24 replies to this topic

[jcommerce]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/17/2006 5:37:51 PM System Uptime: 8/1/2009 11:45:49 PM (11 hours ago) Motherboard: Dell Inc. | | 0J3492 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 149 GiB total, 20.067 GiB free. D: is CDROM (CDFS) F: is FIXED (NTFS) - 1397 GiB total, 1393.588 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1029: 5/2/2009 10:31:50 PM - System Checkpoint RP1030: 5/3/2009 10:54:50 PM - System Checkpoint RP1031: 5/5/2009 6:55:13 AM - System Checkpoint RP1032: 5/6/2009 7:42:20 AM - System Checkpoint RP1033: 5/7/2009 8:18:21 AM - System Checkpoint RP1034: 5/8/2009 9:19:26 AM - System Checkpoint RP1035: 5/8/2009 11:35:04 PM - Installed QuickTime RP1036: 5/10/2009 6:12:50 AM - System Checkpoint RP1037: 5/11/2009 6:26:55 AM - System Checkpoint RP1038: 5/12/2009 7:30:19 AM - System Checkpoint RP1039: 5/13/2009 8:18:20 AM - System Checkpoint RP1040: 5/14/2009 9:18:19 AM - System Checkpoint RP1041: 5/15/2009 10:06:20 AM - System Checkpoint RP1042: 5/17/2009 1:05:19 PM - System Checkpoint RP1043: 5/18/2009 2:36:35 PM - System Checkpoint RP1044: 5/19/2009 3:13:43 PM - System Checkpoint RP1045: 5/20/2009 4:30:54 PM - System Checkpoint RP1046: 5/21/2009 5:02:21 PM - System Checkpoint RP1047: 5/22/2009 6:02:22 PM - System Checkpoint RP1048: 5/23/2009 6:14:21 PM - System Checkpoint RP1049: 5/24/2009 7:26:21 PM - System Checkpoint RP1050: 5/25/2009 8:38:22 PM - System Checkpoint RP1051: 5/27/2009 7:03:52 AM - System Checkpoint RP1052: 6/4/2009 6:29:49 AM - System Checkpoint RP1053: 6/5/2009 6:47:34 AM - System Checkpoint RP1054: 6/6/2009 7:50:22 AM - System Checkpoint RP1055: 6/7/2009 8:42:38 AM - System Checkpoint RP1056: 6/8/2009 9:02:21 AM - System Checkpoint RP1057: 6/9/2009 9:14:21 AM - System Checkpoint RP1058: 6/10/2009 10:02:21 AM - System Checkpoint RP1059: 6/11/2009 10:44:22 AM - System Checkpoint RP1060: 6/12/2009 11:02:53 AM - System Checkpoint RP1061: 6/13/2009 12:14:22 PM - System Checkpoint RP1062: 6/14/2009 12:26:22 PM - System Checkpoint RP1063: 6/15/2009 1:26:22 PM - System Checkpoint RP1064: 6/16/2009 2:50:22 PM - System Checkpoint RP1065: 6/17/2009 3:02:21 PM - System Checkpoint RP1066: 6/18/2009 3:50:21 PM - System Checkpoint RP1067: 6/19/2009 4:02:22 PM - System Checkpoint RP1068: 6/20/2009 5:46:19 PM - System Checkpoint RP1069: 6/21/2009 6:26:21 PM - System Checkpoint RP1070: 6/22/2009 6:38:21 PM - System Checkpoint RP1071: 6/23/2009 7:02:22 PM - System Checkpoint RP1072: 6/24/2009 8:02:21 PM - System Checkpoint RP1073: 6/25/2009 8:14:22 PM - System Checkpoint RP1074: 6/27/2009 8:24:24 PM - Removed WeatherBug RP1075: 6/29/2009 10:01:57 PM - System Checkpoint RP1076: 7/2/2009 2:54:20 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter RP1077: 7/2/2009 2:54:56 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter RP1078: 7/2/2009 2:56:27 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter RP1079: 7/4/2009 11:38:12 AM - Software Distribution Service 3.0 RP1080: 7/4/2009 12:00:59 PM - Software Distribution Service 3.0 RP1081: 7/4/2009 4:12:06 PM - Software Distribution Service 3.0 RP1082: 7/4/2009 7:08:11 PM - Printer Driver Microsoft XPS Document Writer Installed RP1083: 7/4/2009 7:58:07 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter RP1084: 7/5/2009 12:08:42 AM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter RP1085: 7/5/2009 1:17:11 AM - Restore Operation RP1086: 7/5/2009 1:26:51 AM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter RP1087: 7/6/2009 7:38:05 AM - System Checkpoint RP1088: 7/7/2009 7:44:02 AM - System Checkpoint RP1089: 7/8/2009 8:45:07 AM - System Checkpoint RP1090: 7/9/2009 9:44:02 AM - System Checkpoint RP1091: 7/10/2009 10:44:02 AM - System Checkpoint RP1092: 7/11/2009 12:17:32 PM - System Checkpoint RP1093: 7/12/2009 12:44:02 PM - System Checkpoint RP1094: 7/13/2009 1:43:15 PM - System Checkpoint RP1095: 7/14/2009 1:44:02 PM - System Checkpoint RP1096: 7/15/2009 2:44:04 PM - System Checkpoint RP1097: 7/16/2009 3:44:02 PM - System Checkpoint RP1098: 7/17/2009 4:44:02 PM - System Checkpoint RP1099: 7/18/2009 5:44:02 PM - System Checkpoint RP1100: 7/19/2009 7:05:02 PM - Installed Envara Configuration Utility RP1101: 7/19/2009 9:20:40 PM - Installed Microsoft Visual C++ 2005 Redistributable RP1102: 7/21/2009 12:06:20 AM - System Checkpoint RP1103: 7/22/2009 1:02:25 AM - System Checkpoint RP1104: 7/23/2009 2:01:24 AM - System Checkpoint RP1105: 7/24/2009 3:01:20 AM - System Checkpoint RP1106: 7/25/2009 4:01:24 AM - System Checkpoint RP1107: 7/26/2009 4:41:06 AM - System Checkpoint RP1108: 7/26/2009 6:36:36 PM - Installed Garmin City Navigator North America NT 2009 Update RP1109: 7/27/2009 6:41:04 PM - System Checkpoint RP1110: 7/28/2009 7:41:02 PM - System Checkpoint RP1111: 7/29/2009 8:09:44 PM - Installed Seagate Manager Installer RP1112: 7/29/2009 8:12:55 PM - Configured Seagate Manager Installer RP1113: 7/30/2009 8:30:24 PM - System Checkpoint RP1114: 8/2/2009 12:21:37 AM - System Checkpoint ==== Installed Programs ====================== µTorrent Ad-Aware Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0.5 Language Support Adobe Reader 7.1.0 Adobe® Photoshop® Album Starter Edition 3.0 Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center Audio Creator LE AutoUpdate Bonjour Compatibility Pack for the 2007 Office system CopyTrans Suite Remove Only Critical Update for Windows Media Player 11 (KB959772) DivX Codec DivX Version Checker DVD Decrypter (Remove Only) DVDtoGO Garmin City Navigator North America NT 2009 Update Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) InFlac 1.1.1 iTunes Java™ 6 Update 13 Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 5 Java™ 6 Update 7 LimeWire 5.1.4 Magical Jelly Bean SHN Shortener (remove only) Malwarebytes' Anti-Malware McAfee SecurityCenter MediaCoder 0.6.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Small Business Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) Nero 7 Ultra Edition neroxml NETGEAR WG111v3 wireless USB 2.0 adapter OpenOffice.org Installer 1.0 QuickTime Seagate Manager Installer Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) SoulSeek 157 NS 13e Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VC80CRTRedist - 8.0.50727.762 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 ATL (x86) WinSXS MSM Visual C++ 8.0 CRT (x86) WinSXS MSM Vuze Vuze Toolbar Winamp Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 8/1/2009 9:33:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. 8/1/2009 9:26:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 8/1/2009 9:17:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 8/1/2009 4:57:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT NHostNT1 OMCI RasAcd Rdbss Tcpip 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The Retrospect Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 4:57:27 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2009 2:20:43 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume. 8/1/2009 2:13:39 PM, error: NETLOGON [5719] - No Domain Controller is available for domain COMMERCECRG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 8/1/2009 12:43:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/1/2009 12:43:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 8/1/2009 12:05:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} 8/1/2009 12:04:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk NHostNT1 OMCI ==== End Of File =========================== DDS (Ver_09-07-30.01) - NTFSx86 Run by JFairclough at 10:51:29.37 on Sun 08/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1381 [GMT -6:00] AV: AVG 7.5.516 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1} AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\system32\QosServM.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dantz\Client\Remotsvc.exe C:\Program Files\Dantz\Client\retroclient.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\QuickTime\QuickTimePlayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\jfairclough\Local Settings\Temporary Internet Files\Content.IE5\MK8PN7U9\dds[1].pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya ip softphone\AvayaWebDial.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [EFI Job Monitor] c:\windows\system32\rundll32.exe c:\windows\system32\spool\drivers\w32x86\3\efjm.dll,run uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" StartupFolder: c:\docume~1\jfairc~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\jfairclough\application data\leadertech\powerregister\Seagate 2GEY20ZG Product Registration.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe mPolicies-system: MaxGPOScriptWait = 1000 (0x3e8) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: musicmatch.com\online DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246727255546 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246727232625 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-1 64160] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-21 201320] R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2006047);c:\windows\system32\drivers\NHOSTNT1.SYS [2006-5-18 90896] R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-17 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-17 234888] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-7-21 359248] R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-7-21 144704] R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2006047);c:\program files\danware data\netop remote control\host\NHOSTSVC.EXE [2006-5-18 1196304] R2 Retrospect Client;Retrospect Client;c:\program files\dantz\client\RemotSvc.exe [2006-5-18 57344] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-21 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-21 35240] R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2006047) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2006-5-18 3216] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-21 33832] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-21 40488] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-7-21 695624] =============== Created Last 30 ================ 2009-08-01 23:31 <DIR> --d----- c:\docume~1\jfairc~1\applic~1\Malwarebytes 2009-08-01 22:13 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-08-01 21:32 <DIR> a-dshr-- C:\cmdcons 2009-08-01 21:30 219,648 a------- c:\windows\PEV.exe 2009-08-01 21:30 161,792 a------- c:\windows\SWREG.exe 2009-08-01 21:30 98,816 a------- c:\windows\sed.exe 2009-08-01 14:53 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-01 14:52 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-01 14:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-01 14:38 <DIR> --d----- c:\program files\Video Server E 2009-08-01 13:28 <DIR> --d----- c:\program files\Trend Micro 2009-08-01 11:47 15,688 a------- c:\windows\system32\lsdelete.exe 2009-08-01 09:41 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-08-01 09:38 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-01 09:38 <DIR> --d----- c:\program files\Lavasoft 2009-07-29 20:10 <DIR> --d----- c:\program files\Seagate 2009-07-29 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate 2009-07-26 18:36 <DIR> --d----- C:\Garmin 2009-07-25 13:23 <DIR> --d----- c:\docume~1\jfairc~1\applic~1\GARMIN 2009-07-19 21:21 <DIR> --d----- c:\docume~1\jfairc~1\applic~1\Cakewalk 2009-07-19 21:20 368,640 a------- c:\windows\system32\ReWire.dll 2009-07-19 21:20 <DIR> --d----- c:\program files\Cakewalk 2009-07-07 23:09 <DIR> --dsh--- c:\documents and settings\jfairclough\IECompatCache 2009-07-05 13:35 <DIR> --d----- c:\docume~1\jfairc~1\applic~1\LimeWire 2009-07-05 13:33 <DIR> --d----- c:\program files\LimeWire 2009-07-05 01:18 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-07-05 00:09 <DIR> --d----- C:\OEMSettings 2009-07-04 19:39 <DIR> --dsh--- c:\documents and settings\jfairclough\PrivacIE 2009-07-04 19:33 3,251 a------- c:\windows\system32\wbem\Outlook_01c9fd109e480496.mof 2009-07-04 19:29 <DIR> --dsh--- c:\documents and settings\jfairclough\IETldCache 2009-07-04 18:52 <DIR> --d----- c:\windows\system32\XPSViewer 2009-07-04 18:51 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-04 18:51 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-07-04 18:51 117,760 -------- c:\windows\system32\prntvpt.dll 2009-07-04 18:51 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-07-04 18:51 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-07-04 18:51 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-07-04 18:51 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-07-04 18:50 <DIR> --d----- c:\windows\SxsCaPendDel 2009-07-04 16:21 <DIR> --d----- c:\windows\system32\KB905474 2009-07-04 15:54 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-07-04 15:54 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb 2009-07-04 15:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-07-04 15:52 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-07-04 15:50 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-07-04 15:49 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2009-07-04 15:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-07-04 15:48 331,776 -c------ c:\windows\system32\dllcache\msadce.dll 2009-07-04 15:47 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-07-04 15:45 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-07-04 15:45 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-07-04 12:23 <DIR> --d----- c:\windows\system32\scripting 2009-07-04 12:23 <DIR> --d----- c:\windows\l2schemas 2009-07-04 12:23 <DIR> --d----- c:\windows\system32\en 2009-07-04 12:23 <DIR> --d----- c:\windows\system32\bits 2009-07-04 12:15 <DIR> --d----- c:\windows\network diagnostic 2009-07-04 11:58 136,192 -------- c:\windows\system32\aaclient.dll 2009-07-04 11:08 23,576 a------- c:\windows\system32\wuapi.dll.mui ==================== Find3M ==================== 2009-07-04 12:27 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll 2008-04-03 09:22 256 a------- c:\documents and settings\jfairclough\pool.bin 2007-12-28 15:02 287,232 a------- c:\windows\inf\wg111v3\wg111v3.sys 2007-12-28 14:59 342,528 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys 2007-11-27 17:53 63,488 a------- c:\windows\inf\wg111v3\SetDrv64.exe 2007-11-27 17:52 32,768 a------- c:\windows\inf\wg111v3\SetDrv.exe 2006-12-15 11:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe 2006-12-15 11:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe 2006-12-15 11:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe 2006-12-15 11:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe 2006-12-15 11:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE ============= FINISH: 10:51:58.39 ===============

[CatByte]

Hi,

That log looks good.

Just some housekeeping to do now,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Please download JavaRa to your desktop and unzip it to its own folder.

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
• Scroll down to the Java SE Runtime Environment (JRE) option.
• Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 14)

NEXT

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Now to remove the rest of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them
  Then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

[jcommerce]

Latest DDS reports above. The computer is definitely running better now although I haven't messed with it too much as we've been goin through this process. Of the little bit I've checked the internet, it is running clean and fast. A couple of questions: 1) Do I need to delete any of these scanning programs we've installed? 2) Do you advise that I have Malwarebytes running full/real-time from now on and, if so, are there any particular settings I should have it on (also, should I uninstall Ad-aware and spybot if I continue to keep Malwarebytes? 3) Any other recommended settings?

[jcommerce]

LOL, you're quick, you beat me to it. I will follow your instructions above now.

[CatByte]

Keep MalwareBytes, it's a good program to have, keep it updated and run a scan every once in a while. you can keep or get rid of the other two - up to you.

[jcommerce]

Thank you so very much CB! You were very helpful, lightning fast responsive, and helped solve my main issue and more. I'm going to give you a 5 Star rating and donate to WTT! Thanks again!

Edited by jcommerce, 02 August 2009 - 12:08 PM.

[CatByte]

You are more than welcome, and that is very generous of you, thank-you stay safe ~CB

[jcommerce]

Donation made to CatByte! Thanks again!

[CatByte]

Thank-you for your kind donation

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.