Author Topic: search engine redirect virus and the dreaded blue screen (Read 14152 times)

Wittknee · « **on:** May 26, 2009, 11:01:10 AM »

So for the past few days I've noticed that I have some sort of search engine redirect virus that others have posted about. I will type in a search topic and the links will be applicable but when I click on them I get redirected to random sites.

It seemed to have escalated last night. I decided to do Windows Updates that had been alerting me for the past few weeks. It said the only thing that was being updated was the Service Pack 3. After the update was complete, I got the dreaded blue screen which says some of my drivers may be messed up etc. I can now only boot up through safe mode, which is what I am on now. I've tried to do a system restore in safe mode to a week ago when I didnt seem to be having this problem, but it will not go through. When I push "next", nothing happens.

I have run Malwarebyte's Anti Malware with the latest updates and the full and quick scan have found nothing. I also ran On-Demand Scan from McAfee and found nothing as well. I just downloaded HijackThis and will include the log in this post along with the most recent MBAM log.

Please help me...
-Whitney

[attachment deleted by admin]

evilfantasy · « **Reply #1 on:** May 27, 2009, 02:57:04 PM »

Can you use Safe Mode With Networking to download with?

Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.

Code: [Select]

C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).

Wittknee · « **Reply #2 on:** May 27, 2009, 04:24:08 PM »

Here is the log for SDFix... I still cannot go into normal mode because I get the blue screen as things are initially loading. There is also a pop-up at that time stating that Windows is trying to install something, so I don't know if that matters. I am currently in safe mode with networking. Do you want me to run HJT again in safe mode since I cant get onto normal mode?

SDFix: Version 1.240
Run by Administrator on Wed 05/27/2009 at 02:39 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 15:08:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\Whitney Harper\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:rundll32"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:æTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"="C:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe:*:Disabled:ZcfgSvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

Files with Hidden Attributes :

Mon 27 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 4 Dec 2007 31,744 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0001.tmp"
Tue 11 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0035.tmp"
Sun 4 May 2008 25,088 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0579.tmp"
Sat 20 Oct 2007 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0654.tmp"
Tue 13 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0727.tmp"
Sun 9 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0819.tmp"
Sat 3 May 2008 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0923.tmp"
Tue 13 May 2008 44,032 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0931.tmp"
Tue 11 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL0993.tmp"
Mon 27 Apr 2009 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL1070.tmp"
Sun 4 May 2008 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL1202.tmp"
Wed 12 Dec 2007 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL1215.tmp"
Mon 14 Apr 2008 25,088 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL1220.tmp"
Tue 11 Dec 2007 26,112 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL1465.tmp"
Sun 4 May 2008 29,696 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL1731.tmp"
Wed 12 Dec 2007 31,744 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2061.tmp"
Sat 27 Sep 2008 26,112 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2236.tmp"
Sat 3 May 2008 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2337.tmp"
Sat 13 Dec 2008 35,840 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2442.tmp"
Wed 13 Feb 2008 25,600 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2637.tmp"
Sun 4 May 2008 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2670.tmp"
Thu 18 Oct 2007 36,864 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2710.tmp"
Sun 28 Sep 2008 28,672 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL2751.tmp"
Wed 12 Dec 2007 23,552 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL3004.tmp"
Sat 3 May 2008 26,112 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL3259.tmp"
Wed 13 Feb 2008 23,552 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL3449.tmp"
Sun 11 May 2008 44,032 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL3542.tmp"
Sun 4 May 2008 29,184 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL3833.tmp"
Sat 3 May 2008 22,016 ...H. --- "C:\Documents and Settings\Whitney Harper\Desktop\~WRL4023.tmp"
Sun 16 Dec 2007 19,456 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0003.tmp"
Wed 27 Feb 2008 19,456 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0004.tmp"
Sun 2 Dec 2007 31,744 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 4 Dec 2007 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0006.tmp"
Sun 16 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0007.tmp"
Wed 19 Mar 2008 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0008.tmp"
Sun 13 Apr 2008 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0009.tmp"
Tue 13 May 2008 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0010.tmp"
Sun 28 Sep 2008 27,136 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0011.tmp"
Thu 23 Oct 2008 27,648 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0012.tmp"
Fri 24 Apr 2009 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0013.tmp"
Tue 28 Apr 2009 22,016 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0014.tmp"
Mon 10 Dec 2007 22,528 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0019.tmp"
Sat 6 Dec 2008 36,352 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0040.tmp"
Sun 20 Apr 2008 25,088 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0082.tmp"
Mon 10 Dec 2007 22,016 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0188.tmp"
Sat 6 Dec 2008 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0247.tmp"
Sun 28 Sep 2008 28,160 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0281.tmp"
Wed 13 Feb 2008 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0325.tmp"
Tue 4 Dec 2007 30,720 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0438.tmp"
Tue 4 Mar 2008 41,984 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0466.tmp"
Sun 4 May 2008 31,232 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0469.tmp"
Wed 13 Feb 2008 25,088 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0513.tmp"
Sat 6 Dec 2008 34,304 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0586.tmp"
Wed 13 Feb 2008 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0634.tmp"
Wed 12 Dec 2007 32,256 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0641.tmp"
Sat 3 May 2008 22,016 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0698.tmp"
Sun 4 May 2008 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0726.tmp"
Fri 5 Dec 2008 53,760 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0851.tmp"
Sat 15 Nov 2008 40,960 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0897.tmp"
Sat 3 May 2008 22,016 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0959.tmp"
Tue 11 Dec 2007 27,648 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL0983.tmp"
Fri 5 Dec 2008 52,736 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1076.tmp"
Sun 16 Dec 2007 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1120.tmp"
Sun 28 Sep 2008 29,696 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1177.tmp"
Sun 16 Dec 2007 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1189.tmp"
Thu 13 Dec 2007 33,280 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1199.tmp"
Sun 9 Dec 2007 20,480 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1252.tmp"
Tue 11 Dec 2007 27,136 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1262.tmp"
Sun 4 May 2008 36,352 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1318.tmp"
Sun 16 Dec 2007 22,528 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1454.tmp"
Tue 4 Dec 2007 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1455.tmp"
Sun 20 Apr 2008 27,136 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1468.tmp"
Sun 28 Sep 2008 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1539.tmp"
Wed 13 Feb 2008 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1631.tmp"
Thu 13 Dec 2007 33,792 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1694.tmp"
Sun 20 Apr 2008 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1723.tmp"
Tue 9 Sep 2008 39,424 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1733.tmp"
Sun 28 Sep 2008 28,672 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1742.tmp"
Wed 12 Dec 2007 29,696 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1770.tmp"
Sun 28 Sep 2008 27,648 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1807.tmp"
Tue 4 Dec 2007 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1810.tmp"
Sun 16 Dec 2007 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1817.tmp"
Sat 15 Nov 2008 42,496 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1844.tmp"
Tue 11 Dec 2007 28,672 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1848.tmp"
Sat 6 Dec 2008 54,272 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1882.tmp"
Tue 13 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1940.tmp"
Tue 13 May 2008 22,016 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1951.tmp"
Tue 18 Dec 2007 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL1969.tmp"
Tue 11 Dec 2007 29,696 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2019.tmp"
Sun 4 May 2008 24,064 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2040.tmp"
Sun 13 Apr 2008 22,528 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2117.tmp"
Sat 6 Dec 2008 31,744 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2141.tmp"
Sat 6 Dec 2008 35,328 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2274.tmp"
Sat 6 Dec 2008 53,760 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2288.tmp"
Wed 13 Feb 2008 23,552 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2329.tmp"
Tue 18 Dec 2007 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2357.tmp"
Sun 4 May 2008 25,600 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2367.tmp"
Sat 6 Dec 2008 34,816 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2389.tmp"
Wed 12 Dec 2007 30,720 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2459.tmp"
Wed 13 Feb 2008 19,456 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2483.tmp"
Sat 6 Dec 2008 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2492.tmp"
Sat 6 Dec 2008 44,032 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2494.tmp"
Sat 6 Dec 2008 42,496 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2586.tmp"
Sun 4 May 2008 30,720 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2588.tmp"
Fri 24 Apr 2009 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2611.tmp"
Tue 11 Dec 2007 29,184 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2612.tmp"
Sun 16 Dec 2007 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2619.tmp"
Tue 11 Dec 2007 26,112 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2623.tmp"
Tue 28 Apr 2009 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2674.tmp"
Sun 4 May 2008 35,328 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2698.tmp"
Sat 6 Dec 2008 50,688 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2731.tmp"
Mon 10 Dec 2007 22,528 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2791.tmp"
Wed 12 Dec 2007 31,232 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2798.tmp"
Thu 23 Oct 2008 28,672 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2827.tmp"
Tue 9 Sep 2008 39,424 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2855.tmp"
Thu 13 Dec 2007 33,280 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2865.tmp"
Wed 27 Feb 2008 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2962.tmp"
Tue 11 Dec 2007 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL2966.tmp"
Sun 28 Sep 2008 27,136 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3091.tmp"
Sun 13 Apr 2008 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3102.tmp"
Tue 13 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3123.tmp"
Fri 5 Dec 2008 53,760 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3144.tmp"
Sun 5 Oct 2008 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3181.tmp"
Sun 20 Apr 2008 28,160 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3188.tmp"
Sun 4 May 2008 26,112 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3195.tmp"
Sun 5 Oct 2008 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3197.tmp"
Sat 6 Dec 2008 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3208.tmp"
Thu 13 Dec 2007 34,816 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3244.tmp"
Sun 20 Apr 2008 25,600 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3245.tmp"
Sun 4 May 2008 26,624 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3266.tmp"
Tue 18 Dec 2007 20,992 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3270.tmp"
Sun 13 Apr 2008 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3280.tmp"
Wed 13 Feb 2008 23,040 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3311.tmp"
Tue 4 Dec 2007 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3366.tmp"
Wed 13 Feb 2008 19,968 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3404.tmp"
Sat 15 Nov 2008 41,984 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3480.tmp"
Sun 4 May 2008 26,112 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3533.tmp"
Sat 15 Nov 2008 45,568 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3542.tmp"
Wed 13 Feb 2008 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3646.tmp"
Sun 4 May 2008 24,576 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3672.tmp"
Tue 13 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3796.tmp"
Sat 15 Nov 2008 40,448 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3813.tmp"
Tue 18 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3829.tmp"
Wed 12 Dec 2007 32,768 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3990.tmp"
Wed 12 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL3993.tmp"
Sat 3 May 2008 25,088 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL4000.tmp"
Sat 6 Dec 2008 42,496 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL4058.tmp"
Tue 13 May 2008 23,552 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL4065.tmp"
Sun 4 May 2008 30,208 ...H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Microsoft\Word\~WRL4081.tmp"
Fri 30 Nov 2007 30,208 A..H. --- "C:\Documents and Settings\Whitney Harper\Desktop\documents\Fall 2007\Soc of Emotions\~WRL1591.tmp"
Thu 12 Jul 2007 8 A..H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 12 Jul 2007 8 A..H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 12 Jul 2007 8 A..H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 19 Jul 2007 8 A..H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Whitney Harper\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"

Finished!

evilfantasy · « **Reply #3 on:** May 27, 2009, 04:27:41 PM »

Do this instead.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

Wittknee · « **Reply #4 on:** May 27, 2009, 05:47:29 PM »

Alright, I ran ComboFix, I tried disabling McAfee to the best of my ability and couldnt find any info online to help me otherwise, so the scan said it was still enabled. At the end of combofix, it said something in my system32 folder was corrupt, but the popup window disappeared before I could see what it was. After combofix was done, I also ran HJT again since it started up in normal mode. I will include both logs below...

ComboFix 09-05-26.05 - Whitney Harper 05/27/2009 16:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.271 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temp\Perflib_Perfdata__755.dat
c:\windows\system32\drivers\kungsfmkxvhllt.sys
c:\windows\system32\hOWxIkkj.ini
c:\windows\system32\hOWxIkkj.ini2
c:\windows\system32\kungsfdjnsrfvk.dat
c:\windows\system32\kungsfiqjeypnq.dll
c:\windows\system32\kungsfwagmrwww.dat
c:\windows\system32\kungsfydwepmii.dll
c:\windows\system32\uniq.tll
c:\windows\system32\waIklnnn.ini
c:\windows\system32\waIklnnn.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfqomuynsa

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 02:51 . 2009-05-27 02:51   578560   ----a-w   c:\windows\system32\dllcache\user32.dll
2009-05-27 02:41 . 2009-05-27 02:41   --------   d-----w   c:\windows\ERUNT
2009-05-27 02:28 . 2009-05-27 22:08   --------   d-----w   C:\SDFix
2009-05-27 00:44 . 2009-05-27 00:44   --------   d-----w   c:\program files\RegCure
2009-05-26 16:34 . 2009-05-26 16:34   --------   d-----w   c:\program files\Trend Micro
2009-05-26 16:32 . 2009-05-26 16:32   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\system32\scripting
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\l2schemas
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\system32\en
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\system32\bits
2009-05-26 04:21 . 2009-05-26 04:26   --------   d-----w   c:\windows\ServicePackFiles
2009-05-25 21:27 . 2009-05-25 21:27   --------   d-----w   c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-05-25 21:26 . 2009-05-25 21:26   20480   ----a-w   c:\windows\system32\pm.exe
2009-04-30 20:01 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-30 20:01 . 2008-04-21 12:08   215552   ------w   c:\windows\system32\dllcache\wordpad.exe
2009-04-29 23:41 . 2009-04-29 23:41   2967799   ----a-w   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-29 22:10 . 2009-05-25 21:49   --------   d-----w   C:\QUARANTINE
2009-04-29 22:02 . 2009-04-29 22:02   --------   d-----w   c:\program files\Common Files\Cisco Systems
2009-04-29 22:02 . 2006-12-19 22:06   1495552   ----a-w   c:\windows\system32\epoPGPsdk.dll
2009-04-29 22:02 . 2009-04-29 22:02   --------   d-----w   c:\documents and settings\All Users\Application Data\McAfee
2009-04-29 22:01 . 2006-11-30 15:50   34152   ----a-w   c:\windows\system32\drivers\mfebopk.sys
2009-04-29 22:01 . 2006-11-30 15:50   64360   ----a-w   c:\windows\system32\drivers\mfeapfk.sys
2009-04-29 22:01 . 2006-11-30 15:50   72264   ----a-w   c:\windows\system32\drivers\mfeavfk.sys
2009-04-29 22:01 . 2007-02-23 03:50   170408   ----a-w   c:\windows\system32\drivers\mfehidk.sys
2009-04-29 22:01 . 2006-11-30 15:50   52136   ----a-w   c:\windows\system32\drivers\mfetdik.sys
2009-04-29 22:01 . 2009-04-29 22:02   --------   d-----w   c:\program files\McAfee
2009-04-29 22:01 . 2009-04-29 22:01   --------   d-----w   c:\program files\Common Files\McAfee
2009-04-28 05:34 . 2009-05-05 06:43   18189072   ----a-w   c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2152_us.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 15:47 . 2005-07-27 12:27   --------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-26 04:32 . 2004-08-19 21:05   88859   ----a-w   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-30 15:02 . 2005-07-27 12:26   --------   d-----w   c:\program files\Common Files\AOL
2009-04-30 15:02 . 2005-07-27 12:26   --------   d-----w   c:\documents and settings\All Users\Application Data\AOL
2009-04-29 23:41 . 2008-12-23 07:34   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-29 21:45 . 2007-07-12 18:08   --------   d-----w   c:\program files\Zone Labs
2009-04-29 21:42 . 2005-07-27 12:33   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-29 21:42 . 2005-07-27 12:33   --------   d-----w   c:\program files\Symantec
2009-04-29 21:42 . 2005-07-27 12:33   --------   d-----w   c:\documents and settings\All Users\Application Data\Symantec
2009-04-29 21:36 . 2007-12-21 05:44   --------   d-----w   c:\program files\Lavasoft
2009-04-26 01:40 . 2009-04-26 01:40   78   ----a-w   c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\install.bat
2009-04-26 01:40 . 2009-04-26 01:40   24576   ----a-w   c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Music Mood for Skype.exe
2009-04-26 01:40 . 2009-04-26 01:40   1717848   ----a-w   c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
2009-04-06 22:32 . 2008-12-23 07:34   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-12-23 07:34   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-03-22 18:28 . 2007-09-27 06:29   15728049   ----a-w   c:\windows\Internet Logs\tvDebug.zip
2009-03-06 14:22 . 2004-08-19 20:49   284160   ----a-w   c:\windows\system32\pdh.dll
2008-12-23 04:37 . 2007-07-12 18:09   79921184   --sha-w   c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-19 196608]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-07-27 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-03 267048]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-27 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08   110592   ----a-w   c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2009-05-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
Notify-NavLogon - (no file)
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1171515518-3060005268-2272717694-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-27 16:38
ComboFix-quarantined-files.txt 2009-05-27 23:38

Pre-Run: 16,112,898,048 bytes free
Post-Run: 16,162,615,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
176   --- E O F ---   2009-05-27 03:11

------------------------------------------------------------------------------------

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:37 PM, on 5/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8523 bytes

evilfantasy · « **Reply #5 on:** May 27, 2009, 05:54:30 PM »

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Wittknee · « **Reply #6 on:** May 27, 2009, 06:18:06 PM »

DDS (Ver_09-05-14.01) - NTFSx86
Run by Whitney Harper at 17:12:02.01 on Wed 05/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.283 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Whitney Harper\Desktop\dds.pif

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.dell4me.com/myway
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\documents and settings\all users\application data\skype\plugins\plugins\31e6481a7a624c39bb43e8bf6390376c\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\whitne~1\applic~1\mozilla\firefox\profiles\l430uqoi.default\
FF - plugin: c:\documents and settings\whitney harper\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-4-29 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2007-2-22 54872]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2007-2-22 144960]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-29 72264]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-29 34152]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-29 170408]

=============== Created Last 30 ================

2009-05-27 17:11   <DIR>   --d-h---   c:\windows\PIF
2009-05-27 16:21   <DIR>   a-dshr--   C:\cmdcons
2009-05-27 16:02   161,792   a-------   c:\windows\SWREG.exe
2009-05-27 16:02   154,624   a-------   c:\windows\PEV.exe
2009-05-27 16:02   98,816   a-------   c:\windows\sed.exe
2009-05-26 19:51   578,560   a-------   c:\windows\system32\dllcache\user32.dll
2009-05-26 19:41   <DIR>   --d-----   c:\windows\ERUNT
2009-05-26 19:28   <DIR>   --d-----   C:\SDFix
2009-05-26 09:34   <DIR>   --d-----   c:\program files\Trend Micro
2009-05-26 09:32   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-05-25 21:26   <DIR>   --d-----   c:\windows\system32\scripting
2009-05-25 21:26   <DIR>   --d-----   c:\windows\l2schemas
2009-05-25 21:26   <DIR>   --d-----   c:\windows\system32\en
2009-05-25 21:26   <DIR>   --d-----   c:\windows\system32\bits
2009-05-25 21:21   <DIR>   --d-----   c:\windows\ServicePackFiles
2009-05-25 21:19   <DIR>   --d-----   c:\windows\network diagnostic
2009-05-25 14:26   20,480   a-------   c:\windows\system32\pm.exe
2009-04-30 13:01   2,560   --------   c:\windows\system32\xpsp4res.dll
2009-04-30 13:01   1,203,922   --------   c:\windows\system32\dllcache\sysmain.sdb
2009-04-30 13:01   215,552   --------   c:\windows\system32\dllcache\wordpad.exe
2009-04-29 15:10   <DIR>   --d-----   C:\QUARANTINE
2009-04-29 15:02   1,495,552   a-------   c:\windows\system32\epoPGPsdk.dll
2009-04-29 15:02   280   a-------   c:\windows\system32\epoPGPsdk.dll.sig
2009-04-29 15:02   <DIR>   --d-----   c:\program files\common files\Cisco Systems
2009-04-29 15:01   34,152   a-------   c:\windows\system32\drivers\mfebopk.sys
2009-04-29 15:01   64,360   a-------   c:\windows\system32\drivers\mfeapfk.sys
2009-04-29 15:01   72,264   a-------   c:\windows\system32\drivers\mfeavfk.sys
2009-04-29 15:01   170,408   a-------   c:\windows\system32\drivers\mfehidk.sys
2009-04-29 15:01   52,136   a-------   c:\windows\system32\drivers\mfetdik.sys
2009-04-29 15:01   <DIR>   --d-----   c:\program files\McAfee
2009-04-29 15:01   <DIR>   --d-----   c:\program files\common files\McAfee

==================== Find3M ====================

2009-05-25 21:32   88,859   a-------   c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-06 15:32   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-03-21 07:06   989,696   --------   c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:22   284,160   a-------   c:\windows\system32\pdh.dll
2009-03-06 07:22   284,160   --------   c:\windows\system32\dllcache\pdh.dll
2009-03-02 16:04   1,499,136   --------   c:\windows\system32\dllcache\shdocvw.dll
2008-02-23 16:44   32   a-------   c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-12-22 21:37   79,921,184   a--sh---   c:\windows\system32\drivers\fidbox.dat

============= FINISH: 17:13:05.85 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/12/2007 8:19:14 AM
System Uptime: 5/27/2009 4:27:11 PM (1 hours ago)

Motherboard: Dell Inc. | | 0X9238
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 399/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 15.081 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc.
Device ID: ROOT\LEGACY_MFEAPFK\0000
Manufacturer:
Name: McAfee Inc.
PNP Device ID: ROOT\LEGACY_MFEAPFK\0000
Service: mfeapfk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc.
Device ID: ROOT\LEGACY_MFEAVFK\0000
Manufacturer:
Name: McAfee Inc.
PNP Device ID: ROOT\LEGACY_MFEAVFK\0000
Service: mfeavfk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc.
Device ID: ROOT\LEGACY_MFEBOPK\0000
Manufacturer:
Name: McAfee Inc.
PNP Device ID: ROOT\LEGACY_MFEBOPK\0000
Service: mfebopk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc.
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc.
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc.
Device ID: ROOT\LEGACY_MFETDIK\0000
Manufacturer:
Name: McAfee Inc.
PNP Device ID: ROOT\LEGACY_MFETDIK\0000
Service: mfetdik

==== System Restore Points ===================

RP95: 4/16/2009 8:48:01 AM - System Checkpoint
RP96: 4/17/2009 8:56:25 AM - System Checkpoint
RP97: 4/18/2009 11:32:36 AM - System Checkpoint
RP98: 4/19/2009 2:57:33 PM - System Checkpoint
RP99: 4/21/2009 3:17:31 AM - System Checkpoint
RP100: 4/22/2009 3:24:53 AM - System Checkpoint
RP101: 4/23/2009 6:40:06 PM - System Checkpoint
RP102: 4/24/2009 9:08:54 PM - System Checkpoint
RP103: 4/25/2009 9:54:29 PM - System Checkpoint
RP104: 4/26/2009 11:41:20 PM - System Checkpoint
RP105: 4/28/2009 6:33:56 AM - System Checkpoint
RP106: 4/29/2009 2:20:14 PM - Restore Operation
RP107: 4/29/2009 2:36:16 PM - Removed Ad-Aware
RP108: 4/29/2009 2:37:21 PM - Removed EarthLink setup files
RP109: 4/29/2009 2:38:21 PM - Removed Norton Security Center
RP110: 4/29/2009 2:40:36 PM - Removed Symantec AntiVirus
RP111: 4/29/2009 2:43:23 PM - Removed Windows Defender
RP112: 4/29/2009 3:01:25 PM - Installed McAfee VirusScan Enterprise
RP113: 4/30/2009 1:03:11 PM - Software Distribution Service 3.0
RP114: 4/30/2009 3:20:55 PM - Software Distribution Service 3.0
RP115: 5/2/2009 1:24:30 AM - System Checkpoint
RP116: 5/3/2009 10:03:05 AM - System Checkpoint
RP117: 5/4/2009 12:21:18 PM - System Checkpoint
RP118: 5/5/2009 12:35:36 PM - System Checkpoint
RP119: 5/6/2009 1:25:38 PM - System Checkpoint
RP120: 5/7/2009 2:25:30 PM - System Checkpoint
RP121: 5/8/2009 7:24:59 PM - System Checkpoint
RP122: 5/10/2009 12:29:15 AM - System Checkpoint
RP123: 5/11/2009 2:10:15 AM - System Checkpoint
RP124: 5/12/2009 7:49:04 AM - System Checkpoint
RP125: 5/13/2009 3:00:39 AM - Software Distribution Service 3.0
RP126: 5/14/2009 3:11:10 AM - System Checkpoint
RP127: 5/15/2009 6:04:22 AM - System Checkpoint
RP128: 5/16/2009 6:14:46 AM - System Checkpoint
RP129: 5/17/2009 8:56:39 AM - System Checkpoint
RP130: 5/18/2009 8:58:21 AM - System Checkpoint
RP131: 5/19/2009 9:13:42 AM - System Checkpoint
RP132: 5/20/2009 9:15:20 AM - System Checkpoint
RP133: 5/21/2009 10:44:50 AM - System Checkpoint
RP134: 5/22/2009 11:05:18 AM - System Checkpoint
RP135: 5/23/2009 11:46:41 AM - System Checkpoint
RP136: 5/24/2009 12:02:29 PM - System Checkpoint
RP137: 5/25/2009 1:03:00 PM - System Checkpoint
RP138: 5/27/2009 12:37:27 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Digital Line Detect
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP PSC & OfficeJet 4.7
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
mCore
mDrWiFi
Mega Sudoku Plus
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Move Media Player
Mozilla Firefox (3.0.10)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
NetZero For Cosmi
NetZeroInstallers
Otto
Palm Desktop by ACCESS
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer Basic
RegCure 1.5.2.7
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Skype™ 3.6
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
VC 9.0 Runtime
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

5/27/2009 5:07:23 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/27/2009 4:23:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 3:13:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2009 2:06:48 PM, error: System Error [1003] - Error code 100000d1, parameter1 e228d000, parameter2 00000002, parameter3 00000000, parameter4 f3120e00.
5/27/2009 2:06:47 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2326000, parameter2 00000002, parameter3 00000000, parameter4 f3105e00.
5/27/2009 2:06:41 PM, error: System Error [1003] - Error code 100000d1, parameter1 e234b000, parameter2 00000002, parameter3 00000000, parameter4 f3174e00.
5/27/2009 2:06:38 PM, error: System Error [1003] - Error code 100000d1, parameter1 e22d2000, parameter2 00000002, parameter3 00000000, parameter4 f382be00.
5/27/2009 2:06:36 PM, error: System Error [1003] - Error code 100000d1, parameter1 e22e5000, parameter2 00000002, parameter3 00000000, parameter4 f382be00.
5/27/2009 2:06:34 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2004000, parameter2 00000002, parameter3 00000000, parameter4 f3803e00.
5/27/2009 2:06:33 PM, error: System Error [1003] - Error code 100000d1, parameter1 e22f0000, parameter2 00000002, parameter3 00000000, parameter4 f3813e00.
5/27/2009 2:06:31 PM, error: System Error [1003] - Error code 100000d1, parameter1 e22a0000, parameter2 00000002, parameter3 00000000, parameter4 f3853e00.
5/27/2009 2:05:57 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2034000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/27/2009 2:05:55 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2258000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/27/2009 2:05:46 PM, error: System Error [1003] - Error code 100000d1, parameter1 e202b000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/27/2009 2:05:27 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2030000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/27/2009 2:05:23 PM, error: System Error [1003] - Error code 100000d1, parameter1 e2206000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/27/2009 12:26:03 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE239705. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2009 1:04:55 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE239705. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/26/2009 9:55:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/26/2009 9:24:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/26/2009 8:13:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm kl1 KLIF
5/26/2009 8:12:07 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/26/2009 8:03:53 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/26/2009 6:38:31 PM, error: System Error [1003] - Error code 100000d1, parameter1 e214b000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/26/2009 6:26:23 PM, error: Service Control Manager [7022] - The McAfee McShield service hung on starting.
5/26/2009 5:04:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
5/26/2009 10:16:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/26/2009 1:29:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kl1 KLIF
5/26/2009 1:25:35 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/26/2009 1:25:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
5/26/2009 1:02:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec kl1 KLIF mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/26/2009 1:02:24 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2009 1:02:24 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2009 1:02:24 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2009 1:02:24 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2009 1:02:24 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2009 1:01:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/25/2009 9:51:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde kl1 KLIF
5/25/2009 10:05:18 PM, error: System Error [1003] - Error code 100000d1, parameter1 e221e000, parameter2 00000002, parameter3 00000000, parameter4 f386be00.
5/24/2009 9:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
5/24/2009 9:48:07 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2009 9:48:07 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
5/24/2009 9:44:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/22/2009 5:31:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/22/2009 5:31:32 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2009 5:17:25 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

evilfantasy · « **Reply #7 on:** May 27, 2009, 06:32:29 PM »

Go to Add or Remove Programs and uninstall:

- My Way Search Assistant
- RegCure 1.5.2.7 See here > http://www.mywot.com/en/scorecard/regcure.com

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
mStart Page = hxxp://www.dell4me.com/myway
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

File::
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job

Folder::
C:\SDFix
c:\program files\RegCure

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Wittknee · « **Reply #8 on:** May 27, 2009, 07:14:30 PM »

I was able to remove RegCure, but when I tried to remove My Way Search Assistant, a window popped up saying: "Error Loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\descas.dll Specified module could not be found." Also during ComboFix, there was a small popup bubble that appeared in my taskbar before the computer rebooted saying that a file cf10250.exe in my windows temp folder was corrupt. Here is the combofix log...

ComboFix 09-05-26.05 - Whitney Harper 05/27/2009 17:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.346 [GMT -7:00]
Running from: c:\documents and settings\Whitney Harper\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Whitney Harper\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\Tasks\RegCure Program Check.job"
"c:\windows\Tasks\RegCure.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\messenger\msmsgs.exe
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\backups_old\backupreg.zip
c:\sdfix\backups_old\backups.zip
c:\sdfix\backups_old\catchme.log
c:\sdfix\backups_old\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\Report_old_1.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 00:11 . 2009-05-28 00:11   --------   d--h--w   c:\windows\PIF
2009-05-27 02:51 . 2009-05-27 02:51   578560   ----a-w   c:\windows\system32\dllcache\user32.dll
2009-05-27 02:41 . 2009-05-27 02:41   --------   d-----w   c:\windows\ERUNT
2009-05-26 16:34 . 2009-05-26 16:34   --------   d-----w   c:\program files\Trend Micro
2009-05-26 16:32 . 2009-05-26 16:32   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\system32\scripting
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\l2schemas
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\system32\en
2009-05-26 04:26 . 2009-05-26 04:26   --------   d-----w   c:\windows\system32\bits
2009-05-26 04:21 . 2009-05-26 04:26   --------   d-----w   c:\windows\ServicePackFiles
2009-05-25 21:27 . 2009-05-25 21:27   --------   d-----w   c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-05-25 21:26 . 2009-05-25 21:26   20480   ----a-w   c:\windows\system32\pm.exe
2009-04-30 20:01 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-30 20:01 . 2008-04-21 12:08   215552   ------w   c:\windows\system32\dllcache\wordpad.exe
2009-04-29 23:41 . 2009-04-29 23:41   2967799   ----a-w   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-29 22:10 . 2009-05-25 21:49   --------   d-----w   C:\QUARANTINE
2009-04-29 22:02 . 2009-04-29 22:02   --------   d-----w   c:\program files\Common Files\Cisco Systems
2009-04-29 22:02 . 2006-12-19 22:06   1495552   ----a-w   c:\windows\system32\epoPGPsdk.dll
2009-04-29 22:02 . 2009-04-29 22:02   --------   d-----w   c:\documents and settings\All Users\Application Data\McAfee
2009-04-29 22:01 . 2006-11-30 15:50   34152   ----a-w   c:\windows\system32\drivers\mfebopk.sys
2009-04-29 22:01 . 2006-11-30 15:50   64360   ----a-w   c:\windows\system32\drivers\mfeapfk.sys
2009-04-29 22:01 . 2006-11-30 15:50   72264   ----a-w   c:\windows\system32\drivers\mfeavfk.sys
2009-04-29 22:01 . 2007-02-23 03:50   170408   ----a-w   c:\windows\system32\drivers\mfehidk.sys
2009-04-29 22:01 . 2006-11-30 15:50   52136   ----a-w   c:\windows\system32\drivers\mfetdik.sys
2009-04-29 22:01 . 2009-04-29 22:02   --------   d-----w   c:\program files\McAfee
2009-04-29 22:01 . 2009-04-29 22:01   --------   d-----w   c:\program files\Common Files\McAfee
2009-04-28 05:34 . 2009-05-05 06:43   18189072   ----a-w   c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2152_us.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 15:47 . 2005-07-27 12:27   --------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-26 04:32 . 2004-08-19 21:05   88859   ----a-w   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-30 15:02 . 2005-07-27 12:26   --------   d-----w   c:\program files\Common Files\AOL
2009-04-30 15:02 . 2005-07-27 12:26   --------   d-----w   c:\documents and settings\All Users\Application Data\AOL
2009-04-29 23:41 . 2008-12-23 07:34   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-29 21:45 . 2007-07-12 18:08   --------   d-----w   c:\program files\Zone Labs
2009-04-29 21:42 . 2005-07-27 12:33   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-29 21:42 . 2005-07-27 12:33   --------   d-----w   c:\program files\Symantec
2009-04-29 21:42 . 2005-07-27 12:33   --------   d-----w   c:\documents and settings\All Users\Application Data\Symantec
2009-04-29 21:36 . 2007-12-21 05:44   --------   d-----w   c:\program files\Lavasoft
2009-04-26 01:40 . 2009-04-26 01:40   78   ----a-w   c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\install.bat
2009-04-26 01:40 . 2009-04-26 01:40   24576   ----a-w   c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Music Mood for Skype.exe
2009-04-26 01:40 . 2009-04-26 01:40   1717848   ----a-w   c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
2009-04-06 22:32 . 2008-12-23 07:34   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-12-23 07:34   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-03-22 18:28 . 2007-09-27 06:29   15728049   ----a-w   c:\windows\Internet Logs\tvDebug.zip
2009-03-06 14:22 . 2004-08-19 20:49   284160   ----a-w   c:\windows\system32\pdh.dll
2008-12-23 04:37 . 2007-07-12 18:09   79921184   --sha-w   c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-19 196608]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-07-27 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-03 267048]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-27 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08   110592   ----a-w   c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Whitney Harper\Application Data\Mozilla\Firefox\Profiles\l430uqoi.default\
FF - plugin: c:\documents and settings\Whitney Harper\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 17:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1171515518-3060005268-2272717694-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-05-28 18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 01:03
ComboFix2.txt 2009-05-27 23:38

Pre-Run: 16,184,320,000 bytes free
Post-Run: 16,159,191,040 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
295   --- E O F ---   2009-05-27 03:11

evilfantasy · « **Reply #9 on:** May 27, 2009, 07:25:23 PM »

Download and run the My Web Search Bar Uninstaller.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

Unzip the file and open the JavaRa.exe
Click Remove Older Versions
JavaRa will search for and remove any outdated version of Java and remove any that are found.
Click Additional Tasks
Place a check next to Remove Useless JRE Files and click Go
Exit JavaRa
Delete the JavaRa files from the Desktop

.
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

----------

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

Wittknee · « **Reply #10 on:** May 27, 2009, 10:58:37 PM »

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 28, 2009 04:44:32
Records in database: 2262527
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   C:\
   D:\

Scan statistics:
   Files scanned: 77531
   Threat name: 2
   Infected objects: 2
   Suspicious objects: 0
   Duration of the scan: 02:06:47

File name / Threat name / Threats count
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe   Infected: Trojan-PSW.Win32.LdPinch.agff   1
C:\WINDOWS\system32\pm.exe   Infected: Trojan-Downloader.Win32.FraudLoad.vyuu   1

The selected area was scanned.

evilfantasy · « **Reply #11 on:** May 28, 2009, 10:18:14 AM »

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start
An information notice will appear, click OK.
This starts a short scan that will scan the files currently running in memory.
If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
If or when something is found, click the Yes button when it asks you if you want to cure it.

Once the short scan has finished, Click Settings > Change Settings
Under the Scanning tab UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

Wittknee · « **Reply #12 on:** May 28, 2009, 02:06:20 PM »

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Whitney Harper\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Whitney Harper\Desktop;Archive contains infected objects;Moved.;
A0041156.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP140\A0041156.exe;Tool.Prockill;;
A0041156.exe;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP140;Archive contains infected objects;Moved.;

evilfantasy · « **Reply #13 on:** May 28, 2009, 03:14:09 PM »

Looks good. How is the computer running now?

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Wittknee · « **Reply #14 on:** May 28, 2009, 03:34:32 PM »

Seems to be working just fine

thank you so much.. glad I didn't give up and reformat without asking for help. What if anything can/should I delete? (DrWeb, ATF Cleaner, DDS, HJT)

evilfantasy · « **Reply #15 on:** May 28, 2009, 03:58:55 PM »

Your welcome.

You can uninstall or delete all of those.

Computer Hope Forum

News:

Author Topic: search engine redirect virus and the dreaded blue screen (Read 14152 times)

Wittknee

search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen

Wittknee

Re: search engine redirect virus and the dreaded blue screen

evilfantasy

Re: search engine redirect virus and the dreaded blue screen