Computer hangs. Pop-ups just starting. Strange symptoms.

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

I look forward to your reply so we can begin cleaning.

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 

Hi Bugbatter and thank you for your response.

 

To address your issues:

 

Have not posted elsewhere. 

Have not disable system restore.

No cracked software.

No P2P

Have authority

 

Question:  Additional online work?  Do you mean I can access this message board during cleanup?

 

Also, prior to your reply, I did a scan with Malwarebytes.  Here is the log and a new hijack this log.

 

Thank you again for your reply.

Malwarebytes:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4145

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

5/26/2010 11:58:47 AM

mbam-log-2010-05-26 (11-58-47).txt

 

Scan type: Quick scan

Objects scanned: 171460

Time elapsed: 19 minute(s), 29 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

C:\Program Files\Shared\lib.dll (Trojan.BHO) -> No action taken.

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> No action taken.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Program Files\Shared\lib.dll (Trojan.BHO) -> No action taken.

C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> No action taken.

 

 

Hijack this:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:50:54 PM, on 5/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\emaudsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sttray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-682003330-507921405-2147183463-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mary')

O4 - HKUS\S-1-5-21-682003330-507921405-2147183463-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mary')

O4 - HKUS\S-1-5-21-682003330-507921405-2147183463-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Caiti')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter hijack: text/html - {97604aea-7a75-4467-aa34-c73c77a34de0} - C:\WINDOWS\msv1_0.dll

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 9308 bytes

Do you mean I can access this message board during cleanup?

Yes, you can access this board. We are mainly concerned with surfing, emailing, etc.

Your version of MBAM is outdated. Please update to at least database 4154. Following that, please run another scan with MBAM. Make sure you click on "Remove Selected". Please post your MBAM log showing what was removed, along with two logs from the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

1. DDS.txt
2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum along with your MBAM log.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection.

* Special instructions for McAfee users:

McAfee interferes with many of our tools. We'll need to disable McAfee. If that does not work, please uninstall McAfee. (If you have the CD's, or use McAfee Support,  you can re-install it once we have verified that the computer is clean.)

• Please open McAfee Security Centre
• Under Common Tasks click on Home
• Click Computer Files
• Click Configure
• Make sure the following are disabled by ticking the "Off" button.

Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)

• Next, select never for "When to re-enable real time scanning"
• and click OK.

Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820

Finally, run the DDS scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4155

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

5/30/2010 11:07:04 AM

mbam-log-2010-05-30 (11-07-04).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 268897

Time elapsed: 1 hour(s), 5 minute(s), 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86 
Run by The Zapper at 11:33:04.98 on Sun 05/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1300 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\The Zapper\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [E-MU USB Audio Control Panel] "c:\program files\creative professional\e-mu usb audio\e-mu usb audio\EmuUsbAudioCP.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/html - {97604aea-7a75-4467-aa34-c73c77a34de0} - c:\windows\msv1_0.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-5 214664]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2006-11-20 10240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-5 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-5 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-5 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-5 35272]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2006-11-20 142208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\thezap~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys

[2010-5-26 70144]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-5 40552]
S4 Hkenncemim;Hkenncemim;
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-5 606736]

=============== Created Last 30 ================

2010-05-26 18:12:43 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-05-25 18:05:52 0 d-----w- c:\program files\Trend Micro
2010-05-25 16:04:40 12868 ----a-w- c:\documents and settings\the zapper\.recently-used.xbel
2010-05-21 16:31:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-21 16:31:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-20 20:33:07 0 d-----w- c:\program files\Shared

==================== Find3M  ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-05-14 01:28:04 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 11:33:29.53 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2008 1:40:45 PM
System Uptime: 5/30/2010 8:31:03 AM (3 hours ago)

Motherboard: Dell Inc.           |  | 0JC474
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 238.543 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP584: 3/1/2010 9:13:23 AM - System Checkpoint
RP585: 3/2/2010 6:45:29 PM - System Checkpoint
RP586: 3/3/2010 9:53:32 PM - System Checkpoint
RP587: 3/4/2010 10:16:59 PM - System Checkpoint
RP588: 3/6/2010 8:22:19 AM - System Checkpoint
RP589: 3/7/2010 9:10:19 AM - System Checkpoint
RP590: 3/8/2010 10:42:06 AM - System Checkpoint
RP591: 3/9/2010 11:27:13 AM - System Checkpoint
RP592: 3/10/2010 12:01:10 PM - System Checkpoint
RP593: 3/11/2010 12:39:15 AM - Software Distribution Service 3.0
RP594: 3/11/2010 11:38:45 PM - Installed Java(TM) 6 Update 18
RP595: 3/13/2010 10:17:06 AM - System Checkpoint
RP596: 3/14/2010 12:37:49 PM - System Checkpoint
RP597: 3/15/2010 1:54:45 PM - System Checkpoint
RP598: 3/16/2010 3:39:38 PM - System Checkpoint
RP599: 3/17/2010 4:34:03 PM - System Checkpoint
RP600: 3/18/2010 4:36:07 PM - System Checkpoint
RP601: 3/19/2010 5:27:08 PM - System Checkpoint
RP602: 3/19/2010 6:15:13 PM - Installed FinePixViewer
RP603: 3/19/2010 6:15:18 PM - Installed FinePixViewer
RP604: 3/19/2010 6:16:18 PM - Installed FinePixViewer Resource
RP605: 3/19/2010 6:17:04 PM - Installed FinePix Studio
RP606: 3/19/2010 6:18:38 PM - Installed ImageMixer VCD2 LE for FinePix
RP607: 3/20/2010 6:41:18 PM - System Checkpoint
RP608: 3/21/2010 6:44:25 PM - System Checkpoint
RP609: 3/22/2010 7:04:41 PM - System Checkpoint
RP610: 3/23/2010 8:23:21 PM - System Checkpoint
RP611: 3/24/2010 10:01:08 PM - System Checkpoint
RP612: 3/25/2010 10:41:42 PM - System Checkpoint
RP613: 3/27/2010 8:49:58 AM - System Checkpoint
RP614: 3/28/2010 9:36:18 AM - System Checkpoint
RP615: 3/29/2010 10:32:47 AM - System Checkpoint
RP616: 3/30/2010 1:31:50 PM - System Checkpoint
RP617: 3/31/2010 9:55:46 AM - Removed FinePixViewer
RP618: 3/31/2010 9:56:31 AM - Removed FinePixViewer Resource
RP619: 3/31/2010 9:57:40 AM - Removed FinePix Studio
RP620: 3/31/2010 7:54:09 PM - Software Distribution Service 3.0
RP621: 4/1/2010 7:38:55 PM - Removed ImageMixer VCD2 LE for FinePix
RP622: 4/2/2010 10:24:16 PM - System Checkpoint
RP623: 4/3/2010 11:08:31 PM - System Checkpoint
RP624: 4/5/2010 8:49:40 AM - System Checkpoint
RP625: 4/6/2010 10:15:02 AM - System Checkpoint
RP626: 4/7/2010 11:33:12 AM - System Checkpoint
RP627: 4/8/2010 11:58:42 AM - System Checkpoint
RP628: 4/9/2010 1:06:12 PM - System Checkpoint
RP629: 4/10/2010 4:39:30 PM - System Checkpoint
RP630: 4/11/2010 4:52:41 PM - System Checkpoint
RP631: 4/12/2010 7:08:04 PM - System Checkpoint
RP632: 4/13/2010 10:02:38 PM - System Checkpoint
RP633: 4/14/2010 10:43:41 PM - System Checkpoint
RP634: 4/15/2010 7:18:51 AM - Software Distribution Service 3.0
RP635: 4/16/2010 3:25:45 PM - System Checkpoint
RP636: 4/17/2010 5:57:20 PM - System Checkpoint
RP637: 4/18/2010 6:32:07 PM - System Checkpoint
RP638: 4/20/2010 8:39:10 AM - System Checkpoint
RP639: 4/21/2010 1:24:06 PM - System Checkpoint
RP640: 4/22/2010 5:29:28 PM - System Checkpoint
RP641: 4/23/2010 6:16:03 PM - System Checkpoint
RP642: 4/24/2010 7:52:52 PM - System Checkpoint
RP643: 4/25/2010 10:08:05 PM - System Checkpoint
RP644: 4/27/2010 8:32:23 AM - System Checkpoint
RP645: 4/28/2010 2:34:05 PM - System Checkpoint
RP646: 4/29/2010 4:17:43 PM - System Checkpoint
RP647: 4/30/2010 5:16:16 PM - System Checkpoint
RP648: 5/1/2010 6:49:28 PM - System Checkpoint
RP649: 5/2/2010 7:02:58 PM - System Checkpoint
RP650: 5/3/2010 8:23:29 PM - System Checkpoint
RP651: 5/4/2010 9:41:48 PM - System Checkpoint
RP652: 5/5/2010 10:22:50 PM - System Checkpoint
RP653: 5/7/2010 12:24:26 PM - System Checkpoint
RP654: 5/8/2010 6:24:27 PM - System Checkpoint
RP655: 5/9/2010 7:32:18 PM - System Checkpoint
RP656: 5/10/2010 9:22:13 PM - System Checkpoint
RP657: 5/11/2010 9:23:33 PM - System Checkpoint
RP658: 5/12/2010 9:54:45 PM - System Checkpoint
RP659: 5/13/2010 12:55:26 AM - Software Distribution Service 3.0
RP660: 5/14/2010 8:42:12 AM - System Checkpoint
RP661: 5/15/2010 12:14:55 PM - System Checkpoint
RP662: 5/16/2010 9:16:44 PM - System Checkpoint
RP663: 5/17/2010 9:59:18 PM - System Checkpoint
RP664: 5/18/2010 10:01:41 PM - System Checkpoint
RP665: 5/20/2010 8:38:06 AM - System Checkpoint
RP666: 5/21/2010 12:30:53 PM - Removed Java(TM) 6 Update 13
RP667: 5/21/2010 12:31:29 PM - Installed Java(TM) 6 Update 20
RP668: 5/22/2010 2:46:13 PM - System Checkpoint
RP669: 5/23/2010 6:49:28 PM - System Checkpoint
RP670: 5/25/2010 12:35:17 PM - System Checkpoint
RP671: 5/26/2010 1:07:32 PM - System Checkpoint
RP672: 5/27/2010 9:18:14 AM - Software Distribution Service 3.0
RP673: 5/28/2010 11:30:48 AM - System Checkpoint
RP674: 5/29/2010 11:39:48 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Active@ Boot Disk Demo
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 9.3
AmpliTube LE
AutoUpdate
Brother MFL-Pro Suite
Cakewalk VST Adapter 4
Camera Window
Canon Camera WIA Driver
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss REBEL 300D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell Support Center (Support Software)
discWelder BRONZE Trial (E-MU)
DivX Codec
DivX Converter
DivX Player
DreamStation DXi2
E-MU USB Audio
ESPNMotion
ffdshow (remove only)
File Viewer Utility 1.3.2
GEAR 32bit Driver Installer
GemMaster Mystic
Gnumeric Spreadsheet 1.9.16-20091130
GoToMeeting 4.0.0.320
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 20
Live 4.1.5
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MelodyneEssential 1.5
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2000 SR-1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2000
Move Media Player
Otto
PaperPort
PhotoStitch
PowerDVD 5.5
Proteus VX
RAW Image Task
RemoteCapture 2.7.5
RemoteCapture Task
Riva FLV Player
SafeCast Shared Components
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SigmaTel Audio
SONAR LE
Spelling Dictionaries Support For Adobe Reader 9
Steinberg Cubase LE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WaveLab Lite
WebFldrs XP
WebLog Expert Lite 5.1
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
Yahoo! SiteBuilder
Zoo Tycoon 2

==== Event Viewer Messages From Past Week ========

5/29/2010 6:03:39 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the

mcmscsvc service.
5/26/2010 4:46:50 PM, error: Service Control Manager [7031]  - The McAfee Real-time Scanner service terminated unexpectedly.  It has done

this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/26/2010 2:25:55 PM, error: PlugPlayManager [11]  - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being

prepared for removal.
5/26/2010 12:02:59 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PCIIde
5/24/2010 9:06:19 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 001320A7803B has

been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/23/2010 8:41:15 PM, error: Service Control Manager [7016]  - The BrSplService service has reported an invalid current state 0.

==== End Of File ===========================

 

 

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(Please use the instructions above for disabling McAfee.)


Double click on ComboFix.exe & follow the prompts.

• As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

 

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

I no longer have McAffee in my start up menu.  I as far as I recall, I have no other A/V.  Should I be concerned?

 

 

ComboFix 10-05-29.05 - The Zapper 05/30/2010  12:55:45.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -4:00]
Running from: c:\documents and settings\The Zapper\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\The Zapper\g2mdlhlpx.exe
c:\program files\Shared
c:\windows\msv1_0.dll
c:\windows\system32\Data
c:\windows\system32\drivers\1028_DELL_XPS_Dell DV051                   .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DV051                   .MRK
c:\windows\system32\msvcsv60.dll
c:\windows\system32\Vb40032.dll

.
(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-30  )))))))))))))))))))))))))))))))
.

2010-05-26 18:12 . 2010-05-26 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-05-25 18:05 . 2010-05-25 18:05 -------- d-----w- c:\program files\Trend Micro
2010-05-21 16:31 . 2010-05-21 16:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 16:31 . 2010-05-21 16:31 -------- d-----w- c:\program files\Java

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 18:33 . 2010-02-01 21:00 -------- d-----w- c:\documents and settings\The Zapper\Application Data\gtk-2.0
2010-05-20 14:40 . 2009-05-13 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 18:49 . 2008-08-05 18:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-29 19:39 . 2009-05-13 18:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-05-13 18:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 23:41 . 2008-08-05 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 21:02 . 2010-03-19 22:15 -------- d-----w- c:\program files\FinePixViewer
2010-03-22 20:36 . 2008-09-21 23:47 16 ----a-w- c:\windows\msocreg32.dat
2010-03-18 15:59 . 2010-03-18 15:59 503808 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4564d906-n\msvcp71.dll
2010-03-18 15:59 . 2010-03-18 15:59 499712 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4564d906-n\jmc.dll
2010-03-18 15:59 . 2010-03-18 15:59 348160 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4564d906-n\msvcr71.dll
2010-03-18 15:59 . 2010-03-18 15:59 61440 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1f9049d5-n\decora-sse.dll
2010-03-18 15:59 . 2010-03-18 15:59 12800 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1f9049d5-n\decora-d3d.dll
2010-03-13 05:15 . 2010-03-13 05:15 503808 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2157d926-n\msvcp71.dll
2010-03-13 05:15 . 2010-03-13 05:15 348160 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2157d926-n\msvcr71.dll
2010-03-13 05:15 . 2010-03-13 05:15 499712 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2157d926-n\jmc.dll
2010-03-13 05:15 . 2010-03-13 05:15 61440 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f233cc6-n\decora-sse.dll
2010-03-13 05:15 . 2010-03-13 05:15 12800 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f233cc6-n\decora-d3d.dll
2010-03-12 04:39 . 2010-03-12 04:39 503808 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a99686c-n\msvcp71.dll
2010-03-12 04:39 . 2010-03-12 04:39 499712 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a99686c-n\jmc.dll
2010-03-12 04:39 . 2010-03-12 04:39 348160 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a99686c-n\msvcr71.dll
2010-03-12 04:39 . 2010-03-12 04:39 61440 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b3d6c74-n\decora-sse.dll
2010-03-12 04:39 . 2010-03-12 04:39 12800 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b3d6c74-n\decora-d3d.dll
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"E-MU USB Audio Control Panel"="c:\program files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe" [2006-11-18 274432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-7 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-11-12 819200]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/20/2006 5:29 AM 10240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 10:13 PM 93320]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/20/2006 5:29 AM 142208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\THEZAP~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\THEZAP~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S4 Hkenncemim;Hkenncemim;
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-05 16:22]

2010-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-05 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 13:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

c:\docume~1\THEZAP~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(3388)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-05-30  13:09:04
ComboFix-quarantined-files.txt  2010-05-30 17:09

Pre-Run: 256,051,499,008 bytes free
Post-Run: 263,437,438,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 83207F6F11AFE2550C003264B7682AA8

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:43 PM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-682003330-507921405-2147183463-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mary')
O4 - HKUS\S-1-5-21-682003330-507921405-2147183463-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mary')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8728 bytes

 

Disconnect from the internet....pull the plug!
Disable your AntiVirus (as you did before) and AntiSpyware applications, usually via a right click on the System Tray.
Otherwise, they may interfere with running ComboFix.

Open Notepad and copy/paste the following text between the lines below. Do not copy the dotted lines.
 ** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces. It will copy correctly to Notepad if you highlight and copy as is.

-----------------------------------------------------------------------------------

DEQUARANTINE::
c:\qoobox\quarantine\c\windows\system32\msvcsv60.dll.vir
c:\qoobox\quarantine\windows\system32\Vb40032.dll.vir
c:\qoobox\quarantine\\documents and settings\The Zapper\g2mdlhlpx.exe.vir

Quit::

----------------------------------------------------------------------------
Save this as CFScript.txt

Referring to the picture above, drag CFScript into ComboFix.exe

You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt

Please submit the file in bold to the following link for a scan, then post the results in your next message for me to see.
http://virusscan.jotti.org/
c:\windows\system32\msvcsv60.dll

Post the results from ComboFix and Jotti .  Let me know how things are running.

Combo fix did not produce a log file.  It did however produce the following txt file entitled "dequarantine.txt" and I've pasted the content.

C:\ComboFix.txtc:\qoobox\quarantine\c\windows\system32\msvcsv60.dll.vir -> c:\windows\system32\msvcsv60.dll ( 16 bytes )

There was no log at C:\combofix.txt

Here are the results from jotti:

Filename:	msvcsv60.dll
Status:	Scan finished. 0 out of 19 scanners reported malware.
Scan taken on:	Mon 31 May 2010 01:45:03 (CET) Permalink

File size:	16 bytes
Filetype:	Unknown
MD5:	e41a9e23deb0682f6189547fb9393dcb
SHA1:	c89e9220245d8b3c4d207769002a32aceaae83ff

That was my mistake. When we use "Quit" the ComboFix run takes less time and does not produce a log.

Disconnect from the internet....pull the plug!
Disable your AntiVirus (as you did before) and AntiSpyware applications, usually via a right click on the System Tray.
Otherwise, they may interfere with running ComboFix.

Open Notepad and copy/paste the following text between the lines below. Do not copy the dotted lines.
 ** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces. It will copy correctly to Notepad if you highlight and copy as is.

-----------------------------------------------------------------------------------

DEQUARANTINE::
c:\qoobox\quarantine\windows\system32\Vb40032.dll.vir
c:\qoobox\quarantine\documents and settings\The Zapper\g2mdlhlpx.exe.vir

Quit::

----------------------------------------------------------------------------
Save this as CFScript.txt

Referring to the picture above, drag CFScript into ComboFix.exe

After Combofix is done please post the
DEQUARANTINE log.

Let me know if you are still experiencing symptoms of malware.

Hi Bugbatter,

This time it did produce a log.  Not sure if I did something wrong.  Dequarantine.txt did not change.

I have posted the combofix log below:

 

ComboFix 10-05-29.05 - The Zapper 05/30/2010  22:47:17.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1306 [GMT -4:00]
Running from: c:\documents and settings\The Zapper\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Zapper\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvcsv60.dll

.
(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-31  )))))))))))))))))))))))))))))))
.

2010-05-26 18:12 . 2010-05-26 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-05-25 18:05 . 2010-05-25 18:05 -------- d-----w- c:\program files\Trend Micro
2010-05-21 16:31 . 2010-05-21 16:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 16:31 . 2010-05-21 16:31 -------- d-----w- c:\program files\Java

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 18:33 . 2010-02-01 21:00 -------- d-----w- c:\documents and settings\The Zapper\Application Data\gtk-2.0
2010-05-20 14:40 . 2009-05-13 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 18:49 . 2008-08-05 18:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-29 19:39 . 2009-05-13 18:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-05-13 18:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 23:41 . 2008-08-05 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-22 20:36 . 2008-09-21 23:47 16 ----a-w- c:\windows\msocreg32.dat
2010-03-18 15:59 . 2010-03-18 15:59 503808 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4564d906-n\msvcp71.dll
2010-03-18 15:59 . 2010-03-18 15:59 499712 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4564d906-n\jmc.dll
2010-03-18 15:59 . 2010-03-18 15:59 348160 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4564d906-n\msvcr71.dll
2010-03-18 15:59 . 2010-03-18 15:59 61440 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1f9049d5-n\decora-sse.dll
2010-03-18 15:59 . 2010-03-18 15:59 12800 ----a-w- c:\documents and settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1f9049d5-n\decora-d3d.dll
2010-03-13 05:15 . 2010-03-13 05:15 503808 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2157d926-n\msvcp71.dll
2010-03-13 05:15 . 2010-03-13 05:15 348160 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2157d926-n\msvcr71.dll
2010-03-13 05:15 . 2010-03-13 05:15 499712 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2157d926-n\jmc.dll
2010-03-13 05:15 . 2010-03-13 05:15 61440 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f233cc6-n\decora-sse.dll
2010-03-13 05:15 . 2010-03-13 05:15 12800 ----a-w- c:\documents and settings\Caiti\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f233cc6-n\decora-d3d.dll
2010-03-12 04:39 . 2010-03-12 04:39 503808 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a99686c-n\msvcp71.dll
2010-03-12 04:39 . 2010-03-12 04:39 499712 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a99686c-n\jmc.dll
2010-03-12 04:39 . 2010-03-12 04:39 348160 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a99686c-n\msvcr71.dll
2010-03-12 04:39 . 2010-03-12 04:39 61440 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b3d6c74-n\decora-sse.dll
2010-03-12 04:39 . 2010-03-12 04:39 12800 ----a-w- c:\documents and settings\The Zapper\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b3d6c74-n\decora-d3d.dll
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-05-30_17.06.39   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-05 17:43 . 2010-05-31 01:39 32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-05 17:43 . 2010-05-30 12:37 32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-30 17:15 . 2010-05-31 01:39 32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-05 17:43 . 2010-05-30 12:37 32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"E-MU USB Audio Control Panel"="c:\program files\Creative Professional\E-MU USB Audio\E-MU USB Audio\EmuUsbAudioCP.exe" [2006-11-18 274432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-7 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-11-12 819200]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/20/2006 5:29 AM 10240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 10:13 PM 93320]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/20/2006 5:29 AM 142208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\THEZAP~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\THEZAP~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S4 Hkenncemim;Hkenncemim;
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-05 16:22]

2010-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-05 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(3388)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-05-30  22:54:30
ComboFix-quarantined-files.txt  2010-05-31 02:54
ComboFix2.txt  2010-05-30 17:09

Pre-Run: 263,455,784,960 bytes free
Post-Run: 263,432,441,856 bytes free

- - End Of File - - 10B3B48B674FDCAA9EB8FCA3E9AAAF85

Please run this script again using the same procedure for disabling AV and dragging into ComboFix..

---------------------------------------------------------

DEQUARANTINE::
c:\qoobox\quarantine\c\windows\system32\msvcsv60.dll.vir
c:\qoobox\quarantine\windows\system32\Vb40032.dll.vir
c:\qoobox\quarantine\\documents and settings\The Zapper\g2mdlhlpx.exe.vir

Quit::

---------------------------------------------------------------------

When finished please post the log.

Dequarantine.txt:

c:\qoobox\quarantine\c\windows\system32\msvcsv60.dll.vir -> c:\windows\system32\msvcsv60.dll ( 16 bytes )

Looks as if we'll have to do this manually.

Please go to this directory:
c:\qoobox\quarantine

Do you see these files in there?
c:\qoobox\quarantine\windows\system32\Vb40032.dll.vir
c:\qoobox\quarantine\documents and settings\The Zapper\g2mdlhlpx.exe.vir

If so, please rename them to remove the .vir extension. Use Cut>Paste to restore them to their original location.

Here:  c:\windows\system32\Vb40032.dll

and here: c:\documents and settings\The Zapper\g2mdlhlpx.exe

Reboot

Following that, please run an online virus scan by Kaspersky from HERE.

• 1. At the main page. Press on " Accept". After reading the contents.
  2. At the next window Select Update. Allow the Database to update.
  Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
  3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
  4. Select Scan Report.
  5. If any threats were found they will appear in the report
  6. Select "Save error report as"
  Then in the file name just type in kaspersky
  Under "save as type" select text .txt
  Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.

While I was searching the quarantine folder for:

c:\qoobox\quarantine\windows\system32\Vb40032.dll.vir
c:\qoobox\quarantine\documents and settings\The Zapper\g2mdlhlpx.exe.vir

I also found:

C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcsv60.dll.vir

I did nothing with it, becase I was not instructed to.   However, I wanted to keep you informed.

Here is the log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Monday, May 31, 2010
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Monday, May 31, 2010 11:02:54
 Records in database: 4193808
--------------------------------------------------------------------------------

Scan settings:
 scan using the following database: extended
 Scan archives: yes
 Scan e-mail databases: yes

Scan area - My Computer:
 C:\
 D:\

Scan statistics:
 Objects scanned: 96492
 Threats found: 6
 Infected objects found: 25
 Suspicious objects found: 0
 Scan duration: 02:29:54

File name / Threat / Threats count
C:\Documents and Settings\The Zapper\My Documents\Documents\MOM\BACKUP\email backup\{109BF6E3-47F4-11DA-A832-000476DE5E7F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Doombot.g 19
C:\Documents and Settings\The Zapper\My Documents\Documents\MOM\BACKUP\email backup\{FC400EC5-E3C2-11DD-A833-000476DE5E7F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan.Win32.FraudPack.anmu 1
C:\Documents and Settings\The Zapper\My Documents\Documents\MOM\BACKUP\email backup\{FC400EC5-E3C2-11DD-A833-000476DE5E7F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan.Win32.Sasfis.ajhu 1
C:\Documents and Settings\The Zapper\My Documents\Documents\MOM\BACKUP\email backup\{FC400EC5-E3C2-11DD-A833-000476DE5E7F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Downloader.Win32.FraudLoad.gmx 2
C:\Documents and Settings\The Zapper\My Documents\Documents\MOM\BACKUP\email backup\{FC400EC5-E3C2-11DD-A833-000476DE5E7F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Downloader.Win32.Losabel.bsv 1
C:\Documents and Settings\The Zapper\My Documents\Documents\MOM\BACKUP\email backup\{FC400EC5-E3C2-11DD-A833-000476DE5E7F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Downloader.Win32.Losabel.bsw 1

Selected area has been scanned.

 It appears that MOM had some infected emails.

Please take a look to make sure this was actually restored from qoobox\quarantine to here: C\WINDOWS\system32\msvcsv60.dll

If so, we won't worry about the copy in qoobox\quarantine If it is not in your System32 folder, please remove the .vir extension and restore it just as you did with the others.

Let me know  how that goes.