XP Security virus

[KerryE]

The XP Security virus has infected my computer. I have run SuperAntiSpyware & McAffee - I am pretty sure its still there though - but the window inviting me to pay does not come up anymore.

Most desktop icons do not work now and 'open with' window opens.
When computer starts/programms start get various messages such as 'cannot find file'

System - Windows XP SP3

Not sure what to do now? How come McAffee did not stop it as it is always running?

many thanks fo help

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*******************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[KerryE]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/01/2011 at 07:27 PM

Application Version : 4.49.1000

Core Rules Database Version : 6918
Trace Rules Database Version: 4730

Scan type       : Complete Scan
Total Scan Time : 01:14:52

Memory items scanned      : 517
Memory threats detected   : 0
Registry items scanned    : 7598
Registry threats detected : 1
File items scanned        : 29917
File threats detected     : 1

System.BrokenFileAssociation
   HKCR\.exe

Adware.Tracking Cookie
   secure-uk.imrworldwide.com [ C:\Documents and Settings\Kerry\Application Data\Macromedia\Flash Player\#SharedObjects\3F6P9Y62 ]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6491

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

02/05/2011 16:16:47
mbam-log-2011-05-02 (16-16-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 242192
Time elapsed: 1 hour(s), 43 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 8
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32x (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Value: host -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Value: id -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Kerry\Local Settings\Application Data\pif.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Kerry\Local Settings\Application Data\pif.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Kerry\Local Settings\Application Data\vkm.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Kerry\my documents\downloads\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp215\a0235835.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Kerry\start menu\Programs\Startup\AdbUpd.lnk (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Kerry\application data\Adobe\adobeutil .exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

[SuperDave]

I still need to see the DDS logs. Please include both.

[KerryE]

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Kerry at 20:41:17.78 on 02/05/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.502.99 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\Kerry\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:60364
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=68bd1f4c000000000000001320d5dc68&tlver=1.4.19.19&affID=17160
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101208000519.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kerry\applic~1\mozilla\firefox\profiles\d0q66k39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60364
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Update Service: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Autofill Forms: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-20 386840]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-11-10 58472]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-20 84072]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2010-11-10 62568]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-11-10 156776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-7 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-20 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-20 141792]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-2-28 61526]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-11-10 763112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-20 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-20 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-20 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-20 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-20 88544]
S2 dhuqpmhj;dhuqpmhj;"c:\docume~1\kerry\locals~1\temp\dat161.tmp.exe" --service --> c:\docume~1\kerry\locals~1\temp\DAT161.tmp.exe [?]
S2 gupdate1c9eb71238341ea;Google Update Service (gupdate1c9eb71238341ea);c:\program files\google\update\GoogleUpdate.exe [2009-6-12 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-8-29 25728]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-15 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-20 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-20 84264]
.
=============== Created Last 30 ================
.
2011-04-20 21:21:27   --------   d-----w-   c:\docume~1\kerry\locals~1\applic~1\Trusteer
2011-04-13 02:59:14   --------   d-----w-   c:\docume~1\kerry\locals~1\applic~1\NewSoft
2011-04-08 18:15:33   --------   d-----w-   c:\program files\PhotomatixPro4
2011-04-08 18:15:33   --------   d-----w-   c:\docume~1\kerry\applic~1\HDRsoft
2011-04-08 16:39:17   --------   d-----w-   c:\program files\HDR Darkroom
.
==================== Find3M  ====================
.
2011-03-11 11:32:17   66048   ----a-w-   c:\windows\system32\userinit.exe
2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07   434176   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-17 19:00:29   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-02-17 19:00:28   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-02-17 19:00:28   1830912   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27   17408   ----a-w-   c:\windows\system32\corpol.dll
2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16   389120   ----a-w-   c:\windows\system32\html.iec
2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-11 13:25:52   229888   ----a-w-   c:\windows\system32\fxscover.exe
2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-04 17:48:32   456192   ----a-w-   c:\windows\system32\encdec.dll
2011-02-04 17:48:30   291840   ----a-w-   c:\windows\system32\sbe.dll
2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
.
============= FINISH: 20:43:49.31 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 21/05/2009 22:35:32
System Uptime: 02/05/2011 18:24:07 (2 hours ago)
.
Motherboard: Dell Inc.           |  | 0JC474
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 9.119 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP127: 02/02/2011 10:17:28 - System Checkpoint
RP128: 03/02/2011 10:19:37 - System Checkpoint
RP129: 04/02/2011 11:19:37 - System Checkpoint
RP130: 05/02/2011 11:48:23 - System Checkpoint
RP131: 06/02/2011 13:04:17 - System Checkpoint
RP132: 07/02/2011 13:23:54 - System Checkpoint
RP133: 08/02/2011 13:54:04 - System Checkpoint
RP134: 09/02/2011 14:52:53 - System Checkpoint
RP135: 10/02/2011 05:54:49 - Software Distribution Service 3.0
RP136: 10/02/2011 21:28:01 - Software Distribution Service 3.0
RP137: 11/02/2011 22:00:23 - System Checkpoint
RP138: 12/02/2011 22:15:45 - System Checkpoint
RP139: 13/02/2011 22:28:11 - System Checkpoint
RP140: 15/02/2011 00:00:13 - System Checkpoint
RP141: 16/02/2011 08:38:16 - System Checkpoint
RP142: 17/02/2011 09:11:28 - System Checkpoint
RP143: 18/02/2011 09:18:39 - System Checkpoint
RP144: 19/02/2011 09:37:25 - System Checkpoint
RP145: 20/02/2011 10:35:48 - System Checkpoint
RP146: 21/02/2011 11:30:45 - System Checkpoint
RP147: 22/02/2011 11:53:42 - System Checkpoint
RP148: 23/02/2011 12:32:05 - System Checkpoint
RP149: 24/02/2011 12:59:12 - System Checkpoint
RP150: 25/02/2011 13:22:41 - System Checkpoint
RP151: 26/02/2011 14:51:47 - System Checkpoint
RP152: 27/02/2011 15:15:37 - System Checkpoint
RP153: 28/02/2011 20:09:33 - System Checkpoint
RP154: 01/03/2011 21:48:59 - System Checkpoint
RP155: 03/03/2011 07:09:05 - System Checkpoint
RP156: 04/03/2011 07:10:13 - System Checkpoint
RP157: 05/03/2011 08:08:13 - System Checkpoint
RP158: 06/03/2011 11:33:25 - System Checkpoint
RP159: 07/03/2011 16:08:19 - System Checkpoint
RP160: 08/03/2011 16:58:47 - System Checkpoint
RP161: 09/03/2011 17:50:14 - System Checkpoint
RP162: 09/03/2011 23:51:05 - Software Distribution Service 3.0
RP163: 11/03/2011 00:00:22 - System Checkpoint
RP164: 12/03/2011 00:47:32 - System Checkpoint
RP165: 13/03/2011 00:57:24 - System Checkpoint
RP166: 14/03/2011 01:57:25 - System Checkpoint
RP167: 15/03/2011 02:30:13 - System Checkpoint
RP168: 16/03/2011 05:55:09 - System Checkpoint
RP169: 17/03/2011 06:41:15 - System Checkpoint
RP170: 18/03/2011 07:02:39 - System Checkpoint
RP171: 18/03/2011 21:59:53 - Software Distribution Service 3.0
RP172: 19/03/2011 23:17:34 - System Checkpoint
RP173: 21/03/2011 00:13:14 - System Checkpoint
RP174: 22/03/2011 00:14:21 - System Checkpoint
RP175: 23/03/2011 01:13:16 - System Checkpoint
RP176: 24/03/2011 01:39:48 - System Checkpoint
RP177: 24/03/2011 22:31:31 - Software Distribution Service 3.0
RP178: 26/03/2011 00:10:45 - System Checkpoint
RP179: 27/03/2011 00:48:57 - System Checkpoint
RP180: 27/03/2011 11:26:05 - Software Distribution Service 3.0
RP181: 28/03/2011 12:24:21 - System Checkpoint
RP182: 29/03/2011 18:30:48 - System Checkpoint
RP183: 30/03/2011 19:41:13 - System Checkpoint
RP184: 31/03/2011 22:41:48 - System Checkpoint
RP185: 01/04/2011 22:50:55 - System Checkpoint
RP186: 02/04/2011 10:20:40 - Printer Driver FoxTab PDF Virtual Printer Installed
RP187: 03/04/2011 10:55:00 - System Checkpoint
RP188: 04/04/2011 11:36:14 - System Checkpoint
RP189: 05/04/2011 11:58:09 - System Checkpoint
RP190: 06/04/2011 12:58:18 - System Checkpoint
RP191: 07/04/2011 15:38:45 - System Checkpoint
RP192: 08/04/2011 16:37:45 - System Checkpoint
RP193: 09/04/2011 17:10:48 - System Checkpoint
RP194: 10/04/2011 17:37:49 - System Checkpoint
RP195: 11/04/2011 18:05:57 - System Checkpoint
RP196: 12/04/2011 18:59:02 - System Checkpoint
RP197: 13/04/2011 19:38:51 - System Checkpoint
RP198: 14/04/2011 21:05:07 - System Checkpoint
RP199: 15/04/2011 22:05:03 - System Checkpoint
RP200: 16/04/2011 12:38:55 - Software Distribution Service 3.0
RP201: 17/04/2011 13:36:45 - System Checkpoint
RP202: 18/04/2011 13:42:23 - System Checkpoint
RP203: 19/04/2011 14:49:06 - System Checkpoint
RP204: 20/04/2011 17:44:25 - System Checkpoint
RP205: 21/04/2011 17:58:34 - System Checkpoint
RP206: 22/04/2011 18:43:03 - System Checkpoint
RP207: 23/04/2011 20:34:31 - System Checkpoint
RP208: 24/04/2011 20:49:41 - System Checkpoint
RP209: 25/04/2011 20:50:56 - System Checkpoint
RP210: 27/04/2011 06:36:11 - System Checkpoint
RP211: 28/04/2011 06:54:08 - System Checkpoint
RP212: 29/04/2011 07:08:25 - System Checkpoint
RP213: 30/04/2011 07:18:51 - System Checkpoint
RP214: 01/05/2011 08:06:59 - System Checkpoint
RP215: 02/05/2011 09:07:53 - System Checkpoint
.
==== Installed Programs ======================
.
ACT! 2000
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.3
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ARTEuro
Ask Toolbar
Autodesk DWF Viewer 7
BT NetProtect Plus
BufferChm
Canon Camera WIA Driver
Canon CanoScan Toolbox 5.0
Canon EOS 20D WIA Driver
Canon Utilities EOS Capture 1.1
Canon Utilities EOS Viewer Utility 1.1
Canon Utilities PhotoStitch 3.1
CanoScan LiDE 600F
CCleaner
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel Photo Album 6
Corel Uninstaller
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
Dell System Restore
DeviceManagementQFolder
EOS Capture 1.1
EOS Viewer Utility 1.1
ESET Online Scanner v3
ESPNMotion
FoxTab PDF Converter
Free File Viewer 2010
GemMaster Mystic
Google Chrome
Google Earth
Google Update Helper
Google Updater
HDR Darkroom Windows Version v2.2.0
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5100
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
hph_software_req
HTC Driver
HTC Sync
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 23
Learn2 Player (Uninstall Only)
LiveUpdate
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Microsoft XML Parser
Mozilla Firefox (3.6.17)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
Otto
Photomatix Pro version 4.0.2
PhotoStitch
Presto! PageManager 7.15.14
QuickTime
Rapport
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samsung ML-2240 Series
ScanSoft OmniPage SE 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SopCast 3.3.2
SUPERAntiSpyware
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB 2.0 Wireless LAN Card Utility
Veetle TV 0.9.18
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
29/04/2011 08:38:56, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
29/04/2011 07:38:55, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
29/04/2011 06:50:00, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
29/04/2011 06:35:00, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
26/04/2011 18:30:02, error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
26/04/2011 05:53:01, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
02/05/2011 16:22:03, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde
02/05/2011 09:34:02, error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  Cannot create a file when that file already exists.
.
==== End Of File ===========================

[SuperDave]

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
**************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*******************************************************
The logs show that you only have 9.119 Gb of free space on your hard drive. You should have 15% (10.5 Gb) in order for Windows to function properly. You should try to get back above this number by freeing up some space.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix