Skip to main content

Bugbatter

3 Apprentice

 • 

20.5K Posts

March 31st, 2009 15:00

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning. We can check for malware and perhaps find out if the problem is that or just "old age".

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 

kittois

65 Posts

April 1st, 2009 19:00

THANKS FOR YOUR REPLY.  I HAVE PASTED PARTS OF YOUR EMAIL BELOW AND REPLIED TO YOUR QUESTIONS IN ALL CAPS.

"Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic. NO

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly. HAVE NOT

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.  NONE USED

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    NOT USING

* If this computer belongs to someone else, do you have authority to apply the fixes we will use? ITS MINE

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log. DID NOT -- JUST RAN THE LOG.  I DID RUN THE C CLEANER A WHILE AGO TO TRY TO SPEED IT UP A BIT AND DELETED WHAT I HOPED TO BE JUST EXCESS FILES.

I look forward to your reply so we can begin cleaning. We can check for malware and perhaps find out if the problem is that or just "old age". IF ITS NOT MALWARE, PERHAPS ITS OLD AGE OR JUST TOO MUCH "STUFF" .  UNFORTUNATELY, WE ARE PACK RATS EVEN WHEN IT COMES TO COMPUTERS.

 

Bugbatter

3 Apprentice

 • 

20.5K Posts

April 1st, 2009 19:00


We need to see some additional information about what is happening in your machine.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs

  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.

  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

kittois

65 Posts

April 1st, 2009 21:00

As requested, here are both logs. 

On another topic -- and you aren't going to believe my luck -- my laptop (the other computer in the house -- was just taken ovewr by MS 2009 and is now all locked up -- worse thatn the slow and old desktop.  I am going to have to post that as well.  I hope it won't be too confusing but with thisa one slow and that one siezed up, I'm gonna be out of commission!!

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2005 11:44:42 AM
System Uptime: 4/1/2009 8:44:56 PM (4 hours ago)

Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 48.46 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_01811028&REV_04\3&172E68DD&0&11
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_01811028&REV_04\3&172E68DD&0&11
Service: ialm

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Service:

==== System Restore Points ===================

 

DDS (Ver_09-03-16.01) - NTFSx86 
Run by MILISSA MURRAY at  0:06:04.70 on Thu 04/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.502.76 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1167420152\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\MILISSA MURRAY\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=toolbar
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Gamevance Text: {7370f91f-6994-4595-9949-601fa2261c8d} - c:\program files\gamevance\gvtl.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.1a\AOL.EXE" -b
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Motive SmartBridge] c:\progra~1\verizo~1\suppor~1\smartb~1\MotiveSB.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [QMusic2] "c:\program files\benq\qmusic2\QMAgent.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LifeScape Media Detector] c:\program files\picasa\PicasaMediaDetector.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1167420152\ee\AOLSoftware.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
StartupFolder: c:\documents and settings\milissa murray\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verizo~1.lnk - c:\program files\verizon online\supportcenter\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm801RKUS
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167406600296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-21 201320]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2007-9-9 53752]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-7 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-21 144704]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-21 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-21 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-21 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-21 40488]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-3-1 28762]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-21 33832]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-03-30 22:15 

 --d----- c:\program files\Trend Micro
2009-03-28 18:05   --d----- c:\program files\common files\DivX Shared
2009-03-28 18:05   --d----- c:\program files\DivX

==================== Find3M  ====================

2009-03-01 17:25 28,672 a------- c:\windows\system32\f3PSSavr.scr
2009-02-13 00:05 184,310 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2007-02-26 21:08 774,144 ac------ c:\program files\RngInterstitial.dll
2008-10-31 09:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103120081101\index.dat

============= FINISH:  0:07:20.29 ===============

Bugbatter

3 Apprentice

 • 

20.5K Posts

April 2nd, 2009 07:00

That kind of "luck" usually tells me that either someone is not surfing safely or that someone may be using P2P.

Please post the attach.txt log from DDS. Thanks.

kittois

65 Posts

April 2nd, 2009 23:00

Here is the attach this log.  Funny , I thought I posted it before.  As for the other computer, I went back to a  restore point and it works fine!!  But you are correct, I really don't do as well as I should with security software. I have aol and rely on that and some standard windows stuff.  I think I also have nortons load but it is probably out of date I ought to upgrade but to what?  I would do a malwarebytes product if they had run of the mill security software becasue I like the fact that they offer their other programs for free.  What's P2P?

Anyway -- here is the attach this log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2005 11:44:42 AM
System Uptime: 4/2/2009 7:08:27 AM (18 hours ago)

Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 48.466 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_01811028&REV_04\3&172E68DD&0&11
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_01811028&REV_04\3&172E68DD&0&11
Service: ialm

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Service:

==== System Restore Points ===================

RP432: 1/3/2009 9:34:36 AM - System Checkpoint
RP433: 1/4/2009 10:28:09 AM - System Checkpoint
RP434: 1/6/2009 12:11:11 AM - System Checkpoint
RP435: 1/7/2009 8:04:47 AM - System Checkpoint
RP436: 1/8/2009 8:17:00 AM - System Checkpoint
RP437: 1/9/2009 10:11:24 PM - System Checkpoint
RP438: 1/10/2009 10:39:03 PM - System Checkpoint
RP439: 1/11/2009 10:40:05 PM - System Checkpoint
RP440: 1/13/2009 1:16:44 AM - System Checkpoint
RP441: 1/14/2009 1:53:53 AM - System Checkpoint
RP442: 1/14/2009 3:00:23 AM - Software Distribution Service 3.0
RP443: 1/15/2009 3:11:30 AM - System Checkpoint
RP444: 1/16/2009 6:02:13 AM - System Checkpoint
RP445: 1/17/2009 8:39:29 AM - System Checkpoint
RP446: 1/18/2009 9:11:53 AM - System Checkpoint
RP447: 1/19/2009 9:15:03 AM - System Checkpoint
RP448: 1/20/2009 9:40:05 AM - System Checkpoint
RP449: 1/21/2009 11:41:59 AM - System Checkpoint
RP450: 1/22/2009 12:56:15 PM - System Checkpoint
RP451: 1/23/2009 1:09:44 PM - System Checkpoint
RP452: 1/24/2009 1:18:41 PM - System Checkpoint
RP453: 1/25/2009 1:46:05 PM - System Checkpoint
RP454: 1/26/2009 8:09:04 PM - System Checkpoint
RP455: 1/26/2009 11:15:52 PM - Removed Adobe Reader 7.0.9
RP456: 1/26/2009 11:17:59 PM - Removed Bonjour
RP457: 1/26/2009 11:20:10 PM - Removed Easy CD Creator 5 Basic
RP458: 1/26/2009 11:28:57 PM - Removed Microsoft Picture It! Express 9
RP459: 1/26/2009 11:30:02 PM - Removed Microsoft Picture It! Library 9
RP460: 1/27/2009 11:54:12 PM - Installed Adobe Reader 9.
RP461: 1/28/2009 11:59:42 PM - System Checkpoint
RP462: 1/30/2009 12:02:40 AM - System Checkpoint
RP463: 1/31/2009 12:32:25 AM - System Checkpoint
RP464: 2/1/2009 2:27:35 AM - System Checkpoint
RP465: 2/2/2009 7:29:54 AM - System Checkpoint
RP466: 2/3/2009 8:02:10 AM - System Checkpoint
RP467: 2/4/2009 9:25:55 AM - System Checkpoint
RP468: 2/5/2009 9:31:29 AM - System Checkpoint
RP469: 2/6/2009 11:05:43 AM - System Checkpoint
RP470: 2/7/2009 1:03:47 PM - System Checkpoint
RP471: 2/8/2009 1:31:33 PM - System Checkpoint
RP472: 2/9/2009 4:43:50 PM - System Checkpoint
RP473: 2/11/2009 1:03:15 AM - System Checkpoint
RP474: 2/11/2009 3:00:19 AM - Software Distribution Service 3.0
RP475: 2/12/2009 4:19:45 AM - System Checkpoint
RP476: 2/12/2009 7:45:15 AM - Spybot-S&D Spyware removal
RP477: 2/12/2009 9:09:10 AM - Installed MozyHome Remote Backup
RP478: 2/12/2009 10:43:52 PM - Removed Google Toolbar for Internet Explorer
RP479: 2/13/2009 1:00:27 AM - Spybot-S&D Spyware removal
RP480: 2/14/2009 11:31:32 AM - System Checkpoint
RP481: 2/15/2009 1:38:45 PM - System Checkpoint
RP482: 2/16/2009 1:55:26 PM - System Checkpoint
RP483: 2/17/2009 3:30:17 PM - System Checkpoint
RP484: 2/22/2009 5:31:40 PM - System Checkpoint
RP485: 2/23/2009 9:14:42 PM - System Checkpoint
RP486: 2/24/2009 10:57:46 PM - System Checkpoint
RP487: 2/25/2009 3:00:24 AM - Software Distribution Service 3.0
RP488: 2/26/2009 7:41:05 AM - System Checkpoint
RP489: 2/27/2009 12:19:46 PM - System Checkpoint
RP490: 2/28/2009 2:07:58 PM - System Checkpoint
RP491: 3/1/2009 2:20:01 PM - System Checkpoint
RP492: 3/2/2009 3:07:31 PM - System Checkpoint
RP493: 3/3/2009 3:54:59 PM - System Checkpoint
RP494: 3/4/2009 5:26:08 PM - System Checkpoint
RP495: 3/5/2009 3:00:25 AM - Software Distribution Service 3.0
RP496: 3/6/2009 7:09:17 AM - System Checkpoint
RP497: 3/7/2009 7:28:52 AM - System Checkpoint
RP498: 3/8/2009 12:24:06 PM - System Checkpoint
RP499: 3/9/2009 6:55:24 PM - System Checkpoint
RP500: 3/11/2009 6:47:57 AM - System Checkpoint
RP501: 3/11/2009 9:56:26 AM - Software Distribution Service 3.0
RP502: 3/12/2009 7:30:41 PM - System Checkpoint
RP503: 3/13/2009 10:56:26 PM - System Checkpoint
RP504: 3/14/2009 2:00:27 AM - Software Distribution Service 3.0
RP505: 3/15/2009 5:11:03 AM - System Checkpoint
RP506: 3/16/2009 8:28:49 AM - System Checkpoint
RP507: 3/17/2009 9:21:32 AM - System Checkpoint
RP508: 3/18/2009 10:57:17 AM - System Checkpoint
RP509: 3/19/2009 11:42:21 AM - System Checkpoint
RP510: 3/20/2009 11:50:33 AM - System Checkpoint
RP511: 3/21/2009 1:51:02 PM - System Checkpoint
RP512: 3/22/2009 2:32:06 PM - System Checkpoint
RP513: 3/23/2009 5:06:09 PM - System Checkpoint
RP514: 3/25/2009 7:31:59 AM - System Checkpoint
RP515: 3/26/2009 8:05:47 AM - System Checkpoint
RP516: 3/27/2009 8:44:58 AM - System Checkpoint
RP517: 3/28/2009 11:47:50 AM - System Checkpoint
RP518: 3/29/2009 12:44:43 PM - System Checkpoint
RP519: 3/30/2009 2:11:52 PM - System Checkpoint
RP520: 3/31/2009 4:56:03 PM - System Checkpoint
RP521: 4/1/2009 9:34:02 PM - System Checkpoint
RP522: 4/2/2009 11:12:34 PM - System Checkpoint

==== Installed Programs ======================


Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
B57Inst
Broadcom Driver Installer
BufferChm
C6100
c6100_Help
CCleaner (remove only)
Citrix Web Client
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Defraggler (remove only)
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Destinations
DeviceManagementQFolder
DIGOpt
DIGReqEx
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Download Updater (AOL LLC)
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Earth
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Malwarebytes' Anti-Malware
MarketResearch
MathPlayer
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft VC9 runtime libraries
MozyHome Remote Backup
MSN
MSN Encarta Plus Support Files
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicnotes Player V1.22.3
My Web Search (Cursor Mania)
NewCopy_CDA
Norton PC Checkup
OCR Software by I.R.I.S 7.0
OpenOffice.org Installer 1.0
Paint Shop Pro 7
PanoStandAlone
PhotoGallery
Picasa
Picasa 2
ProductContextNPI
QMusic 2.5
QuickTime
QuickTime for Windows (32-bit)
RandMap
Readme
RealPlayer Basic
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SkinsHP1
SlideShow
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Toolbox
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Verizon Online Support Center
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip 11.2
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/28/2009 5:59:53 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.102 for the Network Card with network address 00111139D570 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/28/2009 4:54:17 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/28/2009 4:43:48 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/30/2009 10:46:15 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 00111139D570 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

 

 

kittois

65 Posts

April 2nd, 2009 23:00

And because I do think I've posted the attach this log twice, here is the other DDS log.

 

DDS (Ver_09-03-16.01) - NTFSx86 
Run by MILISSA MURRAY at  1:26:53.96 on Fri 04/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.502.80 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1167420152\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\PROGRA~1\AOL9~1.1A\waol.exe
C:\PROGRA~1\AOL9~1.1A\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\MILISSA MURRAY\Local Settings\Temporary Internet Files\Content.IE5\RM25M252\dds[1].scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=toolbar
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Gamevance Text: {7370f91f-6994-4595-9949-601fa2261c8d} - c:\program files\gamevance\gvtl.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.1a\AOL.EXE" -b
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Motive SmartBridge] c:\progra~1\verizo~1\suppor~1\smartb~1\MotiveSB.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [QMusic2] "c:\program files\benq\qmusic2\QMAgent.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LifeScape Media Detector] c:\program files\picasa\PicasaMediaDetector.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1167420152\ee\AOLSoftware.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
StartupFolder: c:\documents and settings\milissa murray\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verizo~1.lnk - c:\program files\verizon online\supportcenter\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm801RKUS
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167406600296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-21 201320]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2007-9-9 53752]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-7 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-21 144704]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-21 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-21 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-21 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-21 40488]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-3-1 28762]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-21 33832]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-03-30 22:15 

 --d----- c:\program files\Trend Micro
2009-03-28 18:05   --d----- c:\program files\common files\DivX Shared
2009-03-28 18:05   --d----- c:\program files\DivX

==================== Find3M  ====================

2009-03-01 17:25 28,672 a------- c:\windows\system32\f3PSSavr.scr
2009-02-13 00:05 184,310 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2007-02-26 21:08 774,144 ac------ c:\program files\RngInterstitial.dll
2008-10-31 09:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103120081101\index.dat

============= FINISH:  1:28:05.70 ===============

 

 

Bugbatter

3 Apprentice

 • 

20.5K Posts

April 3rd, 2009 08:00

Please disable TeaTimer:
Go to Start>Run. Type Msconfig > OK. On the next window that opens > Startup tab UNcheck the entry for TeaTimer until this is over...
1. Open Spybot
2. Click Mode -> Advanced Mode
3. Click Yes
4. Click Tools (located in the bottom left corner) -> Resident
5. Uncheck 'Resident "TeaTimer" (Protection of over-all system settings) active'
6. Then close Spybot.
Reboot.
Verify that TeaTimer is not running.
After ALL cleaning of your system has been completed and we have confirmed that your computer is clean, reverse these steps and re-enable the protection applets for TeaTimer.

Please update your Malwarebytes' Anti-Malware and run a Full Scan. Please post that log along with a fresh Hijackthis log.

kittois

65 Posts

April 3rd, 2009 20:00

Thanks . We moved today so I will be out of comission until our connection is back up.  It might be a couple of days but I will be back to you as soon as I can.

Was this post helpful?

View All

No Events found!

Top