 10:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-11 23:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-11 23:00 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-11 23:00 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2007-10-29 22:43 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2007-10-29 22:43 . 2007-10-29 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-11 23:00 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2007-02-28 08:38 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2004-08-04 04:59 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 14:15 . 2007-02-28 09:08 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-11 23:00 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-11 23:00 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-30 04:39 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-30 04:39 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-30 04:39 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-03-02 00:34 . 2007-02-28 08:38 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2007-02-28 09:08 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-03-08 08:39 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2009-06-30 04:39 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-18 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-05 185784]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-7-6 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-7-6 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Kathy\\My Documents\\All Mom's Stuff\\Dell Progs\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCMService.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2/22/2008 5:01 PM 311112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-06-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (POWERHOUSE-Kathy).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-03-18 23:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1a84989c-e083-4a5d-bd8f-857127a99ec2} - (no file)
BHO-{645d0c7e-ed58-4794-8919-312f43261aeb} - (no file)
BHO-{86C984C9-AAA6-414E-9370-C0CF070DE00F} - (no file)
BHO-{A1CBCCEA-D995-4C17-B660-9265A99C3895} - (no file)

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = mihproxy.broward.k12.fl.us:8888
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 12:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Activities]
@="{653DCCC2-13DB-45B2-A389-427885776CFE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Buttons]
@="{124597D8-850A-41AE-849C-017A4FA99CA2}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wheel]
@="{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wireless]
@="{20082881-FC36-4E47-9A7A-644C95FF749F}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\E75939E100E5E5640B3B31E95079FC5A\Usage]
@DACL=(02 0000)
"Main"=dword:2ef90001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\0]
@=""
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\1]
@=""
"http"=dword:00000000
"https"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\2]
@=""
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\3]
@=""
"http"=dword:00000000
"https"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\4]
@=""
"http"=dword:00000000
"https"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-06-30 12:53
ComboFix-quarantined-files.txt 2009-06-30 16:53
ComboFix2.txt 2009-06-30 03:16
ComboFix3.txt 2009-06-30 00:15
ComboFix4.txt 2009-06-29 21:41
ComboFix5.txt 2009-06-30 16:28

Pre-Run: 63,451,492,352 bytes free
Post-Run: 63,451,332,608 bytes free

373 --- E O F --- 2009-06-30 04:43

tetonbob · 06-30-2009, 11:24 AM

Great. Now, I'll be looking for the log from the ESET online scanner. That will take a while to complete.

I'd like to ask if your McAfee subscription is current. In the logs, it showed as Updated a few times, but now shows as outdated. There are a couple ways to check. Right click on the McAfee icon in the System Tray, and select Verify Subscription. Also, you can open McAfee Security Center. On the Protection Status page, near the bottom, there should be a section detailing the status of your subscription.

WIZARD6 · 06-30-2009, 11:30 AM

I don't no --anything i do not need on this laptop. just tell me if it bad i do not want it.
iI don't care about anything on it as long as it gets me where I want to go when were done

tetonbob · 06-30-2009, 11:33 AM

McAfee is a paid product. If you have a current subscription, there's no need to change. If you don't have a current subscription, there are other alternatives, including FREE antivirus. I'd be happy to provide alternatives, once I see the ESET log, and once I'm sure you've not already paid for McAfee. As mentioned, to find out, all you need to do is check the configuration page, but that must come after ESET scan is done, and McAfee is re-enabled. Not before, please.

WIZARD6 · 06-30-2009, 01:47 PM

before I click finish--eset online scanner . threats found . infected files 802 it's done scanning. but it shows a few things i'am not sure about. do i click( list of found threats) or, there is a box that wants to know .unstall application on close. do i check the box or .not. or do i just click finish and go to the log and send it. thanks

tetonbob · 06-30-2009, 02:28 PM

Just click finish, then post the log. It might be too large to post if there are that many finds. Try to attach it, please.

Attach the C:\Program Files\Eset\Eset Online Scanner\log.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload., or paste the file path C:\Program Files\Eset\Eset Online Scanner\log.txt into the Upload File from Your Computer box, then click Upload

WIZARD6 · 06-30-2009, 02:57 PM

I think this is it

tetonbob · 06-30-2009, 03:00 PM

Hi -

It doesn't appear as though the attachment worked. Please try again.

WIZARD6 · 06-30-2009, 03:03 PM

here it is

WIZARD6 · 06-30-2009, 03:08 PM

Don't know if that worked. and bye the way no i do not pay for Mcafee. and I don't see the icon on the system tray no more it was there but not now

tetonbob · 06-30-2009, 03:11 PM

Good work. That scan identified more (likely old) malware files.

One more script. You should be an old hand at this by now.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. If McAfee is still disabled, just continue on, please.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/389560-dell-imspiron-9300-spyware-doctor-problem-3.html#post2215833

File::
C:\Documents and Settings\Kathy\My Documents\All Mom's Stuff\Dell Progs\LimeWire\i run thislil wayne clean.mp3
Collect::
C:\22.tmp
C:\23.tmp
C:\24.tmp
C:\D7.tmp
C:\D8.tmp
C:\D9.tmp
C:\IjJM.exe
C:\info.exe
C:\WINDOWS\system32\amytsgjy.exe
C:\WINDOWS\system32\arltwtsv.exe
C:\WINDOWS\system32\ccjnrlnf.exe
C:\WINDOWS\system32\cgcmnuan.exe
C:\WINDOWS\system32\extypdru.exe
C:\WINDOWS\system32\gnjulltl.exe
C:\WINDOWS\system32\gobdoqwc.exe
C:\WINDOWS\system32\gqkvoelb.exe
C:\WINDOWS\system32\hsvljato.exe
C:\WINDOWS\system32\ichujwet.exe
C:\WINDOWS\system32\jwakqvvh.exe
C:\WINDOWS\system32\jwhicyhn.exe
C:\WINDOWS\system32\kgboyxtk.exe
C:\WINDOWS\system32\leenwvyg.exe
C:\WINDOWS\system32\lyggagaf.exe
C:\WINDOWS\system32\nhfehjax.exe
C:\WINDOWS\system32\oaybwtit.exe
C:\WINDOWS\system32\pubcuwda.exe
C:\WINDOWS\system32\ssfwkvaa.exe
C:\WINDOWS\system32\TmpX.exe
C:\WINDOWS\system32\uhxqqhgg.exe
C:\WINDOWS\system32\uoqfmuuo.exe
C:\WINDOWS\system32\wctagsyj.exe
C:\WINDOWS\system32\yvdhvwyx.exe
C:\WINDOWS\system32\xcsDd06\xcsDd061083.exe
DirLook::
C:\WINDOWS\system32\xcsDd06

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

ComboFix may request an update; please allow it.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
Please let me know if the file was successfully submitted . Thanks.

------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

About McAfee, we'll take care of that next. It may be best to uninstall it, and provide you with a different AntiVirus. I'll have specific instructions for that procedure after I see the next log from ComboFix.

06-29-2009, 09:31 PM	#61 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Dell imspiron 9300 spyware doctor problem Looking good... As far as McAfee goes, reverse the settings which were made using these instructions Double-click the taskbar icon to open the Security Center Click Advanced Menu (lower left) Click Configure (left) Click Computer & Files (upper left) VirusScan can be disabled on the right, and set when it should resume (30 minutes should be sufficient) or you choose Never, and re-enable manually after ComboFix has completed it's tasks. So, navigate to that panel, and change the settings to enabled. Let's leave Spyware Doctor disabled for now. Before we continue, I'd like a bit more information. Please go to Start > Run and copy/paste the following, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-29-2009, 09:36 PM	#62 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem Adobe Acrobat - Reader 6.0.2 Update Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Reader 6.0.1 Adobe Shockwave Player AIM 6 ALPS Touch Pad Driver AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOL Search AOL Uninstaller (Choose which Products to Remove) Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver Bat BearShare MediaBar Broadcom Management Programs 2 Conexant D110 MDC V.9x Modem Dell Digital Jukebox Driver Dell Media Experience Dell Picture Studio v3.0 Dell System Restore DellSupport Digital Line Detect Direct Show Ogg Vorbis Filter (remove only) FileMaker Pro 6 Get High Speed Internet! ImageMixer VCD2 Imation Disk Manager V a Service Intel(R) PROSet/Wireless Software Internal Network Card Power Management Internet Explorer Default Page iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 2 LimeWire 4.14.10 Macromedia Flash Player McAfee SecurityCenter McAfee VirusScan mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft IntelliPoint 5.4 Microsoft Office Small Business Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE mIWA mIWCA mLogView mMHouse Modem Helper mPfMgr mPfWiz mProSafe MSN mSSO MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) mToolkit Musicmatch for Windows Media Player Musicmatch® Jukebox mWlsSafe mXML My Way Search Assistant mZConfig NetWaiting Picaboo Picture Package Picture Package Music Transfer PowerDVD 5.3 Qualxserve Service Agreement QuickBooks Simple Start Special Edition QuickSet QuickTime RealPlayer Rhapsody Player Engine Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Sonic DLA Sonic MyDVD Sonic RecordNow! Sonic Update Manager Sony Picture Utility Sony USB Driver Spyware Doctor 5.1 UltraISO Premium V8.61 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB888310 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892627 Windows XP Hotfix - KB893056 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086

06-30-2009, 12:53 AM	#64 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem Malwarebytes' Anti-Malware 1.38 Database version: 2353 Windows 5.1.2600 Service Pack 2 6/30/2009 2:50:32 AM mbam-log-2009-06-30 (02-50-32).txt Scan type: Quick Scan Objects scanned: 93985 Time elapsed: 9 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

06-30-2009, 01:01 AM	#65 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem DDS (Ver_09-06-26.01) - NTFSx86 Run by Kathy at 2:54:50.51 on Tue 06/30/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.181 [GMT -4:00] AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Kathy\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyServer = mihproxy.broward.k12.fl.us:8888 uInternet Settings,ProxyOverride = web uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: {1a84989c-e083-4a5d-bd8f-857127a99ec2} - No File BHO: {645d0c7e-ed58-4794-8919-312f43261aeb} - No File BHO: {86C984C9-AAA6-414E-9370-C0CF070DE00F} - No File BHO: {A1CBCCEA-D995-4C17-B660-9265A99C3895} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll ============= SERVICES / DRIVERS =============== R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-10-6 126976] R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-10-6 122368] S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-2-22 41288] S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-2-22 62280] S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-2-22 79688] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-3-18 245760] S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-10-6 114464] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2008-2-22 311112] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2008-2-22 1418056] =============== Created Last 30 ================ 2009-06-30 02:01 <DIR> --d----- c:\docume~1\kathy\applic~1\Malwarebytes 2009-06-30 02:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-30 02:01 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-30 02:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-30 02:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-30 01:45 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-30 01:45 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-30 00:39 <DIR> --d----- c:\windows\ie8updates 2009-06-29 20:40 <DIR> --d----- c:\windows\system32\CatRoot_bak 2009-06-29 20:35 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-06-29 20:35 272,128 -------- c:\windows\system32\dllcache\bthport.sys 2009-06-29 20:34 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-06-29 20:34 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-06-29 20:34 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll 2009-06-29 20:33 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll 2009-06-29 20:32 283,648 -------- c:\windows\system32\dllcache\pdh.dll 2009-06-29 20:32 60,416 -------- c:\windows\system32\dllcache\colbact.dll 2009-06-29 20:32 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe 2009-06-29 20:32 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll 2009-06-29 20:30 331,776 -------- c:\windows\system32\dllcache\msadce.dll 2009-06-29 20:26 215,552 -------- c:\windows\system32\dllcache\wordpad.exe 2009-06-29 20:20 142,464 a------- c:\windows\system32\drivers\aec.sys 2009-06-29 20:20 108,791 a------- c:\windows\system32\drivers\Apfiltr.sys 2009-06-29 20:20 60,800 a------- c:\windows\system32\drivers\arp1394.sys 2009-06-29 20:20 14,336 a------- c:\windows\system32\drivers\asyncmac.sys 2009-06-28 19:06 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-06-28 18:29 <DIR> a-dshr-- C:\cmdcons 2009-06-28 18:03 161,792 a------- c:\windows\SWREG.exe 2009-06-28 18:03 155,136 a------- c:\windows\PEV.exe 2009-06-28 18:03 98,816 a------- c:\windows\sed.exe 2009-06-28 16:19 <DIR> --d----- c:\program files\trend micro 2009-06-28 12:55 <DIR> --dsh--- c:\documents and settings\kathy\IECompatCache 2009-06-28 12:55 <DIR> --dsh--- c:\documents and settings\kathy\PrivacIE 2009-06-28 12:43 <DIR> --dsh--- c:\documents and settings\kathy\IETldCache 2009-06-28 12:10 <DIR> -cd-h--- c:\windows\ie8 2009-06-28 01:17 <DIR> --d----- c:\docume~1\kathy\applic~1\AOL ==================== Find3M ==================== 2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll 2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll 2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys 2009-04-17 05:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 11:11 584,192 a------- c:\windows\system32\dllcache\rpcrt4.dll 2007-05-19 11:37 1,664 ac------ c:\docume~1\kathy\applic~1\ViewerApp.dat ============= FINISH: 2:55:37.50 ===============

06-30-2009, 10:30 AM	#68 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem (Turn off the real time scanner of any existing antivirus program while performing the online scan ) not sure what this is or where to find it ---thanks

06-30-2009, 10:32 AM	#69 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Dell imspiron 9300 spyware doctor problem This is the same as we've been doing all along with McAfee. If you did not re-enable it after running ComboFix, it should still be disabled. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-30-2009, 11:24 AM	#71 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Dell imspiron 9300 spyware doctor problem Great. Now, I'll be looking for the log from the ESET online scanner. That will take a while to complete. I'd like to ask if your McAfee subscription is current. In the logs, it showed as Updated a few times, but now shows as outdated. There are a couple ways to check. Right click on the McAfee icon in the System Tray, and select Verify Subscription. Also, you can open McAfee Security Center. On the Protection Status page, near the bottom, there should be a section detailing the status of your subscription. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-30-2009, 11:30 AM	#72 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem I don't no --anything i do not need on this laptop. just tell me if it bad i do not want it. iI don't care about anything on it as long as it gets me where I want to go when were done

06-30-2009, 11:33 AM	#73 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Dell imspiron 9300 spyware doctor problem McAfee is a paid product. If you have a current subscription, there's no need to change. If you don't have a current subscription, there are other alternatives, including FREE antivirus. I'd be happy to provide alternatives, once I see the ESET log, and once I'm sure you've not already paid for McAfee. As mentioned, to find out, all you need to do is check the configuration page, but that must come after ESET scan is done, and McAfee is re-enabled. Not before, please. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-30-2009, 01:47 PM	#74 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem before I click finish--eset online scanner . threats found . infected files 802 it's done scanning. but it shows a few things i'am not sure about. do i click( list of found threats) or, there is a box that wants to know .unstall application on close. do i check the box or .not. or do i just click finish and go to the log and send it. thanks

06-30-2009, 02:28 PM	#75 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Dell imspiron 9300 spyware doctor problem Just click finish, then post the log. It might be too large to post if there are that many finds. Try to attach it, please. *Attach* the C:\Program Files\Eset\Eset Online Scanner\log.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload., or paste the file path C:\Program Files\Eset\Eset Online Scanner\log.txt into the Upload File from Your Computer box, then click Upload __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-30-2009, 02:57 PM	#76 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem I think this is it

06-30-2009, 03:00 PM	#77 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Dell imspiron 9300 spyware doctor problem Hi - It doesn't appear as though the attachment worked. Please try again. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-30-2009, 03:08 PM	#79 (permalink)
WIZARD6 Registered User Join Date: May 2009 Posts: 116 OS: win xp	Re: Dell imspiron 9300 spyware doctor problem Don't know if that worked. and bye the way no i do not pay for Mcafee. and I don't see the icon on the system tray no more it was there but not now