Solved Followed 7-step Removal Process, here are logs

Status
Not open for further replies.
B

bbanks72

Posts: 38   +0
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7093

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 9:07:59 PM
mbam-log-2011-07-12 (21-07-59).txt

Scan type: Quick scan
Objects scanned: 258767
Time elapsed: 37 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-12 22:23:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: wvbgr6ux.exe; Driver: C:\DOCUME~1\Bryan\LOCALS~1\Temp\pwtdapod.sys


---- System - GMER 1.0.15 ----

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Bryan at 22:29:38 on 2011-07-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.387 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Documents and Settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dlbucoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.charter.net/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: N/A: {d73f49b6-b51b-4d32-a3b7-bd04b8342f53} - c:\program files\morpheusbar\srchastt\2.bin\MBSRCAS.DLL
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
BHO: {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} - c:\program files\morpheusbar\bar\2.bin\MORPHBAR.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Sonic RecordNow!]
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ZingSpooler] c:\program files\easy upload tools\drivers\spooler\ZingSpooler.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM]
mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\bryan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bryan\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\documents and settings\bryan\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
Trusted Zone: musicmatch.com\online
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://myvpn.ford.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38
TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
TCP: Interfaces\{344CA7AE-E4CE-4917-86A7-5B01A7F57C2F} : DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: orkxaa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-7-10 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-7-10 82120]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-3 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-3 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-3 656320]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2011-7-10 68064]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-3 233976]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2011-7-10 215648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-26 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-8-1 24652]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2011-7-10 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2011-7-10 61088]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 WinDriver;WinDriver kernel module;c:\windows\system32\drivers\windrvr.sys [2004-7-11 215640]
S0 fnyozi;fnyozi;c:\windows\system32\drivers\qpedfh.sys --> c:\windows\system32\drivers\qpedfh.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 mrtRate;mrtRate; [x]
S3 ba304;ba304;\??\c:\docume~1\bryan\locals~1\temp\ba304.sys --> c:\docume~1\bryan\locals~1\temp\ba304.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 CVDMINDV;CVDMINDV;\??\c:\docume~1\bryan\locals~1\temp\cvdmindv.sys --> c:\docume~1\bryan\locals~1\temp\CVDMINDV.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 imsfs;imsfs;c:\docume~1\kaylie\locals~1\temp\imsfs.sys [2007-7-14 17920]
S3 iserial;iserial;\??\c:\docume~1\bryan\locals~1\temp\iserial.sys --> c:\docume~1\bryan\locals~1\temp\iserial.sys [?]
S3 lpsched;lpsched;\??\c:\docume~1\bryan\locals~1\temp\lpsched.sys --> c:\docume~1\bryan\locals~1\temp\lpsched.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-1 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-1 40552]
S3 omouhid;omouhid;\??\c:\docume~1\bryan\locals~1\temp\omouhid.sys --> c:\docume~1\bryan\locals~1\temp\omouhid.sys [?]
S3 qtape;qtape;\??\c:\docume~1\bryan\locals~1\temp\qtape.sys --> c:\docume~1\bryan\locals~1\temp\qtape.sys [?]
S3 rati1tux;rati1tux;c:\docume~1\kaylie\locals~1\temp\rati1tux.sys [2005-12-6 17920]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-12 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-12 1117144]
S3 ssmbali;ssmbali;\??\c:\docume~1\bryan\locals~1\temp\ssmbali.sys --> c:\docume~1\bryan\locals~1\temp\ssmbali.sys [?]
S3 ta311;ta311;\??\c:\docume~1\bryan\locals~1\temp\ta311.sys --> c:\docume~1\bryan\locals~1\temp\ta311.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2001-1-8 15576]
S3 xusbuhci;xusbuhci;\??\c:\docume~1\bryan\locals~1\temp\xusbuhci.sys --> c:\docume~1\bryan\locals~1\temp\xusbuhci.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter security suite\anti-virus\win2k\fsfilter.sys [2011-7-10 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter security suite\anti-virus\win2k\fsrec.sys [2011-7-10 25184]
.
=============== Created Last 30 ================
.
2011-07-13 00:48:02 -------- d-----w- C:\savw_97_sa
2011-07-10 18:42:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-07-10 18:38:39 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-07-10 18:24:53 -------- d-----w- c:\program files\Charter Security Suite
2011-07-10 18:18:20 -------- d-----w- c:\documents and settings\all users\application data\fssg
2011-07-10 18:16:39 -------- d-----w- c:\documents and settings\all users\application data\f-secure
.
==================== Find3M ====================
.
2011-06-18 14:35:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-04 14:13:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-04 14:13:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 00:57:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2005-10-02 12:26:15 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 22:35:13.85 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2004 9:39:54 PM
System Uptime: 7/12/2011 7:00:52 PM (3 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 79.516 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 815.995 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2441: 5/14/2011 5:40:34 AM - System Checkpoint
RP2442: 5/14/2011 8:06:12 PM - System Checkpoint
RP2443: 5/15/2011 8:41:56 PM - System Checkpoint
RP2444: 5/16/2011 10:14:11 PM - System Checkpoint
RP2445: 5/17/2011 10:29:15 PM - System Checkpoint
RP2446: 5/18/2011 11:20:11 PM - System Checkpoint
RP2447: 5/20/2011 8:56:11 AM - System Checkpoint
RP2448: 5/21/2011 12:30:02 PM - System Checkpoint
RP2449: 5/22/2011 1:20:16 PM - System Checkpoint
RP2450: 5/23/2011 4:43:35 PM - System Checkpoint
RP2451: 5/24/2011 5:21:26 PM - System Checkpoint
RP2452: 5/25/2011 6:21:23 PM - System Checkpoint
RP2453: 5/26/2011 6:43:15 PM - System Checkpoint
RP2454: 5/27/2011 7:43:15 PM - System Checkpoint
RP2455: 5/28/2011 9:25:37 PM - System Checkpoint
RP2456: 5/29/2011 9:55:25 PM - System Checkpoint
RP2457: 5/30/2011 10:44:21 PM - System Checkpoint
RP2458: 6/1/2011 1:13:29 AM - System Checkpoint
RP2459: 6/2/2011 1:37:39 AM - System Checkpoint
RP2460: 6/3/2011 10:04:58 AM - System Checkpoint
RP2461: 6/4/2011 9:49:01 AM - Removed Adobe Reader 8.2.6
RP2462: 6/4/2011 9:51:51 AM - Installed Adobe Reader X (10.0.1).
RP2463: 6/5/2011 11:05:52 AM - System Checkpoint
RP2464: 6/6/2011 11:42:03 AM - System Checkpoint
RP2465: 6/7/2011 11:49:16 AM - System Checkpoint
RP2466: 6/8/2011 7:12:05 PM - System Checkpoint
RP2467: 6/9/2011 11:01:31 PM - System Checkpoint
RP2468: 6/11/2011 7:41:07 PM - System Checkpoint
RP2469: 6/13/2011 9:55:50 AM - System Checkpoint
RP2470: 6/15/2011 9:49:48 AM - System Checkpoint
RP2471: 6/16/2011 6:13:31 PM - System Checkpoint
RP2472: 6/17/2011 6:52:32 PM - System Checkpoint
RP2473: 6/25/2011 10:05:09 AM - System Checkpoint
RP2474: 6/26/2011 10:55:42 AM - System Checkpoint
RP2475: 6/27/2011 12:22:58 PM - System Checkpoint
RP2476: 6/28/2011 12:48:04 PM - System Checkpoint
RP2477: 6/29/2011 2:39:13 PM - System Checkpoint
RP2478: 6/30/2011 2:40:52 PM - System Checkpoint
RP2479: 7/1/2011 2:49:56 PM - System Checkpoint
RP2480: 7/2/2011 3:12:21 PM - System Checkpoint
RP2481: 7/3/2011 3:38:36 PM - System Checkpoint
RP2482: 7/4/2011 5:16:14 PM - System Checkpoint
RP2483: 7/5/2011 6:33:21 PM - System Checkpoint
RP2484: 7/6/2011 8:45:10 PM - System Checkpoint
RP2485: 7/7/2011 8:09:48 PM - Removed Ask Toolbar.
RP2486: 7/7/2011 8:12:13 PM - Removed WeatherBug
RP2487: 7/8/2011 8:30:28 PM - System Checkpoint
RP2488: 7/9/2011 8:44:26 PM - System Checkpoint
RP2489: 7/10/2011 1:24:34 PM - psc 9.01 build 105 Installation
RP2490: 7/11/2011 2:18:34 PM - System Checkpoint
RP2491: 7/12/2011 6:20:03 PM - System Checkpoint
RP2492: 7/12/2011 7:02:35 PM - Restore Operation
.
==== Installed Programs ======================
.
3D Groove Playback Engine
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.0
Alohabob PC Relocator Ultra Control
America Online (Choose which version to remove)
An American Tail MB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
Arthur's Reading Games
Audacity 1.2.6
Audit Support Center 1.0
Banctec Service Agreement
BankshotBilliards
Barbie(TM) as The Princess and the Pauper Demo
Barbie(TM) Diaries High School Mystery
Barbie(TM) Fashion Show(TM) CD-ROM
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0.1
Bonjour
Cache Cleaner 4.2.0
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Charter High Speed Internet Self-Installation Wizard
Charter Security Suite
Classic PhoneTools
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Driver Download Manager
Dell Media Experience
Dell Networking Guide
Dell Photo AIO Printer 942
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
Delta Force - Black Hawk Down
Digital Line Detect
Dinosaur Adventure 3-D
Disney's Daily Blast 2.0
Disney's Princess Fashion Boutique
Dream House 3D
Driver Whiz
Dropbox
DVDSentry
eMusic Download Manager
Express Burn
Express Rip
F-Secure PSC Prerequisites
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
ImageMixer 3 SE Ver.4.5 Transfer Utility
ImageMixer 3 SE Ver.4.5 Video Tools
ImageStation Easy Upload Tools
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Cache Cleaner 6.0.0
Learn2 Player (Uninstall Only)
Let's Ride 3 Day Eventing - Championship Season
Lets Ride Corral Club
Malwarebytes' Anti-Malware version 1.51.0.1200
Managed DirectX (0900)
McAfee Shredder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Halo Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MixPad Audio Mixer
MobileMe Control Panel
Modem Helper
Morpheus Toolbar
Move Media Player
MovieEdit Task
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Music Editor Free
Music Transfer Utility Ver.1.5
Musicmatch® Jukebox
Nancy Drew: Danger by Design
Nancy Drew: Danger on Deception Island
Nancy Drew: Ghost Dogs of Moon Lake
Nancy Drew: Last Train to Blue Moon Canyon
Nancy Drew: Legend of the Crystal Skull
Nancy Drew: Message in a Haunted Mansion
Nancy Drew: Ransom of the Seven Ships
Nancy Drew: Secret of Shadow Ranch
Nancy Drew: Secret of the Old Clock
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: Secrets Can Kill
Nancy Drew: Shadow at the Water's Edge
Nancy Drew: Stay Tuned For Danger
Nancy Drew: The Creature of Kapu Cave
Nancy Drew: The Curse of Blackmoor Manor
Nancy Drew: The Final Scene
Nancy Drew: The Haunted Carousel
Nancy Drew: The Haunting of Castle Malloy
Nancy Drew: The Phantom of Venice
Nancy Drew: Trail of the Twister
Nancy Drew: Treasure in the Royal Tower
Nancy Drew: Warnings at Waverly Academy
NCH Toolbox
NetWaiting
PhotoStitch
PowerDVD
Quicken 2004
Quicken Legal Business Pro 2004
QuickTime
RAW Image Task 1.1
RealArcade
RealPlayer
Rex!
Riding Star
RollerCoaster Tycoon 2 Triple Thrill Pack
Safari
SeaWorld Adventure Park Tycoon
Secunia PSI (2.0.0.3003)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sesame Street Elmo's Art Workshop
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spirit (remove only)
Spyware Doctor with AntiVirus 8.0
Strawberry Shortcake - Amazing Cookie Party
Switch Sound File Converter
swMSM
Tarzan Activity Center
Terayon DOCSIS Modem
The Land Before Time Kindergarten Adventure
The White Wolf of Icicle Creek
Unity Web Player
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WavePad Sound Editor
WeatherBug Browser Bar - powered by MyWebSearch
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
You Can Fly! with Tinker Bell
Zoo Tycoon 2 - African Adventure
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2011 4:59:36 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
7/12/2011 6:01:37 PM, error: Print [6161] - The document Microsoft Word - resumedonna.doc owned by Bryan failed to print on printer Dell Photo AIO Printer 942. Data type: LEMF. Size of the spool file in bytes: 1387886. Number of bytes printed: 1387886. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OFFICE. Win32 error code returned by the print processor: 535 (0x217).
7/11/2011 8:06:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000CF1F9DDAD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/11/2011 12:13:54 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
7/10/2011 3:02:28 PM, error: F-Secure Gatekeeper [1] -
.
==== End Of File ===========================
 
What problems are you having? Subject should reflect problem and description of problem should be in the first post.
 
Have a red shield with white x in taskbar

Also, history for Internet Explorer does not display pages visited and wireless network has disappeared.
 
Have a red shield with white x in taskbar
Also, history for Internet Explorer does not display pages visited and wireless network has disappeared.
Click to expand...

So this is the description? IF you want help, you will need to give me something to work with.
=====================================
You are using 3 antivirus programs:
AV: Spyware Doctor with AntiVirus *Enabled/Updated
AV: Charter Security Suite 9.01 *Enabled/Update
McAfee Security
The first is in the PC Tools and the second is provided by your ISP. Please decide]which you want to keep and remove the others. Although you are using the McAfee Site Advosor, processes are loading for the antivirus program also. Multiple antivirus program make the system more vulnerable, not less.
==========================================
Please run the following:

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
===============================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================
Please post the logs in your next reply.
 
I thought I was asking for help by posting?

My McAfee subscription ended so I downloaded the Charter Security Suite to use. I was trying to delete McAfee when the red shield popped up. Spyware Dr was supposed to have been deleted previously. I will delete 2 and then follow your instructions. I am trying to give the information needed but I am a little perplexed. I have use of my computer but there are little things that keep occuring. I have had major viruses before but have always been able to remove them with Malaware. Stay tuned for logs later.
 
Here are logs

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\bryan\my documents\my music\itunes\itunes music\compilations\breakthrough\12 breakin' at the cracks.m4a
c:\nancy drew\secret of shadow ranch\hdvideo\gho_salooncracker.bik
c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
c:\program files\musicmatch\musicmatch jukebox\crypt.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
c:\program files\nancy drew\legend of the crystal skull\video\gre_doorcrackanim.bik
c:\program files\nancy drew\legend of the crystal skull\video\gre_doorcrackanim_last.bik
c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle01_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle02_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle03_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle04_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle05_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle06_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_01_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_02_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_03_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_04_sfx.his
c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_05_sfx.his
c:\program files\nancy drew\the haunting of castle malloy\sound\electricity_crackle_buzz.his
c:\program files\nancy drew\the phantom of venice\sound\firecracker_poppoof01.his
c:\program files\nancy drew\the phantom of venice\sound\firecracker_poppoof02.his
c:\program files\nancy drew\the phantom of venice\sound\firecracker_poppoof03.his
c:\program files\nancy drew\the white wolf of icicle creek\sound\crackle.his
c:\program files\nancy drew\the white wolf of icicle creek\sound\firecrackle_fireplace.his
c:\program files\nancy drew\the white wolf of icicle creek\sound\icecrack.his
c:\program files\nancy drew\trail of the twister\sound\fire_crackle01_sfx.his
scanner sequence 3.ZZ.11.PRNAWD
----- EOF -----

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Bryan\Desktop\klitekpp210e.exe probably a variant of Win32/TrojanDownloader.VB.IRCSLWN trojan
C:\Documents and Settings\Bryan\Local Settings\Temp\jar_cache2885571977258918420.tmp a variant of OSX/Exploit.Smid.D trojan
C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Program Files\MorpheusBar\bar\2.bin\M0PLUGIN.DLL Win32/Toolbar.Morpheus application
C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL Win32/Toolbar.Morpheus application
C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL Win32/Toolbar.Morpheus application
C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL Win32/Toolbar.Morpheus application
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application
Operating memory Win32/Adware.Yontoo.A application
 
To remove McAfee: McAfee Removal

To uninstall Spyware Doctor w/AV
Follow these steps:
  • Right click on the Spyware Doctor icon in the Notification Area> Select Shitdown.
  • Click on Start> Programs> PC Tools Security> Choose Uninstall Spyware Doctor with AntiVirus
  • Restart the computer (if prompted)
  • Right click on Start> Explore> My Computer> Double click on Local Drive (C)> Programs> Navigate to the PC Tools Security and do a right click> Delete.
Reboot the computer.
 
To remove Eset entries:

1. Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
C:\Documents and Settings\Bryan\Desktop\klitekpp210e.exe 
C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll 
C:\Program Files\MorpheusBar\bar\2.bin\M0PLUGIN.DLL 
C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL 
C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL
C:\Program Files\Yontoo Layers\YontooIEClient.dll 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
-----------------------------
2. To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
===========================================
Udate Java: Java Updates Uninstall any earlier versions (Java 2 Runtime Environment, SE v1.4.2, Java(TM) 6 Update 24) in Add/Remove Programs as they are vulnerabilities for the system.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
=========================================
See next reply for Combofix instructions..
 
When you have finished with the instructions in my previous reply, please go on to this:

Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
 
Attached are the logs

OTM log:
All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll moved successfully.
C:\Documents and Settings\Bryan\Desktop\klitekpp210e.exe moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll
C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll moved successfully.
C:\Program Files\MorpheusBar\bar\2.bin\M0PLUGIN.DLL moved successfully.
C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL moved successfully.
C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL moved successfully.
C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL moved successfully.
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL moved successfully.
C:\Program Files\Yontoo Layers\YontooIEClient.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Abby
->Temp folder emptied: 93715505 bytes
->Temporary Internet Files folder emptied: 158186925 bytes
->Java cache emptied: 1003712 bytes
->Flash cache emptied: 55547 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Bryan
->Temp folder emptied: 831393166 bytes
->Temporary Internet Files folder emptied: 162738732 bytes
->Java cache emptied: 12792599 bytes
->FireFox cache emptied: 4556178 bytes
->Apple Safari cache emptied: 1282048 bytes
->Flash cache emptied: 107002 bytes

User: Bryan Banks

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56507 bytes

User: Donna
->Temp folder emptied: 418577 bytes
->Temporary Internet Files folder emptied: 2292332 bytes
->Flash cache emptied: 300 bytes

User: Kaylie
->Temp folder emptied: 13707224 bytes
->Temporary Internet Files folder emptied: 9876591 bytes
->Flash cache emptied: 42158 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11683158 bytes
->Flash cache emptied: 8047 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 58826603 bytes
->Flash cache emptied: 2971 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2929417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 300382398 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94789536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
RecycleBin emptied: 168635988 bytes

Total Files Cleaned = 1,840.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07152011_204925

Files moved on Reboot...
File C:\Documents and Settings\Bryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\YCKNMW9E\7cC000000012!%5e%7c100016215!%5e%7c401010175!%5e%7cV174!%5e%7cA863!%5e%7c365!%5e%7cEGUNICA07PP!%5e%7chtml!%5e%7cBKLT365!%5e%7c0+++++++++++++++++++++!%5e%7cA863!%5e%7c06%2f30%2f2005 not found!

Registry entries deleted on Reboot...

ComboFix log:
ComboFix 11-07-15.03 - Bryan 07/15/2011 22:36:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.480 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Abby\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Bryan\WINDOWS
c:\documents and settings\Kaylie\WINDOWS
c:\program files\Shared
c:\program files\Shared\shared.sig
c:\temp\fse
K:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinDriver
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 03:18 . 2011-07-16 03:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-16 03:18 . 2011-07-16 03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-16 00:15 . 2011-07-16 00:15 -------- d-----w- C:\_OTM
2011-07-14 23:42 . 2011-07-14 23:42 -------- d-----w- c:\program files\ESET
2011-07-13 00:48 . 2011-07-13 00:50 -------- d-----w- C:\savw_97_sa
2011-07-10 18:42 . 2011-07-10 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2011-07-10 18:42 . 2011-07-10 20:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-07-10 18:38 . 2011-07-10 20:32 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-07-10 18:24 . 2011-07-13 00:00 -------- d-----w- c:\program files\Charter Security Suite
2011-07-10 18:18 . 2011-07-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2011-07-10 18:16 . 2011-07-12 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 03:18 . 2010-05-25 03:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-18 14:35 . 2011-05-23 23:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 14:11 . 2009-01-12 02:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2009-01-12 02:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-10-02 12:26 . 2005-10-02 12:26 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ZingSpooler"="c:\program files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe" [2002-08-02 200704]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 8192]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-12 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-06 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Bryan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
PowerReg Scheduler.exe [2006-5-26 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-3 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-3 24576]
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-1-23 406896]
PowerReg Scheduler.exe [2005-3-5 251392]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbucoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\DLBUPSWX.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\Bryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [7/10/2011 1:42 PM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [7/10/2011 1:38 PM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/10/2011 1:31 PM 68064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 3:35 PM 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/1/2007 8:21 PM 24652]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/10/2011 1:25 PM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/10/2011 1:31 PM 61088]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
S0 fnyozi;fnyozi;c:\windows\system32\drivers\qpedfh.sys --> c:\windows\system32\drivers\qpedfh.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
S2 mrtRate;mrtRate; [x]
S3 ba304;ba304;\??\c:\docume~1\Bryan\LOCALS~1\Temp\ba304.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\ba304.sys [?]
S3 CVDMINDV;CVDMINDV;\??\c:\docume~1\Bryan\LOCALS~1\Temp\CVDMINDV.SYS --> c:\docume~1\Bryan\LOCALS~1\Temp\CVDMINDV.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
S3 imsfs;imsfs;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys [?]
S3 iserial;iserial;\??\c:\docume~1\Bryan\LOCALS~1\Temp\iserial.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\iserial.sys [?]
S3 lpsched;lpsched;\??\c:\docume~1\Bryan\LOCALS~1\Temp\lpsched.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\lpsched.sys [?]
S3 omouhid;omouhid;\??\c:\docume~1\Bryan\LOCALS~1\Temp\omouhid.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\omouhid.sys [?]
S3 qtape;qtape;\??\c:\docume~1\Bryan\LOCALS~1\Temp\qtape.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\qtape.sys [?]
S3 rati1tux;rati1tux;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys [?]
S3 ssmbali;ssmbali;\??\c:\docume~1\Bryan\LOCALS~1\Temp\ssmbali.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\ssmbali.sys [?]
S3 ta311;ta311;\??\c:\docume~1\Bryan\LOCALS~1\Temp\ta311.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\ta311.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [1/8/2001 8:53 AM 15576]
S3 xusbuhci;xusbuhci;\??\c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/10/2011 1:25 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/10/2011 1:25 PM 25184]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-07-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
.
2004-07-10 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-DellMCM - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 23:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\documents and settings\Bryan\Application Data\Microsoft Games\Zoo Tycoon 2\Default Profile\Saved\ALPiNE MOUTAiN ZOO LARGE :eek:.z2s 566430 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3020)
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-15 23:31:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-16 04:31
.
Pre-Run: 87,109,189,632 bytes free
Post-Run: 86,896,291,840 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A5B7DCC5F0643CB7587087E16BE70700
 
Oh my gosh! OTM> Total Files Cleaned = 1,840.00 mb. You have won the prize for the most files I've seen cleaned! But this is not a prize to be desired> it shows that the accounts are doing maintenance on the system. Simple things like deleting temporary internet files:
The Winner or Loser- depending on how you look at it:
User: Bryan. BTW, there is another account with no entries set up as "User: Bryan Banks". You might want to delete that one.
User: Abby is close second, followed by Kaylie then Donna! You all need to keep your account tidy. Set up regular maintenance to do: Delete temporary internet file and Cookies, do a Disc Cleanup, then Error Check and last a Defrag. The entire system will sigh and say 'Thank you!.'
=========================================
About this:
I thought I was asking for help by posting?
Click to expand...
You are. But telling us what the problem is is important. Depending on your description, we may be looking for specific entries in the logs. We may also ask you to run a specific program based on the description. And we will also ask if a specific problem has been resolved.

Bottom line? What you tell us helps us help you.
==========================================
Also, BTW< you can use the Quick Reply posting. You don't need to put in a new subject for each post.
=========================================
The presence of this deletion, K:\Autorun.inf indicates and infected flash drive may have been used. IF do, it need to be disinfected:
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Please do that while I finish the script for Combofix.
 
Can you tell me please if you have used the MSDTC to globally open TCP Port 135 and TCP Ports 5000-5020. If you don't know what I'm referring to, then I will know what to do.
 
"Can you tell me please if you have used the MSDTC to globally open TCP Port 135 and TCP Ports 5000-5020. If you don't know what I'm referring to, then I will know what to do."

No idea what that is.....

I thought I had maintenance scheduled but with all of the issues I've had lately, it may have gotten deleted and I'll need to set it back up. The system seems to be running better but the history still does not list pages visited. Not sure if that matters or not. The k: drive is an external hard drive that I added to save videos/pics of our kids in each of their respective ports. I will run the flash disinfector to clean that and other flash drives.

Thanks for your help!
 
A Note: As long as you're using Kazaa you are going to get malware:
Please read the information on P2P Warning to help you better understand these dangers.
=====================================
Please do the following:
Click on Start> Run> type cmd> enter> at the blinking C Prompt, type the following

netstat -a-n-b
(note space before -a)
When it finishes, do a right click on the page> Copy> Paste the result here.
=============================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\program files\viewpoint\common\ViewpointService.exe 
c:\windows\system32\ConduitEngine.tmp
c:\docume~1\bryan\locals~1\temp\iserial.sys
c:\docume~1\bryan\locals~1\temp\lpsched.sys
c:\docume~1\bryan\locals~1\temp\omouhid.sys
c:\docume~1\bryan\locals~1\temp\qtape.sys
c:\docume~1\bryan\locals~1\temp\ssmbali.sys
c:\docume~1\bryan\locals~1\temp\ta311.sys
c:\docume~1\bryan\locals~1\temp\ba304.sys
c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys
c:\docume~1\bryan\locals~1\temp\cvdmindv.sys
DirLook::
C:\savw_97_sa
Folder::
DDS::
BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
BHO: {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} - c:\program files\morpheusbar\bar\2.bin\MORPHBAR.DLL
mRun: [ZingSpooler] c:\program files\easy upload tools\drivers\spooler\ZingSpooler.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe>> Muiv mqtch
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZingSpooler"=-
"WildTangent CDA"=-
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64, \
Driver::
Viewpoint Manager Service
iserial
lpsched
omouhid  
qtape 
ssmbali
ta311
ba304
cpuz132
CVDMINDV
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Unintstall the following:
Viewpoint:
Yontoo:Yontoo Layers or Drop Down Deals browser add-on - creates virtual layers that can be edited to create the appearance of having made changes to the underlying website. Has ads in the layers with no obvious warning on install
Morpheus Toolbar: Morpheus was a file sharing and searching peer-to-peer client > As of October 29, 2008 the official Morpheus website is offline, including all other websites owned by StreamCast Networks including Morpheus.com, MusicCity.com, Streamcastnetworks.com and NeoNetwork.com. During installation, an optional peer-to-peer Morpheus Toolbar is offered. Both the Morpheus application and the Morpheus Toolbar are easily uninstalled with Windows Add/Remove Programs commands, however this is not the case with previous versions.
Zing: Zing: Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums.
DSentry: DSentry: Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
=======================
Remove the following from the Trusted Zone: Nothing needs to be in that zone, where the security is lower.
Trusted Zone: musicmatch.com\online
 
results from netstat:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Bryan>netstat -a-n-b

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

C:\Documents and Settings\Bryan>

Also, several other questions:
-Can't find user Bryan Banks in User Accounts to be able to delete
-Can't find the items at the end of your reply to delete. I will need help getting them deleted.
-How do I remove item from Trusted Zone
 
The copy of netstat is only the directions- not the result. I'm going to close the ports.

Did you run the script in Combofix? Where is the new log?

Regarding the Bryan Banks account:
Click on the Control Panel> User Accounts> Scroll to the lower part of the screen to pick an account to change> If you see the account there click on it and follow the prompt to remove.
If you don't see it there, since it doesn't show any contents in OTM, just close.

Uninstalling entries:
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
------------------------
How to Remove Viewpoint Media Player, Toolbar, or Manager
  1. Click on Start> Control Panel> Add/Remove Programs
  2. Uninstall any of the following programs associated with Viewpoint
    [o] Viewpoint Manager
    [o] Viewpoint Media Player
    [o] Viewpoint Toolbar
  3. Close the Add/Remove Programs and Control Panel
----------------------------------------------
Uninstall Morpheus Toolbar:
  1. Right click on Start> Explore> Double click on Local Drive> Programs
  2. click to open the Morpheus Toolbar
  3. Double click on toolbaruninstaller.exe.
  4. Follow the prompts for the uninstall
  5. Exit Widows Explorer when through
  6. Check the Control Panel> Add/Remove Programs> if any Morpheus entries> Uninstall
--------------------------------------------
Uninstall Zing Photo Uploader
  1. Click on Start> Control Panel> Add/Remove Programs
  2. Click on Zing Photo Uploader> Uninstall
  3. Right click on Start> Explore> Double click on Local Drive
  4. Click on Docs & Settings for yourself
  5. Click on Downloads> right click> Delete any of the following if present.
    [o] Zing TreeView ActiveX
    [o]Zing UploadController ActiveX
    [o]ZingDropFiles Class
  6. Exit and close Windows Explorer when through
---------------------------------------------
Uninstall Yontoo
Use the same direction for Add/Remove Programs
Uninstall Yontoo Layers Client and Drop Down Deals
Close and exit when done.
---------------------------------------------
Uninstall Dell DSentry
Use Add/Remove directions to uninstall Dell DVD Sentry
--------------------------------------------
When all of the uninstallations have been completed:
Right click on start> Explore> My Computer> Double click on Local Drive(C)> Programs> Find each of the following program folders and do a right click> Delete on each.
=============================================
When finished all uninstall and folder deletions, reboot back into Normal Mode
Be sure you have run the script in Combofix first.
Then rescan with Combofix and give me the new logs. I will remove any 'left over' entries.
 
Part 1 of 2

ComboFix 11-07-15.03 - Bryan 07/17/2011 0:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.431 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\docume~1\bryan\locals~1\temp\ba304.sys"
"c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys"
"c:\docume~1\bryan\locals~1\temp\cvdmindv.sys"
"c:\docume~1\bryan\locals~1\temp\iserial.sys"
"c:\docume~1\bryan\locals~1\temp\lpsched.sys"
"c:\docume~1\bryan\locals~1\temp\omouhid.sys"
"c:\docume~1\bryan\locals~1\temp\qtape.sys"
"c:\docume~1\bryan\locals~1\temp\ssmbali.sys"
"c:\docume~1\bryan\locals~1\temp\ta311.sys"
"c:\program files\viewpoint\common\ViewpointService.exe"
"c:\windows\system32\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\easy upload tools\drivers\spooler\ZingSpooler.exe
c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
c:\program files\viewpoint\common\ViewpointService.exe
c:\program files\wildtangent\apps\cda\gamedrvr.exe
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BA304
-------\Legacy_CPUZ132
-------\Legacy_CVDMINDV
-------\Legacy_ISERIAL
-------\Legacy_LPSCHED
-------\Legacy_OMOUHID
-------\Legacy_QTAPE
-------\Legacy_SSMBALI
-------\Legacy_TA311
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_ba304
-------\Service_cpuz132
-------\Service_CVDMINDV
-------\Service_iserial
-------\Service_lpsched
-------\Service_omouhid
-------\Service_qtape
-------\Service_ssmbali
-------\Service_ta311
-------\Service_Viewpoint Manager Service
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 20:18 . 2011-07-16 20:18 53248 ----a-r- c:\documents and settings\Bryan\Application Data\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-16 20:17 . 2011-07-16 20:17 -------- d-sh--w- c:\documents and settings\Bryan\UserData
2011-07-16 20:06 . 2011-07-16 20:06 -------- d-----w- C:\Pictures
2011-07-16 08:07 . 2011-07-16 08:51 -------- d-----w- c:\windows\ie8updates
2011-07-16 05:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-16 05:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-16 05:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-16 05:06 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-16 05:06 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-16 05:06 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-16 05:04 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-07-16 05:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-16 05:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-07-16 05:03 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-16 05:03 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-16 05:03 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-07-16 05:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-07-16 05:01 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-16 05:01 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-16 05:01 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-07-16 05:01 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-16 05:01 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-16 05:00 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-16 05:00 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-16 05:00 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-16 05:00 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-16 04:54 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-07-16 04:54 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-07-16 04:43 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-16 04:42 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-16 04:42 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-16 03:18 . 2011-07-16 03:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-16 03:18 . 2011-07-16 03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-16 00:15 . 2011-07-16 00:15 -------- d-----w- C:\_OTM
2011-07-14 23:42 . 2011-07-14 23:42 -------- d-----w- c:\program files\ESET
2011-07-13 00:48 . 2011-07-13 00:50 -------- d-----w- C:\savw_97_sa
2011-07-10 18:42 . 2011-07-10 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2011-07-10 18:42 . 2011-07-10 20:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-07-10 18:38 . 2011-07-10 20:32 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-07-10 18:24 . 2011-07-13 00:00 -------- d-----w- c:\program files\Charter Security Suite
2011-07-10 18:18 . 2011-07-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2011-07-10 18:16 . 2011-07-12 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 03:18 . 2010-05-25 03:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-18 14:35 . 2011-05-23 23:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2002-08-29 10:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-05-29 14:11 . 2009-01-12 02:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2009-01-12 02:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2004-06-07 18:19 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-03-30 01:48 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-29 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2002-08-29 10:00 33280 ------w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2005-10-02 12:26 . 2005-10-02 12:26 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\savw_97_sa ----
Edit: Contents are all for the Sophos program dated 2011-07-13 00:54 . Unneeded entries deleted by Bobbye
 
Edit: DirLook shows contents of Sophos AV. Contents deleted by BobbyePart 2 of 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-12 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-06 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Bryan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
PowerReg Scheduler.exe [2006-5-26 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-3 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-3 24576]
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-1-23 406896]
PowerReg Scheduler.exe [2005-3-5 251392]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbucoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\DLBUPSWX.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\Bryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [7/10/2011 1:42 PM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [7/10/2011 1:38 PM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/10/2011 1:31 PM 68064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 3:35 PM 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/10/2011 1:25 PM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/10/2011 1:31 PM 61088]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
S0 fnyozi;fnyozi;c:\windows\system32\drivers\qpedfh.sys --> c:\windows\system32\drivers\qpedfh.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
S3 imsfs;imsfs;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys [?]
S3 rati1tux;rati1tux;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [1/8/2001 8:53 AM 15576]
S3 xusbuhci;xusbuhci;\??\c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/10/2011 1:25 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/10/2011 1:25 PM 25184]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-07-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
.
2011-07-17 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2011-07-10 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 00:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\dfshim.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\windows\system32\rundll32.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2011-07-17 01:07:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-17 06:07
ComboFix2.txt 2011-07-16 04:31
.
Pre-Run: 84,626,964,480 bytes free
Post-Run: 84,748,935,168 bytes free
.
- - End Of File - - 6627C1187489A21C07356FF1237CDCF8
 
Did I tell you how to move MusicMatch out of Trusted Zone? If not, here it is:

Access Internet Options either through IE> Tools or Control Panel> Internet Options: Choose the Security tab> Click on Trusted Sites> Sites> Highlight musicmatch.com[/b[ in the Web Sites> Press the Remove button> OK> Apply> OK
========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\drivers\qpedfh.sys
c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys
c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys
c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
Driver::
fnyozi
imsfs
rati1tux
xusbuhci
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Have any of your 'little problems' been resolved?

I'm going to delet the Sophos entries from the FileLook I did in Combofix. Like a laywer, I should ask question unless I know the answer- but I could not ID that process!
 
Not sure what happened but I don't see my post from last night. I am posting what I think is the log. If it's not right, I can rerun again and repost.
Computer seems to be running fine. I still don't see any sites on the Internet Explorer history and I still get the red shield with white X when I turn off anti-virus. There is also a Windows Security icon in the Control Panel that makes me nervous because I know that is what started my virus issues several months ago.

Part 1 of 2

ComboFix 11-07-18.05 - Bryan 07/18/2011 21:13:04.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys"
"c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys"
"c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys"
"c:\windows\system32\drivers\qpedfh.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IMSFS
-------\Legacy_RATI1TUX
-------\Legacy_XUSBUHCI
-------\Service_fnyozi
-------\Service_imsfs
-------\Service_rati1tux
-------\Service_xusbuhci
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-18 12:42 . 2011-07-18 12:42 -------- d-----w- c:\documents and settings\Bryan\Application Data\F-Secure
2011-07-17 06:07 . 2011-07-17 06:07 -------- dc----w- c:\documents and settings\Donna
2011-07-16 20:18 . 2011-07-16 20:18 53248 ----a-r- c:\documents and settings\Bryan\Application Data\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-16 20:17 . 2011-07-16 20:17 -------- d-sh--w- c:\documents and settings\Bryan\UserData
2011-07-16 20:06 . 2011-07-16 20:06 -------- d-----w- C:\Pictures
2011-07-16 08:07 . 2011-07-16 08:51 -------- d-----w- c:\windows\ie8updates
2011-07-16 05:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-16 05:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-16 05:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-16 05:06 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-16 05:06 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-16 05:06 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-16 05:04 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-07-16 05:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-16 05:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-07-16 05:03 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-16 05:03 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-16 05:03 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-07-16 05:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-07-16 05:01 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-16 05:01 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-16 05:01 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-07-16 05:01 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-16 05:01 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-16 05:00 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-16 05:00 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-16 05:00 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-16 05:00 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-16 04:54 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-07-16 04:54 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-07-16 04:43 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-16 04:42 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-16 04:42 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-16 03:18 . 2011-07-16 03:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-16 03:18 . 2011-07-16 03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-16 00:15 . 2011-07-16 00:15 -------- d-----w- C:\_OTM
2011-07-14 23:42 . 2011-07-14 23:42 -------- d-----w- c:\program files\ESET
2011-07-13 00:48 . 2011-07-13 00:50 -------- d-----w- C:\savw_97_sa
2011-07-10 18:42 . 2011-07-10 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2011-07-10 18:42 . 2011-07-10 20:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-07-10 18:38 . 2011-07-10 20:32 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-07-10 18:24 . 2011-07-13 00:00 -------- d-----w- c:\program files\Charter Security Suite
2011-07-10 18:18 . 2011-07-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2011-07-10 18:16 . 2011-07-12 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 03:18 . 2010-05-25 03:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-18 14:35 . 2011-05-23 23:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2002-08-29 10:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-05-29 14:11 . 2009-01-12 02:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2009-01-12 02:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2004-06-07 18:19 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-03-30 01:48 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-29 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2002-08-29 10:00 33280 ------w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2005-10-02 12:26 . 2005-10-02 12:26 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_04.15.06 )))))))))))))))))))))))))))))))))))))))))
Edit: Extensive Combofix snapshot deleted by Bobbye
 
Part 4
Edit: Extensive Combofix snapshot deleted by Bobbye

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-12 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-06 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Bryan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
PowerReg Scheduler.exe [2006-5-26 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-3 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-3 24576]
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-1-23 406896]
PowerReg Scheduler.exe [2005-3-5 251392]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbucoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\DLBUPSWX.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\Bryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [7/10/2011 1:42 PM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [7/10/2011 1:38 PM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/10/2011 1:31 PM 68064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 3:35 PM 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/10/2011 1:25 PM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/10/2011 1:31 PM 61088]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [1/8/2001 8:53 AM 15576]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/10/2011 1:25 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/10/2011 1:25 PM 25184]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-07-18 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
.
2011-07-18 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2011-07-10 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-18 22:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-18 22:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 03:15
ComboFix2.txt 2011-07-17 06:07
ComboFix3.txt 2011-07-16 04:31
.
Pre-Run: 84,405,092,352 bytes free
Post-Run: 84,427,108,352 bytes free
.
- - End Of File - - 56027B6AD9AFA10E0E6D437B5453AEC0
 
This would not be the time to do the disc cleanup. Please wait until we're through.

Did you copy all the script I had in the code box, including all of the ports?

Can you give me any update on the system now?
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back