I picked up something and I cant shake it. McAfee does not see any infections, Avira sees no infected files, Avast sees no infected files, superantivirus only sees tracking cookies, i have even run trend micros house call to find no infected files and finally, malware bites has found no infected files. I cannot run GMER without my computer locking up. everything else runs fine.
I am not sure what it is but it redirects any google search result that I choose. Avast will periodically tell me that it has blocked a malicious url (even when I am not surfing). I think it may have reached my network because even surfing on my ipod touch, I will get pop-ups when searching. If anyone could help me out it would be greatly appreciated. This is really slowing down my computer and network.
Here are the logs from the diagnotic tools I ran:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/25/2010 7:41:12 AM
mbam-log-2010-10-25 (07-41-12).txt
Scan type: Full scan (C:\|)
Objects scanned: 152713
Time elapsed: 1 hour(s), 57 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS (Ver_10-10-21.02) - NTFSx86
Run by Paul Hirko at 9:27:09.76 on Mon 10/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.534 [GMT -7:00]
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxext.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\DOCUME~1\PAULHI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Paul Hirko\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101005205149.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [whoqdibk] c:\docume~1\paulhi~1\locals~1\temp\dldnmmksq\lmajhiayhsn.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\paulhi~1\applic~1\mozilla\firefox\profiles\kbeud32e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 165584]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-20 11608]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-20 267432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-21 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-20 60936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-10-13 582992]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-5 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-5 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]
=============== Created Last 30 ================
2010-10-23 13:11:47 38848 ----a-w- c:\windows\avastSS.scr
2010-10-22 15:48:27 -------- d-----w- C:\jolicloud
2010-10-20 15:37:30 -------- d-----w- c:\windows\system32\NtmsData
2010-10-20 15:36:00 -------- d-----w- c:\docume~1\paulhi~1\applic~1\Avira
2010-10-20 15:27:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-20 15:27:29 -------- d-----w- c:\program files\Avira
2010-10-20 15:27:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-10-20 05:15:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-13 22:24:13 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-10-13 22:20:57 -------- d-----w- c:\documents and settings\paul hirko\log
2010-10-13 21:59:42 388096 ----a-r- c:\docume~1\paulhi~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-13 21:59:42 -------- d-----w- c:\program files\Trend Micro
2010-10-13 18:19:55 -------- d-----w- c:\docume~1\paulhi~1\applic~1\Malwarebytes
2010-10-13 18:19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 18:19:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-13 18:19:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 18:19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 16:16:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-12 16:16:57 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-12 16:16:57 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-12 15:56:03 -------- d-----w- c:\docume~1\paulhi~1\applic~1\McAfee
2010-10-07 19:44:50 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Identities
2010-10-06 04:42:21 -------- d-----w- c:\docume~1\paulhi~1\applic~1\.BitTornado
2010-10-06 04:04:40 -------- d-----w- c:\program files\MSXML 4.0
2010-10-06 03:50:45 -------- d-----w- c:\program files\McAfee
2010-10-06 03:48:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-06 03:48:06 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-06 03:45:49 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-06 03:39:58 -------- d-----w- c:\docume~1\paulhi~1\applic~1\SUPERAntiSpyware.com
2010-10-06 03:39:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-06 03:39:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-06 03:38:11 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-06 03:36:05 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-06 03:36:05 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-06 03:36:04 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-06 03:36:04 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-06 03:34:01 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Temp
2010-10-06 03:33:57 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Google
2010-10-06 03:31:11 -------- d-sh--w- c:\documents and settings\paul hirko\IECompatCache
2010-10-06 03:29:17 -------- d-sh--w- c:\documents and settings\paul hirko\PrivacIE
2010-10-06 03:28:41 -------- d-sh--w- c:\documents and settings\paul hirko\IETldCache
2010-10-06 03:26:15 -------- d-----w- c:\windows\ie8updates
2010-10-06 03:23:47 -------- dc-h--w- c:\windows\ie8
2010-10-06 03:20:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-10-06 03:18:07 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-06 03:18:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-06 03:18:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-06 03:18:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-06 03:18:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-06 03:18:04 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-06 03:18:02 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-06 03:15:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-06 03:13:02 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Mozilla
2010-10-06 03:08:30 -------- d-sh--w- c:\documents and settings\paul hirko\UserData
2010-10-06 03:01:33 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-06 02:51:48 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-10-06 02:51:48 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-10-06 02:51:48 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-10-06 02:51:48 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-10-06 02:51:48 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-10-06 02:51:38 -------- d-----w- C:\Acer
2010-10-06 02:48:47 -------- d-----w- c:\program files\common files\SNP2UVC
2010-10-06 02:48:46 -------- d-----w- c:\windows\SUYIN NB Cam
2010-10-06 02:48:12 4342912 ----a-w- c:\windows\system32\acer.exe
2010-10-06 02:48:08 83554304 ----a-w- c:\windows\system32\acer.scr
2010-10-06 02:47:57 -------- d-----w- c:\program files\Acer Incorporated
2010-10-06 02:47:52 -------- d-----w- c:\windows\ACER
2010-10-06 02:47:21 -------- d-----w- c:\program files\Yahoo!
2010-10-06 02:46:42 -------- d-----w- c:\program files\Launch Manager
2010-10-06 01:03:41 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
==================== Find3M ====================
2010-10-06 02:50:53 125 ----a-w- c:\windows\xUninstall.bat
2010-10-06 01:00:06 3 ----a-w- c:\windows\HotFix.bat
2010-10-06 01:00:06 139 ----a-w- c:\windows\HotFix2.bat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 9:29:50.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-10-21.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 7:44:22 PM
System Uptime: 10/25/2010 6:17:52 AM (3 hours ago)
Motherboard: Acer | |
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 106 GiB total, 74.422 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 10/5/2010 7:44:28 PM - System Checkpoint
RP2: 10/5/2010 7:47:50 PM - Installed Acer ScreenSaver
RP3: 10/5/2010 7:48:42 PM - Installed Acer Crystal Eye webcam
RP4: 10/5/2010 7:50:51 PM - Configured JMicron JMB38X Flash Media Controller
RP5: 10/5/2010 8:12:32 PM - Software Distribution Service 3.0
RP6: 10/5/2010 8:20:13 PM - Software Distribution Service 3.0
RP7: 10/5/2010 8:25:18 PM - Installed Windows Internet Explorer 8.
RP8: 10/5/2010 8:26:08 PM - Software Distribution Service 3.0
RP9: 10/5/2010 9:02:21 PM - Software Distribution Service 3.0
RP10: 10/8/2010 7:15:25 AM - Software Distribution Service 3.0
RP11: 10/9/2010 11:21:59 AM - System Checkpoint
RP12: 10/11/2010 9:26:11 AM - System Checkpoint
RP13: 10/12/2010 8:55:48 AM - Installed McAfee Virtual Technician
RP14: 10/12/2010 9:15:52 AM - Installed Java(TM) 6 Update 21
RP15: 10/13/2010 2:59:41 PM - Installed HiJackThis
RP16: 10/13/2010 3:24:10 PM - Installed Trend Micro RUBotted
RP17: 10/19/2010 10:15:15 PM - avast! Free Antivirus Setup
RP18: 10/21/2010 9:01:40 AM - avast! Free Antivirus Setup
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Crystal Eye webcam
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
HiJackThis
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 21
JMicron JMB38X Flash Media Controller
Jolicloud
Launch Manager
Malwarebytes' Anti-Malware
McAfee AntiVirus Plus
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
Trend Micro RUBotted
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
==== Event Viewer Messages From Past Week ========
10/25/2010 6:53:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/25/2010 2:53:17 AM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 6 time(s).
10/25/2010 2:51:00 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:49:42 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/25/2010 2:47:11 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:33:49 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/25/2010 2:33:48 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:27:29 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:24:28 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:21:20 AM, error: Service Control Manager [7022] - The McShield service hung on starting.
10/25/2010 2:20:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted Service service to connect.
10/25/2010 2:11:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/25/2010 2:10:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
10/25/2010 1:50:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/25/2010 1:47:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm SASDIFSV SASKUTIL ssmdrv
10/23/2010 9:06:51 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/23/2010 8:58:54 AM, error: Service Control Manager [7034] - The Trend Micro RUBotted Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
For what its worth, I can run HiJack this and post the results as well. Once again, thank you for your time.
Paul
I am not sure what it is but it redirects any google search result that I choose. Avast will periodically tell me that it has blocked a malicious url (even when I am not surfing). I think it may have reached my network because even surfing on my ipod touch, I will get pop-ups when searching. If anyone could help me out it would be greatly appreciated. This is really slowing down my computer and network.
Here are the logs from the diagnotic tools I ran:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/25/2010 7:41:12 AM
mbam-log-2010-10-25 (07-41-12).txt
Scan type: Full scan (C:\|)
Objects scanned: 152713
Time elapsed: 1 hour(s), 57 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS (Ver_10-10-21.02) - NTFSx86
Run by Paul Hirko at 9:27:09.76 on Mon 10/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.534 [GMT -7:00]
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxext.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\DOCUME~1\PAULHI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Paul Hirko\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101005205149.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [whoqdibk] c:\docume~1\paulhi~1\locals~1\temp\dldnmmksq\lmajhiayhsn.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\paulhi~1\applic~1\mozilla\firefox\profiles\kbeud32e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 165584]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-20 11608]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-20 267432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-21 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-20 60936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-10-13 582992]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-5 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-5 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]
=============== Created Last 30 ================
2010-10-23 13:11:47 38848 ----a-w- c:\windows\avastSS.scr
2010-10-22 15:48:27 -------- d-----w- C:\jolicloud
2010-10-20 15:37:30 -------- d-----w- c:\windows\system32\NtmsData
2010-10-20 15:36:00 -------- d-----w- c:\docume~1\paulhi~1\applic~1\Avira
2010-10-20 15:27:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-20 15:27:29 -------- d-----w- c:\program files\Avira
2010-10-20 15:27:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-10-20 05:15:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-13 22:24:13 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-10-13 22:20:57 -------- d-----w- c:\documents and settings\paul hirko\log
2010-10-13 21:59:42 388096 ----a-r- c:\docume~1\paulhi~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-13 21:59:42 -------- d-----w- c:\program files\Trend Micro
2010-10-13 18:19:55 -------- d-----w- c:\docume~1\paulhi~1\applic~1\Malwarebytes
2010-10-13 18:19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 18:19:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-13 18:19:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 18:19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 16:16:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-12 16:16:57 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-12 16:16:57 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-12 15:56:03 -------- d-----w- c:\docume~1\paulhi~1\applic~1\McAfee
2010-10-07 19:44:50 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Identities
2010-10-06 04:42:21 -------- d-----w- c:\docume~1\paulhi~1\applic~1\.BitTornado
2010-10-06 04:04:40 -------- d-----w- c:\program files\MSXML 4.0
2010-10-06 03:50:45 -------- d-----w- c:\program files\McAfee
2010-10-06 03:48:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-06 03:48:06 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-06 03:45:49 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-06 03:39:58 -------- d-----w- c:\docume~1\paulhi~1\applic~1\SUPERAntiSpyware.com
2010-10-06 03:39:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-06 03:39:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-06 03:38:11 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-06 03:36:05 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-06 03:36:05 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-06 03:36:04 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-06 03:36:04 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-06 03:34:01 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Temp
2010-10-06 03:33:57 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Google
2010-10-06 03:31:11 -------- d-sh--w- c:\documents and settings\paul hirko\IECompatCache
2010-10-06 03:29:17 -------- d-sh--w- c:\documents and settings\paul hirko\PrivacIE
2010-10-06 03:28:41 -------- d-sh--w- c:\documents and settings\paul hirko\IETldCache
2010-10-06 03:26:15 -------- d-----w- c:\windows\ie8updates
2010-10-06 03:23:47 -------- dc-h--w- c:\windows\ie8
2010-10-06 03:20:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-10-06 03:18:07 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-06 03:18:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-06 03:18:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-06 03:18:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-06 03:18:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-06 03:18:04 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-06 03:18:02 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-06 03:15:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-06 03:13:02 -------- d-----w- c:\docume~1\paulhi~1\locals~1\applic~1\Mozilla
2010-10-06 03:08:30 -------- d-sh--w- c:\documents and settings\paul hirko\UserData
2010-10-06 03:01:33 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-06 02:51:48 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-10-06 02:51:48 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-10-06 02:51:48 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-10-06 02:51:48 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-10-06 02:51:48 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-10-06 02:51:38 -------- d-----w- C:\Acer
2010-10-06 02:48:47 -------- d-----w- c:\program files\common files\SNP2UVC
2010-10-06 02:48:46 -------- d-----w- c:\windows\SUYIN NB Cam
2010-10-06 02:48:12 4342912 ----a-w- c:\windows\system32\acer.exe
2010-10-06 02:48:08 83554304 ----a-w- c:\windows\system32\acer.scr
2010-10-06 02:47:57 -------- d-----w- c:\program files\Acer Incorporated
2010-10-06 02:47:52 -------- d-----w- c:\windows\ACER
2010-10-06 02:47:21 -------- d-----w- c:\program files\Yahoo!
2010-10-06 02:46:42 -------- d-----w- c:\program files\Launch Manager
2010-10-06 01:03:41 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
==================== Find3M ====================
2010-10-06 02:50:53 125 ----a-w- c:\windows\xUninstall.bat
2010-10-06 01:00:06 3 ----a-w- c:\windows\HotFix.bat
2010-10-06 01:00:06 139 ----a-w- c:\windows\HotFix2.bat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 9:29:50.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-10-21.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 7:44:22 PM
System Uptime: 10/25/2010 6:17:52 AM (3 hours ago)
Motherboard: Acer | |
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 106 GiB total, 74.422 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 10/5/2010 7:44:28 PM - System Checkpoint
RP2: 10/5/2010 7:47:50 PM - Installed Acer ScreenSaver
RP3: 10/5/2010 7:48:42 PM - Installed Acer Crystal Eye webcam
RP4: 10/5/2010 7:50:51 PM - Configured JMicron JMB38X Flash Media Controller
RP5: 10/5/2010 8:12:32 PM - Software Distribution Service 3.0
RP6: 10/5/2010 8:20:13 PM - Software Distribution Service 3.0
RP7: 10/5/2010 8:25:18 PM - Installed Windows Internet Explorer 8.
RP8: 10/5/2010 8:26:08 PM - Software Distribution Service 3.0
RP9: 10/5/2010 9:02:21 PM - Software Distribution Service 3.0
RP10: 10/8/2010 7:15:25 AM - Software Distribution Service 3.0
RP11: 10/9/2010 11:21:59 AM - System Checkpoint
RP12: 10/11/2010 9:26:11 AM - System Checkpoint
RP13: 10/12/2010 8:55:48 AM - Installed McAfee Virtual Technician
RP14: 10/12/2010 9:15:52 AM - Installed Java(TM) 6 Update 21
RP15: 10/13/2010 2:59:41 PM - Installed HiJackThis
RP16: 10/13/2010 3:24:10 PM - Installed Trend Micro RUBotted
RP17: 10/19/2010 10:15:15 PM - avast! Free Antivirus Setup
RP18: 10/21/2010 9:01:40 AM - avast! Free Antivirus Setup
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Crystal Eye webcam
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
HiJackThis
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 21
JMicron JMB38X Flash Media Controller
Jolicloud
Launch Manager
Malwarebytes' Anti-Malware
McAfee AntiVirus Plus
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
Trend Micro RUBotted
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
==== Event Viewer Messages From Past Week ========
10/25/2010 6:53:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/25/2010 2:53:17 AM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 6 time(s).
10/25/2010 2:51:00 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:49:42 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/25/2010 2:47:11 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:33:49 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/25/2010 2:33:48 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:27:29 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:24:28 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2010 2:21:20 AM, error: Service Control Manager [7022] - The McShield service hung on starting.
10/25/2010 2:20:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted Service service to connect.
10/25/2010 2:11:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/25/2010 2:10:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
10/25/2010 1:50:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/25/2010 1:47:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm SASDIFSV SASKUTIL ssmdrv
10/23/2010 9:06:51 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/23/2010 8:58:54 AM, error: Service Control Manager [7034] - The Trend Micro RUBotted Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
For what its worth, I can run HiJack this and post the results as well. Once again, thank you for your time.
Paul