After Malware removed Trojan TDSS - I reinstalled IE 7 and I still get the same message from IE that it has encountered a problem and will close. below are the logs from HijackThis and Malware:

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:46 PM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {317DF413-CF6A-4B17-9676-8987CAAF2BE0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167172611361
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167172599533
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...378/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: wfhgyw.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O24 - Desktop Component 0: (no name) - http://img.brightroom.com/0/18453/295/18453-295-017f.jpg
O24 - Desktop Component 1: (no name) - http://img.brightroom.com/0/18453/97/18453-097-018f.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/Cucha/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8610 bytes


Malware:
Malwarebytes' Anti-Malware 1.39
Database version: 2480
Windows 5.1.2600 Service Pack 3

8/9/2009 2:40:45 AM
mbam-log-2009-08-09 (02-40-45).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 226711
Time elapsed: 1 hour(s), 33 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Any assistance would be greatly appreciated.

Update- I ran Malware again after updating the data files and this is the new log:
Malwarebytes' Anti-Malware 1.40
Database version: 2594
Windows 5.1.2600 Service Pack 3

8/10/2009 8:43:08 PM
mbam-log-2009-08-10 (20-43-08).txt

Scan type: Quick Scan
Objects scanned: 103916
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\vyowk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Hello mmv,

I looked briefly at your other posts. Do NOT use any registry tool, please.
Your system had & may still have a rootkit infection.
Please start on the following, right away:

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!
If you are not mmv and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.


To start:
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=
Go here and download RootRepeal to your Desktop. Doubleclick to extract the compressed file to it's own folder and then rightclick on RootRepeal.exe and choose "Run as Administrator" Click on the Report tab and then click on Scan. A Windows will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

You will then be asked which drive to scan. Check C: (or the drive your operating system is installed on if not C) and click Ok again. The scan will start. It will take a little while so please be patient. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should default there). When you have done this, please copy and paste it in this thread.

Reply with copy of Rootrepeal.txt

Hi Maurice Naggar-

Does "Do not run or start any other programs while these utilities and tools are in use!" include the McAfee Anti Virus? I will work on this as soon as I get home.

Thank you-

That is mainly a reminder for you to not run other programs, for example, some of your apps, or websurfing, etc.
As to Mcafee, IF it interferes with RootRepeal, I'd want you to "temporarily" disabled it (and re-enable when all done).
If you do not know how to do that,
see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
http://www.bleepingcomputer.com/forums/ind...howtopic=114351

Don't disable your firewall.

Hello Maurice Naggar- Attached is the Rootrepeal.txt Thank you-

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 19:38
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF526C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D19000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF23A2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: c:\documents and settings\all users\application data\mcafee\mbk\b140751b-6e5a-4a1b-9020-0f294377d32f\arbusfile.gdb
Status: Allocation size mismatch (API: 1392640, Raw: 1388544)

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8371e6b0]
Process: System Address: 0x839b7170 Size: 2246

Object: Hidden Code [ETHREAD: 0x8371e438]
Process: System Address: 0x839a1f6f Size: 146

Object: Hidden Code [ETHREAD: 0x8372baf0]
Process: System Address: 0x839d54e7 Size: 2842

Object: Hidden Code [ETHREAD: 0x83677b30]
Process: System Address: 0x839a4be1 Size: 1055

Object: Hidden Code [ETHREAD: 0x838aa740]
Process: System Address: 0x839b7170 Size: 2246

Object: Hidden Code [ETHREAD: 0x83f02b00]
Process: System Address: 0x839a1f6f Size: 146

Object: Hidden Code [ETHREAD: 0x83550c18]
Process: System Address: 0x839d54e7 Size: 2842

Object: Hidden Code [ETHREAD: 0x832fc588]
Process: System Address: 0x839a4be1 Size: 1055

Object: Hidden Code [Driver: ACPI, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83981190 Size: 3699

==EOF==

By the way, use only the ADDREPLY button when starting a reply.
Do NOT use the one with "REPLY

Also, do NOT use the Attach option to put your logs.
Use NOTEPAD to open log(s) and the select all, and Copy all, then PASTE the line in the body of the reply text-box.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on Combo-Fix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:

then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with a copy In-Line of the C:\Combofix.txt

Results from the ComboFix.txt:


ComboFix 09-08-10.06 - Cucha 08/11/2009 21:41.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.423 [GMT -4:00]
Running from: c:\documents and settings\Cucha\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1605265594
c:\docume~1\Cucha\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Cucha\Local Settings\Temp\catchme.dll
c:\windows\Installer\3e9de.msi
c:\windows\Installer\85a77.msi
c:\windows\system32\criggvsl.ini
c:\windows\system32\geyekrjapxoymy.dat
c:\windows\system32\geyekrqxbyhope.dat
c:\windows\system32\hjmbkmqt.ini
c:\windows\system32\iqtnsdsd.ini
c:\windows\system32\lxuvjfdq.ini
c:\windows\system32\uactmp.db
c:\windows\system32\UACugsdtqskocdnbituo.db
c:\windows\system32\vFfiSvut.ini
c:\windows\system32\vFfiSvut.ini2


.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-11 23:37 . 2009-08-11 23:37 0 ----a-w- c:\documents and settings\Cucha\settings.dat
2009-08-11 22:39 . 2009-08-11 22:39 -------- d-----w- c:\program files\ERUNT
2009-08-11 00:06 . 2009-08-11 00:06 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-10 23:54 . 2009-08-10 23:54 -------- d-----w- c:\program files\Trend Micro
2009-08-06 01:35 . 2009-08-06 01:35 -------- d-----w- c:\program files\CCleaner
2009-08-03 23:45 . 2009-08-03 23:45 1152 ----a-w- C:\reregisterie.cmd
2009-07-23 20:18 . 2009-07-23 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 20:18 . 2009-07-24 10:27 -------- d-----w- c:\documents and settings\Cucha\Application Data\SUPERAntiSpyware.com
2009-07-23 20:18 . 2009-07-24 10:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 18:19 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 18:19 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 18:19 . 2009-08-11 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-16 09:17 . 2009-07-16 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\14434064
2009-07-14 03:43 . 2009-07-14 03:43 286208 -c----w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-14 03:43 . 2009-07-14 03:43 10841088 -c----w- c:\windows\system32\dllcache\wmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 17:42 . 2008-10-06 04:07 -------- d-----w- c:\documents and settings\Cucha\Application Data\U3
2009-08-06 02:16 . 2009-05-06 16:56 -------- d-----w- c:\program files\Coupons
2009-08-05 09:01 . 2001-08-30 10:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 20:52 . 2006-12-27 07:31 -------- d-----w- c:\program files\Google
2009-07-26 11:55 . 2008-11-08 01:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-21 22:55 . 2008-07-09 22:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-17 19:01 . 2001-08-30 10:30 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 23:09 . 2008-11-08 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 23:03 . 2008-11-08 00:35 -------- d-----w- c:\program files\McAfee
2009-07-08 17:53 . 2008-04-13 16:28 -------- d-----w- c:\program files\Common Files\Skype
2009-07-08 17:52 . 2007-02-14 02:14 -------- d--h--w- c:\documents and settings\Cucha\Application Data\Move Networks
2009-07-03 17:02 . 2007-12-04 07:47 -------- d-----w- c:\program files\VideoLAN
2009-07-03 16:49 . 2009-07-03 16:49 -------- d-----w- c:\documents and settings\Cucha\Application Data\vlc
2009-06-29 16:12 . 2004-01-08 20:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-30 10:30 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-20 18:44 . 2009-06-20 18:44 390664 ----a-w- c:\documents and settings\Cucha\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-17 16:06 . 2009-01-05 00:04 1915520 -c--a-w- c:\documents and settings\Cucha\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-16 14:36 . 2001-08-30 10:30 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-30 10:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2001-08-30 10:30 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:22 . 2009-06-10 14:22 61224 ----a-w- c:\documents and settings\Cucha\GoToAssistDownloadHelper.exe
2009-06-10 14:13 . 2001-08-30 10:30 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2006-12-26 00:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2001-08-30 10:30 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2001-08-30 10:30 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 02:42 . 2009-05-27 02:42 62724 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Custom Uninstall Tracking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4175:TCP"= 4175:TCP:slsk

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/7/2008 8:42 PM 206096]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
R3 USB-100;USB 10/100 Ethernet Adapter;c:\windows\system32\drivers\USBER100.SYS [12/26/2006 6:34 PM 23938]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2/7/2008 12:07 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2/7/2008 12:07 PM 166384]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2/7/2008 12:06 PM 1112560]
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 15:53]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 15:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{317DF413-CF6A-4B17-9676-8987CAAF2BE0} - (no file)
MSConfigStartUp-VerizonServicepoint - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-08-12 21:54
ComboFix-quarantined-files.txt 2009-08-12 01:54

Pre-Run: 10,263,605,248 bytes free
Post-Run: 10,222,837,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

212 --- E O F --- 2009-08-12 00:09



Thank you-

The Combofix scan log is encouraging, but you are not yet done.
Combofix found and removed a few pieces of TDSS/geyekr/UAC rootkit. But there needs to be more checking.

Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

Trend Micro Damage Cleanup Engine
• Make sure you read this document to understand how to use the program. Trend Micro Sysclean Package README 1st
• Basically there are 3 parts that need to be downloaded from these links:
  
  1. Sysclean Package
  2. Virus Pattern Files
  3. Spyware Pattern Files

• Create a brand new folder to copy these files to.
• As an example: C:\DCE
• Then open each of the zipped archive files and copy their contents to C:\DCE
• Copy the file sysclean.com to the new folder C:\DCE as well.
• Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.
  
  After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

=
Next, Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=
Reply with copy of the Sysclean log,
the MBAM scan log
and tell me, How is your system now ?

Hello -
Sysclean log

2009-08-12, 18:05:18, Auto-clean mode specified.
2009-08-12, 18:05:19, Initialized Rootkit Driver version 2.2.0.1004.
2009-08-12, 18:05:19, Running scanner "C:\DCE\TSC.BIN"...
2009-08-12, 18:05:50, Scanner "C:\DCE\TSC.BIN" has finished running.
2009-08-12, 18:05:50, TSC Log:

ÿþD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 1 ( B u i l d 1 0 2 7 ) ( R C M : 2 . 2 . 0 - 1 0 0 4 )


W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 3 )




S t a r t t i m e : W e d A u g 1 2 2 0 0 9 1 8 : 0 5 : 2 0





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ t s c . p t n " ( v e r s i o n 1 0 5 4 ) [ s u c c e s s ]





C o m p l e t e t i m e : W e d A u g 1 2 2 0 0 9 1 8 : 0 5 : 5 0


E x e c u t e p a t t e r n c o u n t ( 3 0 6 1 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2009-08-12, 18:05:50, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 19:26:33, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 19:26:33, VSCANTM Log:

2009-08-12, 19:26:33, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 18:05:50
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.357

C:\Qoobox\Quarantine\C\WINDOWS\system32\criggvsl.ini.vir [Mal_VundoG]
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjmbkmqt.ini.vir [Mal_VundoG]
C:\Qoobox\Quarantine\C\WINDOWS\system32\iqtnsdsd.ini.vir [Mal_VundoG]
C:\Qoobox\Quarantine\C\WINDOWS\system32\lxuvjfdq.ini.vir [Mal_VundoG]
C:\Qoobox\Quarantine\C\WINDOWS\system32\vFfiSvut.ini.vir [Mal_VundoG]
C:\Qoobox\Quarantine\C\WINDOWS\system32\vFfiSvut.ini2.vir [Mal_VundoG]
76262 files have been read.
76262 files have been checked.
76213 files have been scanned.
124281 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:26:33 1 hour 20 minutes 42 seconds (4841.91 seconds) has elapsed.(63.490 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:26:33, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 18:05:50
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.357

Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\criggvsl.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\hjmbkmqt.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\iqtnsdsd.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\lxuvjfdq.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\vFfiSvut.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\vFfiSvut.ini2.vir
76262 files have been read.
76262 files have been checked.
76213 files have been scanned.
124281 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:26:33 1 hour 20 minutes 42 seconds (4841.91 seconds) has elapsed.(63.490 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:26:33, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 18:05:50
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.357

Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\criggvsl.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\hjmbkmqt.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\iqtnsdsd.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\lxuvjfdq.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\vFfiSvut.ini.vir
Fail to Clean [ Mal_VundoG]( 1) from C:\Qoobox\Quarantine\C\WINDOWS\system32\vFfiSvut.ini2.vir
76262 files have been read.
76262 files have been checked.
76213 files have been scanned.
124281 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:26:33 1 hour 20 minutes 42 seconds (4841.91 seconds) has elapsed.(63.490 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:26:34, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 19:27:16, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 19:27:16, VSCANTM Log:

2009-08-12, 19:27:16, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:26:35
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR E:\*.* /P=C:\DCE\lpt$vpn.357

1889 files have been read.
1889 files have been checked.
1889 files have been scanned.
1889 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:27:16 39 seconds (39.58 seconds) has elapsed.(20.952 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:27:16, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:26:34
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR E:\*.* /P=C:\DCE\lpt$vpn.357

1889 files have been read.
1889 files have been checked.
1889 files have been scanned.
1889 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:27:16 39 seconds (39.58 seconds) has elapsed.(20.952 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:27:16, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:26:35
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR E:\*.* /P=C:\DCE\lpt$vpn.357

1889 files have been read.
1889 files have been checked.
1889 files have been scanned.
1889 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:27:16 39 seconds (39.58 seconds) has elapsed.(20.952 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:27:16, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 19:48:00, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 19:48:00, VSCANTM Log:

2009-08-12, 19:48:00, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:27:17
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR F:\*.* /P=C:\DCE\lpt$vpn.357

18689 files have been read.
18689 files have been checked.
18667 files have been scanned.
26207 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:48:00 20 minutes 41 seconds (1240.69 seconds) has elapsed.(66.386 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:48:00, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:27:17
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR F:\*.* /P=C:\DCE\lpt$vpn.357

18689 files have been read.
18689 files have been checked.
18667 files have been scanned.
26207 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:48:00 20 minutes 41 seconds (1240.69 seconds) has elapsed.(66.386 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:48:00, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:27:17
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR F:\*.* /P=C:\DCE\lpt$vpn.357

18689 files have been read.
18689 files have been checked.
18667 files have been scanned.
26207 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:48:00 20 minutes 41 seconds (1240.69 seconds) has elapsed.(66.386 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:48:00, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 19:48:02, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 19:48:02, VSCANTM Log:

2009-08-12, 19:48:02, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:48:00
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR G:\*.* /P=C:\DCE\lpt$vpn.357

8 files have been read.
8 files have been checked.
8 files have been scanned.
8 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:48:02 0.22 seconds has elapsed.(27.250 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:48:02, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:48:00
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR G:\*.* /P=C:\DCE\lpt$vpn.357

8 files have been read.
8 files have been checked.
8 files have been scanned.
8 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:48:02 0.22 seconds has elapsed.(27.250 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:48:02, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 19:48:00
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR G:\*.* /P=C:\DCE\lpt$vpn.357

8 files have been read.
8 files have been checked.
8 files have been scanned.
8 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 19:48:02 0.22 seconds has elapsed.(27.250 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 19:48:02, Running SSAPI scanner ""...
2009-08-12, 20:43:50, SSAPI Log:

SSAPI Scanner Version: 1.0.1003
SSAPI Engine Version: 5.2.1032
SSAPI Pattern Version: 8.09
SSAPI Anti-Rootkit Version: 2.2.0.1004

Spyware Scan Started: 08/12/2009 19:48:09


SSAPI requires the system to reboot.
Detected Items:
[CLEAN SUCCESS][Cookie_YieldManager] Internet Explorer Cache\ad.yieldmanager.com,Cookie:cucha@ad.yieldmanager.com/,C:\Documents and Settings\Cucha\Cookies\cucha@ad.yieldmanager[1].txt
[CLEAN SUCCESS][Cookie_Pointroll] Internet Explorer Cache\ads.pointroll.com,Cookie:cucha@ads.pointroll.com/,C:\Documents and Settings\Cucha\Cookies\cucha@ads.pointroll[2].txt
[CLEAN SUCCESS][Cookie_Advertising] Internet Explorer Cache\advertising.com,Cookie:cucha@advertising.com/,C:\Documents and Settings\Cucha\Cookies\cucha@advertising[1].txt
[CLEAN SUCCESS][Cookie_Atdmt] Internet Explorer Cache\atdmt.com,Cookie:cucha@atdmt.com/,C:\Documents and Settings\Cucha\Cookies\cucha@atdmt[2].txt
[CLEAN SUCCESS][Cookie_DoubleClick] Internet Explorer Cache\doubleclick.net,Cookie:cucha@doubleclick.net/,C:\Documents and Settings\Cucha\Cookies\cucha@doubleclick[1].txt
[CLEAN SUCCESS][Cookie_Questionmarket] Internet Explorer Cache\questionmarket.com,Cookie:cucha@questionmarket.com/,C:\Documents and Settings\Cucha\Cookies\cucha@questionmarket[1].txt
[CLEAN SUCCESS][Cookie_LivePerson] Internet Explorer Cache\server.iad.liveperson.net,Cookie:cucha@server.iad.liveperson.net/hc/19452074,C:\Documents and Settings\Cucha\Cookies\cucha@server.iad.liveperson[1].txt
[CLEAN SUCCESS][Cookie_LivePerson] Internet Explorer Cache\server.iad.liveperson.net,Cookie:cucha@server.iad.liveperson.net/,C:\Documents and Settings\Cucha\Cookies\cucha@server.iad.liveperson[3].txt
[CLEAN SUCCESS][Cookie_StatCounter] Internet Explorer Cache\statcounter.com,Cookie:cucha@statcounter.com/,C:\Documents and Settings\Cucha\Cookies\cucha@statcounter[1].txt
Detected: 9 items.
Cleaned Success: 9 items.
Clean Failed: 0 items.

Spyware Scan Ended: 08/12/2009 20:43:50
Scan Complete. Time=3346.675781.

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2009-2010, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2009-08-12, 20:50:01, Auto-clean mode specified.
2009-08-12, 20:50:01, Initialized Rootkit Driver version 2.2.0.1004.
2009-08-12, 20:50:02, Running scanner "C:\DCE\TSC.BIN"...
2009-08-12, 20:50:40, Scanner "C:\DCE\TSC.BIN" has finished running.
2009-08-12, 20:50:40, TSC Log:

ÿþD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 1 ( B u i l d 1 0 2 7 ) ( R C M : 2 . 2 . 0 - 1 0 0 4 )


W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 3 )




S t a r t t i m e : W e d A u g 1 2 2 0 0 9 2 0 : 5 0 : 0 4





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ t s c . p t n " ( v e r s i o n 1 0 5 4 ) [ s u c c e s s ]





C o m p l e t e t i m e : W e d A u g 1 2 2 0 0 9 2 0 : 5 0 : 4 0


E x e c u t e p a t t e r n c o u n t ( 3 0 6 1 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2009-08-12, 20:50:40, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 20:51:02, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 20:51:02, VSCANTM Log:

2009-08-12, 20:51:02, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:50:40
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:02, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:50:40
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:02, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:50:40
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:02, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 20:51:04, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 20:51:04, VSCANTM Log:

2009-08-12, 20:51:04, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:02
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR E:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:04, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:02
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR E:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:04, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:02
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR E:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:04, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 20:51:06, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 20:51:06, VSCANTM Log:

2009-08-12, 20:51:06, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:04
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR F:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:06, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:04
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR F:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:06, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:04
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR F:\*.* /P=C:\DCE\lpt$vpn.357

2009-08-12, 20:51:06, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-08-12, 20:51:07, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-08-12, 20:51:07, VSCANTM Log:

2009-08-12, 20:51:07, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:06
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR G:\*.* /P=C:\DCE\lpt$vpn.357

8 files have been read.
8 files have been checked.
8 files have been scanned.
8 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 20:51:07 0.08 seconds has elapsed.(9.750 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 20:51:07, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:06
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR G:\*.* /P=C:\DCE\lpt$vpn.357

8 files have been read.
8 files have been checked.
8 files have been scanned.
8 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 20:51:07 0.08 seconds has elapsed.(9.750 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 20:51:07, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 8/12/2009 20:51:06
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 357 (463257/463257 Patterns) (2009/08/11) (635700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR G:\*.* /P=C:\DCE\lpt$vpn.357

8 files have been read.
8 files have been checked.
8 files have been scanned.
8 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 8/12/2009 20:51:07 0.08 seconds has elapsed.(9.750 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-08-12, 20:51:07, Running SSAPI scanner "C:\DCE\"...
2009-08-12, 20:51:09, SSAPI Log:



MBAM LOGS-
Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 5.1.2600 Service Pack 3

8/12/2009 9:03:51 PM
mbam-log-2009-08-12 (21-03-51).txt

Scan type: Quick Scan
Objects scanned: 101196
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I haven't had a chance to be online and see if I get kicked out of IE. System seems a bit slow but, it was always slow.

Thank you-

Scan the system with the Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner

Attention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

1) Click the Kapersky Online Scanner button. You'll see a popup window.
2) Accept the agreement
3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )
4) For XP SP2-SP3, click the Install button when prompted
5) The necessary files will be downloaded and installed. Please have plenty of patience.
6) After Kaspersky AntiVirus Database is updated, look at the Scan box.
7) Click the My Computer line
8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.
Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or SmitFraudFix items, or ComboFix's Qoobox & quarantine.
Kaspersky is a report only and does not remove files.

=
Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
=

Start HijackThis. Do a San and Save log.


Post back with copies of the Kaspersky.txt report
checkup.txt
and the new HijackThis log.
How is your system now ?

Hello Maurice Naggar- Sorry, this is taking so long- Kaspersky took a long time.

One thing that is not happening is getting kicked out of IE- but while online its very slow -specially when in email (yahoo). I also noticed that I have an extra IE icon on the desktop and my desktop background pic is gone. It just seems that overall even outside of IE things are running slow.
Thank you-

Kaspersky.txt

KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 14, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 14, 2009 02:01:07
Records in database: 2623224
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
J:\

Scan statistics:
Objects scanned: 98973
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:11:25

No threats found. Scanned area is clean.

Selected area has been scanned.


Checkup.txt

Results of screen317's Security Check version 0.98.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner


``````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe

``````````````````````````````
DNS Vulnerability Check:
GREAT! (Very random)

`````````End of Log```````````

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:30 AM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cucha\Local Settings\Temp\jkos-Cucha\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167172611361
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167172599533
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...378/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O24 - Desktop Component 0: (no name) - http://img.brightroom.com/0/18453/295/18453-295-017f.jpg
O24 - Desktop Component 1: (no name) - http://img.brightroom.com/0/18453/97/18453-097-018f.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/Cucha/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--

Hello- Update-
I just turned on my PC and got this message "McAfee Proxy Service Module has encountered a problem and needs to close" clicke on the info link and it pointed out issues with Mcproxy.exe.

Thank you-

Hello mmv,

I hope the McAfee "burp" is something temporary. Let me suggest you logoff and Restart the system fresh.

Do tell me if your McAfee was temporarily disabled while (and during) the install of IE version 7 ?

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still presentClick on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!
Save any open documents you may have that you're working on. Exit/close your open windows. This next procedure will force a reboot/restart. It is intended here to delete all temporary files and temp cache.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :files
  C:\recycler
  D:\recycler
  e:\recycler
  f:\recycler
  g:\recycler
  h:\recycler
  
  :Commands
  [purity]
  [emptytemp]
  [reboot]
  
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
• Using your mouse, click on the red-lettered button Run Fix.
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
• The log will open in Notepad (your default text editor).
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader. Get the latest version from http://www.adobe.com/products/acrobat/readstep2.html

=

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
• Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 16 -"
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_16 from Sun Microsystems Inc.

=

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here
or http://download.bleepingcomputer.com/sUBs/dds.scr
or http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

Save both reports to your desktop.

Please include the following logs in your next reply:
DDS.txt
Attach.txt

Reply with copy of the OTL MovedFiles log
and DDS.txt

Hello Maurice Naggar-

I can't recall if Mcafee was disabled while installing the IE version 7, but I'm not getting the error message about the proxy.

The couple of times I've been online I get the following error messages from IE:
IE has encountered a problem a needs to close. We are sorry for the inconvenience.
C:\DOCUME~1\Cucha\LOCALS~1\Temp\8259_appcompat.txt

The next day when I my email just hangs and I closed using ctrl alt del
C:\DOCUME~1\Cucha\LOCALS~1\Temp\WER1c56.dir00\iexplore.exe.mdmp
C:\DOCUME~1\Cucha\LOCALS~1\Temp\WER1c56.dir00\appcompat.txt

Also when I'm in email and if I double click a message it takes a while to load and the status bar at the bottom of the window reads: waiting for http//ad.yieldmanager.com/frame3?vaudabccqdomjqaaaaaFotcwaaaaa or something like this:
waiting for htpp//us.mc381.mail/yahoo.com/ --I never noticed this before or maybe now because its slow.


I started HijackThis and checkmarked the three items and ran Fix Checked.
Thank you for your time and patience.

OTL.LOG

All processes killed
========== FILES ==========
C:\RECYCLER\S-1-5-21-1645522239-1606980848-839522115-1004\Dc4 moved successfully.
C:\RECYCLER\S-1-5-21-1645522239-1606980848-839522115-1004\Dc1 moved successfully.
C:\RECYCLER\S-1-5-21-1645522239-1606980848-839522115-1004 moved successfully.
C:\RECYCLER moved successfully.
File\Folder D:\recycler not found.
e:\RECYCLER\S-1-5-21-3685698554-1690843657-1110412475-1003 moved successfully.
e:\RECYCLER\S-1-5-21-1645522239-1606980848-839522115-1004 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\WinSxS\Manifests moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\WinSxS\InstallTemp moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\WinSxS moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Web\printers\images moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Web\printers moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Web moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\twain_32 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Temp moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wins moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wbem\xml moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wbem\Repository moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wbem\mof\good moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wbem\mof\bad moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wbem\mof moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\wbem moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\usmt moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool\prtprocs\w32x86 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool\prtprocs moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool\drivers\w32x86\3 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool\drivers\w32x86 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool\drivers\color moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool\drivers moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\spool moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\ShellExt moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\Setup moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\ras moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\setup moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\sample moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\images moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\html\oemreg moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\html\oemhw moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\html\oemcust moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\html\mouse moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\html\ispsgnup moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe\html moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\oobe moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\npp moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\mui\dispspec moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\mui\0009 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\mui moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\inetsrv moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\IME\TINTLGNT moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\IME\PINTLGNT moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\IME\CINTLGNT moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\IME moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\icsxml moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\ias moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\export moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\drivers\etc moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\drivers\disdn moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\drivers moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\dllcache moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\dhcp moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\config moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\3com_dmi moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\3076 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\2052 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1054 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1042 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1041 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1037 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1033 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1031 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1028 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32\1025 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system32 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\system moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\security\templates moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\security\logs moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\security moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources\Themes\Luna\Shell\NormalColor moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources\Themes\Luna\Shell\Metallic moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources\Themes\Luna\Shell\Homestead moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources\Themes\Luna\Shell moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources\Themes\Luna moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources\Themes moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Resources moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\repair moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\mui moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\msapps\msinfo moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\msapps moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\msagent\intl moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\msagent\chars moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\msagent moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Media moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\java\trustlib moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\java\classes moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\java moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\inf moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\ime\imejp98 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\ime\imejp\applets moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\ime\imejp moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\ime\CHTIME\Applets moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\ime\CHTIME moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\ime moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Help\Tours\mmTour moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Help\Tours\htmlTour moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Help\Tours moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Help moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Fonts moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Driver Cache\i386 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Driver Cache moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Debug\UserMode moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Debug moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Cursors moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Connection Wizard moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\Config moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\AppPatch moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1\addins moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004\Dd1 moved successfully.
e:\RECYCLER\S-1-5-21-1177238915-362288127-1801674531-1004 moved successfully.
e:\RECYCLER moved successfully.
f:\RECYCLER\S-1-5-21-1645522239-1606980848-839522115-1004 moved successfully.
f:\RECYCLER moved successfully.
g:\RECYCLER\S-1-5-21-3685698554-1690843657-1110412475-1003 moved successfully.
g:\RECYCLER\S-1-5-21-1645522239-1606980848-839522115-1004 moved successfully.
g:\RECYCLER moved successfully.
File\Folder h:\recycler not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.VALTE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Cucha
->Temp folder emptied: 304177744 bytes
File delete failed. C:\Documents and Settings\Cucha\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 45055464 bytes
->Java cache emptied: 221949 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138618 bytes
%systemroot%\System32 .tmp files removed: 3770897 bytes
File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_gvXnEX2BmmQWCXz scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_CEj0hnCA7J2c3tY scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_LUYjrqPNY7yH1Xk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_y3gxgzfqmyaVcuI scheduled to be deleted on reboot.
Windows Temp folder emptied: 3138775 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 340.97 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08162009_194427

DDS.TXT
DDS (Ver_09-07-30.01) - NTFSx86
Run by Cucha at 20:39:08.23 on Sun 08/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.332 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Cucha\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167172611361
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167172599533
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5378/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-7 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-7 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-11-7 144704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-11-7 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-7 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-7 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-7 40552]
R3 USB-100;USB 10/100 Ethernet Adapter;c:\windows\system32\drivers\USBER100.SYS [2006-12-26 23938]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\bitdefender\bitdefender 2009\bdvedisk.sys --> c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-2-7 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-2-7 166384]
S3 iscFlash;iscFlash;\??\c:\windows\system32\drivers\iscflash.sys --> c:\windows\system32\drivers\iscflash.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-7 34216]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-2-7 1112560]

=============== Created Last 30 ================

2009-08-16 20:31 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-16 20:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-16 19:44 <DIR> --d----- C:\_OTL
2009-08-12 17:08 <DIR> --d----- C:\DCE
2009-08-11 21:52 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-11 21:40 <DIR> a-dshr-- C:\cmdcons
2009-08-11 21:37 216,064 a------- c:\windows\PEV.exe
2009-08-11 21:37 161,792 a------- c:\windows\SWREG.exe
2009-08-11 21:37 98,816 a------- c:\windows\sed.exe
2009-08-11 19:37 0 a------- c:\documents and settings\cucha\settings.dat
2009-08-11 18:19 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-10 19:54 <DIR> --d----- c:\program files\Trend Micro
2009-08-05 21:35 <DIR> --d----- c:\program files\CCleaner
2009-08-03 19:45 1,152 a------- C:\reregisterie.cmd
2009-07-23 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-23 16:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-23 16:18 <DIR> --d----- c:\docume~1\cucha\applic~1\SUPERAntiSpyware.com
2009-07-22 14:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 14:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-22 14:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:22 61,224 a------- c:\documents and settings\cucha\GoToAssistDownloadHelper.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-27 08:22 78,576 a------- c:\docume~1\cucha\applic~1\GDIPFONTCACHEV1.DAT
2009-05-26 22:42 62,724 a---h--- c:\windows\system32\mlfcache.dat
2008-04-13 12:32 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-07-12 12:43 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071220080713\index.dat

============= FINISH: 20:41:20.87 ===============

ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x951230400+2
Install Date: 12/25/2006 7:56:54 PM
System Uptime: 8/16/2009 8:18:14 PM (0 hours ago)

Motherboard: Intel Corporation | | D845PT
Processor: Intel® Pentium® 4 CPU 1.60GHz | J1D1 | 1594/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 8.304 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 21 GiB total, 20.178 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 5.822 GiB free.
G: is FIXED (NTFS) - 30 GiB total, 30.239 GiB free.
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt

==== System Restore Points ===================

RP1020: 7/16/2009 5:15:57 AM - System Checkpoint
RP1021: 7/16/2009 5:15:58 AM - System Checkpoint
RP1022: 7/16/2009 5:15:59 AM - System Checkpoint
RP1023: 7/16/2009 5:16:01 AM - System Checkpoint
RP1024: 7/16/2009 5:16:03 AM - Software Distribution Service 3.0
RP1025: 7/17/2009 7:10:27 PM - System Checkpoint
RP1026: 7/18/2009 7:38:50 PM - System Checkpoint
RP1027: 7/20/2009 12:40:24 AM - System Checkpoint
RP1028: 7/21/2009 12:12:20 PM - System Checkpoint
RP1029: 7/22/2009 7:16:02 AM - Cleaned registry with Windows Live OneCare safety scanner
RP1030: 7/23/2009 12:09:15 PM - System Checkpoint
RP1031: 7/23/2009 4:18:20 PM - Installed SUPERAntiSpyware Free Edition
RP1032: 7/24/2009 6:27:00 AM - Removed SUPERAntiSpyware Free Edition
RP1033: 7/25/2009 3:01:46 PM - System Checkpoint
RP1034: 7/26/2009 3:12:31 PM - System Checkpoint
RP1035: 7/28/2009 7:30:37 PM - System Checkpoint
RP1036: 7/28/2009 8:00:21 PM - Software Distribution Service 3.0
RP1037: 7/29/2009 8:36:22 PM - System Checkpoint
RP1038: 7/31/2009 8:38:36 PM - System Checkpoint
RP1039: 8/2/2009 11:09:50 PM - System Checkpoint
RP1040: 8/4/2009 2:32:29 PM - System Checkpoint
RP1041: 8/5/2009 9:01:01 PM - Installed Windows NLSDownlevelMapping.
RP1042: 8/5/2009 9:01:50 PM - Installed Windows IDNMitigationAPIs.
RP1043: 8/5/2009 9:02:24 PM - Installed Windows Internet Explorer 7.
RP1044: 8/5/2009 10:17:22 PM - Removed TomTom HOME Visual Studio Merge Modules
RP1045: 8/5/2009 11:06:24 PM - Software Distribution Service 3.0
RP1046: 8/7/2009 4:12:35 PM - System Checkpoint
RP1047: 8/8/2009 10:33:09 PM - Installed Windows NLSDownlevelMapping.
RP1048: 8/8/2009 10:34:00 PM - Installed Windows IDNMitigationAPIs.
RP1049: 8/8/2009 10:34:35 PM - Installed Windows Internet Explorer 7.
RP1050: 8/9/2009 6:25:43 PM - Software Distribution Service 3.0
RP1051: 8/10/2009 7:12:44 PM - System Checkpoint
RP1052: 8/10/2009 9:17:53 PM - Software Distribution Service 3.0
RP1053: 8/11/2009 8:00:23 PM - Software Distribution Service 3.0
RP1054: 8/12/2009 5:45:16 PM - Removed BeatportDownloader
RP1055: 8/14/2009 12:53:31 AM - System Checkpoint
RP1056: 8/15/2009 5:10:46 PM - System Checkpoint
RP1057: 8/16/2009 5:32:51 PM - System Checkpoint
RP1058: 8/16/2009 8:09:14 PM - Removed Adobe Reader 8.1.3
RP1059: 8/16/2009 8:12:48 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP1060: 8/16/2009 8:30:22 PM - Installed Java™ 6 Update 16

==== Installed Programs ======================

6300
6300_Help
6300Trb
AAC Decoder
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avery Wizard 3.1
Bonjour
BufferChm
CCleaner (remove only)
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DeviceManagementQFolder
DirectXInstallService
DivX Converter
DivX Version Checker
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
ERUNT 1.1j
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Toolbar for Internet Explorer
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
iTunes
Java™ 6 Update 16
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
neroxml
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
PhotoGallery
PrintKey2000
ProductContextNPI
QuickTime
RandMap
Readme
RealPlayer
Rhapsody Player Engine
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio Update Manager
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SkinsHP1
SlideShow
SolutionCenter
Sonic CinePlayer Decoder Pack
Sonic_PrimoSDK
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Sound Forge 7.0
SoulSeek Client 156c
Status
Symantec Technical Support Web Controls
TomTom HOME 2.6.2.1586
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Verizon Broadband Toolbar
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/16/2009 8:11:33 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/16/2009 7:44:28 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
8/16/2009 7:44:28 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
8/16/2009 7:44:28 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
8/16/2009 7:44:28 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
8/16/2009 7:44:28 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/16/2009 7:44:28 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/16/2009 7:44:28 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
8/16/2009 7:44:28 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/16/2009 7:44:28 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/16/2009 4:29:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif SASKUTIL
8/16/2009 4:29:16 PM, error: Service Control Manager [7000] - The BDVEDISK service failed to start due to the following error: The system cannot find the path specified.
8/16/2009 3:40:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 10 service to connect.
8/14/2009 8:39:35 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/12/2009 5:48:52 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Officejet 6300 series fax share name HP Officejet 6300 series fax.
8/11/2009 9:51:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/11/2009 9:45:23 PM, error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
8/11/2009 9:45:21 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2009 8:46:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x951230400+2'. It has stopped monitoring the volume.

==== End Of File ===========================

Note that OTL freed up nearly 341 MB of space by deleting all sorts of temp files.

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!
If you are not mmv and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

=
Place your USB flash drives in-place so that some of these programs will be able to find them.

I'm going to have you get and run two utilities.
The first stops automatic use of the AutoRun feature of XP. The second will write to any connected devices a Read-only, System protected Autorun.inf file on all of your hard drives, and all connected removable storage devices.

Download and Install Microsoft's TweakUI:
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
Obtain and install TweakUI (part of the PowerToys for Windows XP package), and then start TweakUI.
Expand the My Computer branch, then the AutoPlay branch, and then select Drives.
Turn off the checkbox next to every drive letter to disable AutoPlay -- except your CD/DVD drive letters.

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
http://download.bleepingcomputer.com/sUBs/...Disinfector.exe
There is no GUI interface or log file produced.
=

Delete the copy of Combofix ! (the red lion icon on your desktop)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

1. Close any open browsers.

2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

=
I'm suggesting you get and use the MVP Hosts file to reduce your exposure to ads on websites, and more important, to block known malware sites.
Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:
1) Download and SAVE the zip file to a temporary folder
2) Unzip (extract the contents) in the same folder
3) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides
typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:


Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts
The latter is the same folder that had mvps.bat

=
We are at the end of hunt for malware. Your issues with IE have to do with unexpected closures of IE browser (which happen from time to time). Those are not malware related.

You mentioned
The appcompat file is related to Windows error reporting back to Microsoft. You'd see a message from time to time about it.
You always have the option of NOT sending an error report when prompted.

Reply with copy of C:\Combofix.txt
After I see and review that, I expect to proceed to guide you to remove tools and then close this thread.

Hello - Just a question:

Download and Install Microsoft's TweakUI:
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
Obtain and install TweakUI (part of the PowerToys for Windows XP package), and then start TweakUI.
Expand the My Computer branch, then the AutoPlay branch, and then select Drives.
Turn off the checkbox next to every drive letter to disable AutoPlay -- except your CD/DVD drive letters.

When I ran TweakUI- Nothing was selected, I put a check on the CD/DVD drive. Is this correct?

Thank you-

I was going through the next step:

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
http://download.bleepingcomputer.com/sUBs/...Disinfector.exe
There is no GUI interface or log file produced.

When I click on the link and click on save- I get a message from Mcafee Detected: Generic.dx (Trojan), Generic.dx (Trojan) Location: C:\Documents and Settings\Cucha\Local Settings\Temporary Internet Files\Content.IE5\VGXBKQNO\Flash_Disinfector[1].exe

and then get an error message: "Error copying file or folder make sure the disk is not full or write-protected and that the file is not currently in use.."

Please advise.

Yes, correct.
As to Flashdrive disinfector and your antivirus, it is squawking about it, but it is a false positive, if you will.
Temp disable your AV. Then run the Flash drive disinfector.
Last, re-enable your AV.

Then continue with all other steps I outlined. Then get me a copy of the Combofix log.

Hello Maurice Naggar-

ComboFix.Txt

ComboFix 09-08-10.06 - Cucha 08/18/2009 18:01.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.404 [GMT -4:00]
Running from: c:\documents and settings\Cucha\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Cucha\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\recycler"
"C:\resycled"
"D:\recycler"
"d:\resycled"
"e:\recycler"
"e:\resycled"
"f:\recycler"
"f:\resycled"
"g:\recycler"
"g:\resycled"
"h:\recycler"
"h:\resycled"
"i:\recycler"
"i:\resycled"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Cucha\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Cucha\Local Settings\Temp\catchme.dll


.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 00:27 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-08-17 01:12 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Cucha\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-17 01:11 . 2009-08-17 01:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-17 01:09 . 2009-08-17 01:09 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-17 01:08 . 2009-08-17 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-17 00:31 . 2009-08-17 00:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-16 23:44 . 2009-08-16 23:44 -------- d-----w- C:\_OTL
2009-08-12 21:08 . 2009-08-13 00:53 -------- d-----w- C:\DCE
2009-08-11 23:37 . 2009-08-11 23:37 0 ----a-w- c:\documents and settings\Cucha\settings.dat
2009-08-11 22:39 . 2009-08-11 22:39 -------- d-----w- c:\program files\ERUNT
2009-08-11 00:06 . 2009-08-11 00:06 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-10 23:54 . 2009-08-10 23:54 -------- d-----w- c:\program files\Trend Micro
2009-08-06 01:35 . 2009-08-06 01:35 -------- d-----w- c:\program files\CCleaner
2009-08-03 23:45 . 2009-08-03 23:45 1152 ----a-w- C:\reregisterie.cmd
2009-07-23 20:18 . 2009-07-23 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 20:18 . 2009-07-24 10:27 -------- d-----w- c:\documents and settings\Cucha\Application Data\SUPERAntiSpyware.com
2009-07-23 20:18 . 2009-07-24 10:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 18:19 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 18:19 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 18:19 . 2009-08-11 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 01:14 . 2007-01-06 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 00:30 . 2007-03-18 14:18 -------- d-----w- c:\program files\Java
2009-08-13 23:10 . 2008-11-08 00:35 -------- d-----w- c:\program files\McAfee
2009-08-09 17:42 . 2008-10-06 04:07 -------- d-----w- c:\documents and settings\Cucha\Application Data\U3
2009-08-06 02:16 . 2009-05-06 16:56 -------- d-----w- c:\program files\Coupons
2009-08-05 09:01 . 2001-08-30 10:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 20:52 . 2006-12-27 07:31 -------- d-----w- c:\program files\Google
2009-07-26 11:55 . 2008-11-08 01:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-21 22:55 . 2008-07-09 22:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-17 19:01 . 2001-08-30 10:30 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 22:07 . 2009-07-16 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\14434064
2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 23:09 . 2008-11-08 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-08 17:53 . 2008-04-13 16:28 -------- d-----w- c:\program files\Common Files\Skype
2009-07-08 17:52 . 2007-02-14 02:14 -------- d--h--w- c:\documents and settings\Cucha\Application Data\Move Networks
2009-07-03 17:02 . 2007-12-04 07:47 -------- d-----w- c:\program files\VideoLAN
2009-07-03 16:49 . 2009-07-03 16:49 -------- d-----w- c:\documents and settings\Cucha\Application Data\vlc
2009-06-29 16:12 . 2004-01-08 20:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-30 10:30 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-20 18:44 . 2009-06-20 18:44 390664 ----a-w- c:\documents and settings\Cucha\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-17 16:06 . 2009-01-05 00:04 1915520 -c--a-w- c:\documents and settings\Cucha\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-16 14:36 . 2001-08-30 10:30 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-30 10:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2001-08-30 10:30 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:22 . 2009-06-10 14:22 61224 ----a-w- c:\documents and settings\Cucha\GoToAssistDownloadHelper.exe
2009-06-10 14:13 . 2001-08-30 10:30 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2006-12-26 00:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2001-08-30 10:30 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2001-08-30 10:30 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 02:42 . 2009-05-27 02:42 62724 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-12_01.51.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-18 22:18 . 2009-08-18 22:18 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
- 2006-12-26 00:56 . 2009-08-11 22:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-26 00:56 . 2009-08-18 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-26 00:56 . 2009-08-18 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-26 00:56 . 2009-08-11 22:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-26 00:56 . 2009-08-18 21:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-12-26 00:56 . 2009-08-11 22:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-17 01:12 . 2009-08-17 01:12 20480 c:\windows\Installer\309800.msi
+ 2009-08-17 01:11 . 2009-08-17 01:11 26624 c:\windows\Installer\3097f8.msi
- 2006-12-27 00:47 . 2009-06-11 00:08 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-08-17 00:31 . 2009-08-17 00:30 149280 c:\windows\system32\javaws.exe
+ 2009-08-17 00:31 . 2009-08-17 00:30 145184 c:\windows\system32\javaw.exe
+ 2009-08-17 00:31 . 2009-08-17 00:30 145184 c:\windows\system32\java.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-12-27 00:47 . 2009-06-11 00:08 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-12-27 00:47 . 2009-08-17 04:32 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-08-17 00:30 . 2009-08-17 00:30 1757696 c:\windows\Installer\af4e1.msi
+ 2009-08-17 01:15 . 2009-08-17 01:15 3938816 c:\windows\Installer\309808.msi
+ 2009-08-18 00:16 . 2009-08-18 00:16 6653952 c:\windows\Installer\17a4f2.msp
+ 2009-08-18 00:19 . 2009-08-18 00:19 1697792 c:\windows\Installer\17a4f1.msp
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-07-20 16:03 . 2009-07-20 16:03 16465408 c:\windows\Installer\e8775f.msp
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 20:55 . 2007-09-07 20:55 267064 c:\itunes\bak\iTunesHelper.exe
2008-11-20 18:20 . 2008-11-20 18:20 290088 c:\itunes\iTunesHelper.exe

2006-12-27 07:31 . 2006-12-27 07:31 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2009-04-04 17:41 . 2009-04-04 17:41 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-09-03 07:04 . 2007-01-10 02:59 115816 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2008-11-04 15:30 . 2008-11-04 15:30 413696 c:\program files\QuickTime\QTTask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-04 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4175:TCP"= 4175:TCP:slsk

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/7/2008 8:42 PM 206096]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
R3 USB-100;USB 10/100 Ethernet Adapter;c:\windows\system32\drivers\USBER100.SYS [12/26/2006 6:34 PM 23938]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2/7/2008 12:07 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2/7/2008 12:07 PM 166384]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2/7/2008 12:06 PM 1112560]
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 15:53]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-08-18 18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 22:31
ComboFix2.txt 2009-08-12 01:54

Pre-Run: 8,407,633,920 bytes free
Post-Run: 8,368,476,160 bytes free

286 --- E O F --- 2009-08-17 04:33

I see that you are clear of your rootkit & malware infections.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

Use Control Panel's Add-or-Remove Programs to de-install Kaspersky online scan.

We have to remove Combofix and all its associated folders.
By whichever name you named it, ( you had named it combo-fix ), put that name in the RUN box stated just below.
The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after x and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Click Start, then click Run.
  
  In the command box that opens, type or copy/paste combo-fix /u and then click OK.

• Please double-click OTL.exe to run it.
• Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Delete the Rootrepeal downloads and rootrepeal.exe

Delete the SYSCLEAN downloads and the C:\DCE folder

• Run ATF Cleaner, and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program. You can delete or keep this utility as you wish.
  
• You may reset your Windows Explorer {My Computer} Folder Options > VIEW settings back to where they had been before. {under hidden files & folders to not show hidden or system files -and- to "hide protected operating system files" }
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Download and Install Windows Defender by Microsoft (free) if you do not already have it:
  http://www.microsoft.com/downloads/details...A4-F7F14E605A0D
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in WinXP:
  http://support.microsoft.com/kb/306525
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  Kaspersky Webscan Online Virus Scanner
  
  ESET Online Scanner
  
  Panda ActiveScan
  
  Trend Micro Housecall
  
  F-Secure Online Scanner
  
• Read Tony Klein's article How Did I Get Infected In The First Place
  
• Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !
  
  Finally, spend some time reading about how to keep your computer safe on the Internet: http://www.bleepingcomputer.com/tutorials/tutorial82.html

We are finished here. Best regards.

The advice and procedures used here were only for this system and not to be followed on any other.
If you are a casual viewer and have similar issues, follow forum procedure and start your own topic.