Solved Search engine redirect issues

[EVFoodie]

I've been battling search engine redirect issues for a few months now. I've done Malwarebytes, TDSSkiller, etc and they have removed some threats, but the sporadic redirects still happen on all major search engines.

I'm hoping you will be able to provide some guidance on fixing this. I have attached the requested logs from the preliminary instructions. Thanks in advance for you help!


Malware Bytes Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7348

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/1/2011 12:51:58 PM
mbam-log-2011-08-01 (12-51-57).txt

Scan type: Quick scan
Objects scanned: 195366
Time elapsed: 20 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-01 13:46:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6L200M0 rev.BACE1G10
Running: c5fofp16.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\agloyuog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7239226]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7239252]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72392A8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF72391FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72391D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72391E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF723923C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF723927E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF72392D2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF72392BE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7239292]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------

DDS.txt Log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Compaq_Administrator at 13:56:45 on 2011-08-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.365 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513070734.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{538D84B8-5C8C-4B32-AD89-887EA1E5659D} : DhcpNameServer = 192.168.1.1
Filter: text/html - {a32a0005-ef9f-4682-8105-17e62a44dae2} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\rzukn2oa.default\
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/arizona/home.cox
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-18 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-19 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-30 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-19 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-19 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-19 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-19 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-19 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-19 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-19 56064]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2010-4-24 17149]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2010-4-24 384608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-2-15 15232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 84488]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2008-6-7 29824]
S3 Symnet_pp;Symnet_pp; [x]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-2-15 2151640]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 15:15:41 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-01 14:33:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 22:24:18 0 ----a-w- c:\windows\Uroyuvogepu.bin
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 13:58:17.80 ===============


DDS Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2006 9:25:11 AM
System Uptime: 8/1/2011 8:27:53 AM (5 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 1772/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 117.024 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.007 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1381: 5/7/2011 10:36:02 AM - System Checkpoint
RP1382: 5/8/2011 10:46:06 AM - System Checkpoint
RP1383: 5/9/2011 12:23:53 PM - System Checkpoint
RP1384: 5/10/2011 8:58:47 PM - Software Distribution Service 3.0
RP1385: 5/13/2011 6:56:39 AM - System Checkpoint
RP1386: 5/14/2011 9:25:25 AM - System Checkpoint
RP1387: 5/15/2011 12:02:09 PM - System Checkpoint
RP1388: 5/16/2011 12:21:00 PM - System Checkpoint
RP1389: 5/20/2011 6:17:31 PM - System Checkpoint
RP1390: 5/22/2011 10:55:00 AM - System Checkpoint
RP1391: 5/23/2011 1:34:51 PM - System Checkpoint
RP1392: 5/24/2011 1:55:42 PM - System Checkpoint
RP1393: 5/25/2011 6:24:56 PM - System Checkpoint
RP1394: 5/27/2011 7:20:00 AM - System Checkpoint
RP1395: 5/28/2011 10:26:23 AM - System Checkpoint
RP1396: 5/29/2011 12:23:17 PM - System Checkpoint
RP1397: 5/31/2011 6:57:48 AM - System Checkpoint
RP1398: 6/3/2011 7:26:24 AM - System Checkpoint
RP1399: 6/6/2011 6:43:27 PM - System Checkpoint
RP1400: 6/11/2011 9:53:16 AM - System Checkpoint
RP1401: 6/13/2011 9:33:01 AM - System Checkpoint
RP1402: 6/14/2011 11:48:58 AM - System Checkpoint
RP1403: 6/16/2011 10:42:58 AM - System Checkpoint
RP1404: 6/16/2011 10:58:37 PM - Software Distribution Service 3.0
RP1405: 6/17/2011 6:04:42 PM - Installed Java(TM) 6 Update 26
RP1406: 6/18/2011 7:04:03 PM - System Checkpoint
RP1407: 6/19/2011 10:24:32 AM - Software Distribution Service 3.0
RP1408: 6/24/2011 3:27:10 PM - System Checkpoint
RP1409: 6/26/2011 9:56:38 AM - System Checkpoint
RP1410: 6/27/2011 1:20:23 PM - System Checkpoint
RP1411: 6/28/2011 6:20:07 PM - System Checkpoint
RP1412: 7/1/2011 9:01:55 AM - System Checkpoint
RP1413: 7/2/2011 9:41:31 AM - Software Distribution Service 3.0
RP1414: 7/3/2011 10:25:11 AM - System Checkpoint
RP1415: 7/4/2011 11:13:34 PM - System Checkpoint
RP1416: 7/6/2011 8:18:25 AM - System Checkpoint
RP1417: 7/7/2011 7:04:43 PM - System Checkpoint
RP1418: 7/8/2011 7:15:34 PM - System Checkpoint
RP1419: 7/10/2011 9:11:21 AM - System Checkpoint
RP1420: 7/11/2011 9:14:49 AM - System Checkpoint
RP1421: 7/12/2011 10:05:55 AM - System Checkpoint
RP1422: 7/13/2011 6:39:37 PM - System Checkpoint
RP1423: 7/14/2011 7:06:21 PM - System Checkpoint
RP1424: 7/15/2011 10:41:08 PM - System Checkpoint
RP1425: 7/16/2011 11:04:45 PM - System Checkpoint
RP1426: 7/18/2011 7:58:58 AM - System Checkpoint
RP1427: 7/19/2011 11:53:12 AM - System Checkpoint
RP1428: 7/19/2011 8:25:41 PM - Software Distribution Service 3.0
RP1429: 7/20/2011 9:57:50 PM - System Checkpoint
RP1430: 7/22/2011 12:38:30 AM - System Checkpoint
RP1431: 7/23/2011 9:48:34 AM - System Checkpoint
RP1432: 7/24/2011 12:01:32 PM - System Checkpoint
RP1433: 7/25/2011 3:43:58 PM - System Checkpoint
RP1434: 7/31/2011 1:35:37 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
913D Camera
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
Amazon MP3 Downloader 1.0.12
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ArcSoft Camera Suite 1.3
AstroPop Deluxe from Compaq (remove only)
ATI Control Panel
ATI Display Driver
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Blackhawk Striker 2 from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Chuzzle Deluxe from Compaq (remove only)
Compaq Connections (remove only)
Compaq Game Console and games
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative Mass Storage Drivers
Creative System Information
Creative Zen Nano Plus
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft Ultimate DVD Converter 7.16
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
Diablo II
Dragon NaturallySpeaking 10
Enhanced Multimedia Keyboard Solution
Enterprise
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DigitalMedia Archive
HP Imaging Device Functions 5.3
HP PSC & Officejet 4.2 Corporate Edition
HP Software Update
HP Support Overview
HpSdpAppCoreApp
Insaniquarium Deluxe from Compaq (remove only)
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Lexibox Deluxe from Compaq (remove only)
LightScribe 1.4.62.1
Logitech Harmony Remote Client
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 6.0 Docs
Microsoft Visual C++ 6.0 Introductory Edition
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Photo Viewer 2.25
Polar Bowler from Compaq (remove only)
PS2
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
Roxio RecordNow 9 Music Lab
Scan
SCRABBLE from Compaq (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shooting Stars Pool from Compaq (remove only)
Shrek 2 Ogre Bowler from Compaq (remove only)
Slingo Deluxe from Compaq (remove only)
Snowboard SuperJam from Compaq (remove only)
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoundTap Uninstall
STY C++ in 24 Hours, 2E
Super Granny from Compaq (remove only)
Tradewinds from Compaq (remove only)
TurboTax 2005
TurboTax 2008
TurboTax 2008 waziper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 waziper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 waziper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
WavePad Uninstall
WD Backup
WD Diagnostics
WD Firewire HID Driver
WebFldrs XP
WexTech AnswerWorks
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Xingtone Ringtone Maker
Yahoo! Browser Services
Yahoo! Mail
Yahoo! Messenger
Zuma Deluxe from Compaq (remove only)
.
==== Event Viewer Messages From Past Week ========
.
7/31/2011 12:56:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/31/2011 12:50:10 PM, error: System Error [1003] - Error code 1000000a, parameter1 65e0ea14, parameter2 00000002, parameter3 00000000, parameter4 804f8fcd.
7/27/2011 7:38:41 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
7/27/2011 7:38:41 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL. Reference error message: The operation completed successfully. .
7/27/2011 7:38:41 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
7/25/2011 3:08:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/25/2011 2:47:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/25/2011 2:45:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/25/2011 2:45:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/25/2011 2:45:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 ASPI32 Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2011 2:45:05 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I'll help with the redirects. Please stop gathering and running programs from the internet in the hope it will fix the problem!

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please disable AdWatch: Ad-Aware AE Ad-Watch Live!

• Right click on the Ad-Aware icon in the system tray.
  
• Click on Disable Ad-Watch Live!
• (Once you are clean, you can re-enable Ad-Watch Live! by clicking on Enable Ad-Watch Live!.)

====================================
Please remove TSSKiller. There is no indication at this time of a rootkit.
===================================
You have 10 versions of Java running. - one is current, 9 outdated versions making the system vulnerable. The easiest way to remove them all is this: (Current version v6u26 will also be removed. Instructions at end of program for the updating.
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
===========================================
I strongly recommend that you get all the years of ta data off the system and on to a CD. They will be safe there and it will free up hard drive space. To access any time, just put the CD in the Drive.
===========================================
Please run the following. You will most likely have many infected files in the Java cache and I can instruct you in how to remove them:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
I'll direct you with Combofix after we get these files off the system.

 

[EVFoodie]

Thank you for the help, Bobbye! I followed all your instructions and pasted the log file from ESET scan below. It did find a few issues as you predicted.

One question for you: It seems you only need one version of Java (the newest one) active and running. I do Java updates when it pops up to tell me, so why doesn't the update overlay & replace the older versions? Should I ignore the Java pop-ups and just download it manually in the future?


ESET Scan results:

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jar_cache2039546504192523290.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jar_cache3891066855226239560.tmp probably a variant of Java/TrojanDownloader.OpenStream.NBU trojan
D:\I386\Apps\APP09339\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
D:\I386\Apps\APP09339\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application

 

[Bobbye]

1. It seems you only need one version of Java (the newest one) active and running. Yes, only the most current. The updates are for security reasons, so once an update is out, any old versions become vulnerabilities.
2. I do Java updates when it pops up to tell me, I discourage using any auto-update except for the antivirus .
3. why doesn't the update overlay & replace the older versions? Because it just doesn't! Neither does the Adobe Reader.
4.Should I ignore the Java pop-ups and just download it manually in the future?Yes, That's what I recommend. by doing that, you will remember to remove the old version.

To turn off the Java auto update:
Control Panel> Java> Update tab> Uncheck the box for 'check automatically for updates'> Check Yes to confirm> OK> Close.

I see logs with the Java updater running an as many as 15 outdated versions on the systems! I think the malware writers are taking advantage of this because everyone who has malware in the Java cache has at least one outdated version of Java.

I'm surprised you don't have more showing in the Java cache. To remove:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=======================================
For the other entries:
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  D:\I386\Apps\APP09339\src\CompaqPresario_Spring06.exe 
  D:\I386\Apps\APP09339\src\HPPavillion_Spring06.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==============================================
The Adobe Reader is v7, it is way out of date also. Please update to v10: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
================================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

 

[EVFoodie]

That's good info to know about Java and the auto-updates. I completed all the steps you laid out.

**** I did disable the AV and Firewall prior to ComboFix running, but CF still popped up a warning saying it was on. However, it appeared to still run OK with the exception of it trying to reference something called 'NIRKMD' at the end of each stage and not finding it, so it popped up a warning box. I just hit 'OK' and it went to the next stage, just had to keep clearing the warnings after each stage.

Here is the log file from ComboFix:

ComboFix 11-08-04.02 - Compaq_Administrator 08/04/2011 15:14:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.602 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\7q4da2444o4nswy
c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0D06B35-1E3C-4EB2-BB9C-86BEB4080C7D}
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0D06B35-1E3C-4EB2-BB9C-86BEB4080C7D}\chrome.manifest
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0D06B35-1E3C-4EB2-BB9C-86BEB4080C7D}\chrome\content\_cfg.js
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0D06B35-1E3C-4EB2-BB9C-86BEB4080C7D}\chrome\content\overlay.xul
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{D0D06B35-1E3C-4EB2-BB9C-86BEB4080C7D}\install.rdf
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\7q4da2444o4nswy
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\program files\Common
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 21:56 . 2011-08-04 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-04 21:54 . 2011-08-04 21:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-04 21:25 . 2011-08-04 21:25 -------- d-----w- C:\_OTM
2011-08-02 01:11 . 2011-08-02 01:11 -------- d-----w- c:\program files\ESET
2011-08-02 01:00 . 2011-08-02 01:02 -------- d-----w- c:\program files\JavaRa
2011-07-25 21:43 . 2011-08-04 22:23 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2011-02-01 19:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-02-01 19:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 15:15 . 2011-02-18 15:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-01 14:33 . 2011-06-14 14:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-07-01 15:02 . 2011-05-14 20:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-01-20 06:05 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"VX3000"="c:\windows\vVX3000.exe" [2006-04-26 994080]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-29 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-29 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-4-24 884795]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote.lnk
backup=c:\windows\pss\Logitech Harmony Remote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 14:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 23:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-04-28 00:36 260896 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-12-14 05:08 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2006-12-06 14:02 163576 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2007-03-25 16:55 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-12-01 04:49 4662776 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"aawservice"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/19/2011 11:04 PM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/30/2010 2:11 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/19/2011 11:04 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/19/2011 11:04 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/19/2011 11:05 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/19/2011 11:04 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/19/2011 11:04 PM 56064]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [4/24/2010 9:31 AM 17149]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/19/2011 11:04 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/19/2011 11:04 PM 88736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/24/2010 9:31 AM 384608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/19/2011 11:04 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/19/2011 11:04 PM 84488]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [6/7/2008 7:49 PM 29824]
S3 Symnet_pp;Symnet_pp; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\rzukn2oa.default\
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/arizona/home.cox
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-1735190412 - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\tfr.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Ocopititefe - c:\windows\kbjtsvfy.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-04 15:27:53
ComboFix-quarantined-files.txt 2011-08-04 22:27
.
Pre-Run: 126,995,009,536 bytes free
Post-Run: 126,947,921,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0F9CFF1770F5038F44971A4EFA636F89

 

[Bobbye]

This deletion in Combofix usually means an infected flash drive has been use. It need to be disinfected:
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::

Folder::
c:\program files\JavaRa
DDS::
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-.
Driver::
Symnet_pp
FCopy::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
One more scan to make sure all the bad entries have been removed:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[EVFoodie]

Bobbye, will this Flash Disinfector also work on a portable hard drive? I have an older Western Digital that is an actual disk drive, it's not flash. I do back ups to it a few times a year.

Thanks...

 

[Bobbye]

Yes. Notice in the instructions referring to "all movable drives." Just be sure it's connected to the computer when you run the disinfector.

 

[EVFoodie]

Below is the log file from the last ComboFix run. I'm going to run HijackThis and then paste its logfile in my next reply.

Log file from ComboFix:

ComboFix 11-08-04.02 - Compaq_Administrator 08/06/2011 9:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.569 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\JavaRa
c:\program files\JavaRa\Deutsch.lng
c:\program files\JavaRa\Español.lng
c:\program files\JavaRa\Français.lng
c:\program files\JavaRa\Italiano.lng
c:\program files\JavaRa\JavaRa.def
c:\program files\JavaRa\JavaRa.exe
c:\program files\JavaRa\JavaRaLog.txt
c:\program files\JavaRa\Nederlands.lng
c:\program files\JavaRa\Suomi.lng
c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Symnet_pp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-04 22:50 . 2011-08-04 22:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp
2011-08-04 21:56 . 2011-08-04 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-04 21:54 . 2011-08-04 21:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-04 21:25 . 2011-08-04 21:25 -------- d-----w- C:\_OTM
2011-08-02 01:11 . 2011-08-02 01:11 -------- d-----w- c:\program files\ESET
2011-07-25 21:43 . 2011-08-04 22:23 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2011-02-01 19:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-02-01 19:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 15:15 . 2011-02-18 15:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-01 14:33 . 2011-06-14 14:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-07-01 15:02 . 2011-05-14 20:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-01-20 06:05 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-04_22.23.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-06 16:45 . 2011-08-06 16:45 16384 c:\windows\Temp\Perflib_Perfdata_378.dat
- 2011-08-04 21:41 . 2011-08-04 21:41 16384 c:\windows\Temp\Perflib_Perfdata_378.dat
+ 2011-08-05 00:54 . 2011-08-06 16:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-28 09:29 . 2011-08-06 16:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-28 09:29 . 2011-08-04 20:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-05 00:54 . 2011-08-06 16:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-01-28 09:29 . 2011-08-04 20:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"VX3000"="c:\windows\vVX3000.exe" [2006-04-26 994080]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-29 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-29 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-4-24 884795]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote.lnk
backup=c:\windows\pss\Logitech Harmony Remote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 14:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 23:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-04-28 00:36 260896 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-12-14 05:08 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2006-12-06 14:02 163576 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2007-03-25 16:55 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-12-01 04:49 4662776 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"aawservice"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/19/2011 11:04 PM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/30/2010 2:11 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/19/2011 11:04 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/19/2011 11:04 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/19/2011 11:05 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/19/2011 11:04 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/19/2011 11:04 PM 56064]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [4/24/2010 9:31 AM 17149]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/19/2011 11:04 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/19/2011 11:04 PM 88736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/24/2010 9:31 AM 384608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/19/2011 11:04 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/19/2011 11:04 PM 84488]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [6/7/2008 7:49 PM 29824]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\rzukn2oa.default\
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/arizona/home.cox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1028)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\mcafee\msc\mcupdmgr.exe
.
**************************************************************************
.
Completion time: 2011-08-06 09:56:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 16:56
ComboFix2.txt 2011-08-04 22:27
.
Pre-Run: 127,058,821,120 bytes free
Post-Run: 126,951,399,424 bytes free
.
- - End Of File - - 44E43CBA5A77DA3FE7B1E158646938BC

 

[EVFoodie]

Here is the logfile from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:38 AM, on 8/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/home.cox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110513070734.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10793 bytes

 

[Bobbye]

Please give me an update on how the system is running. Has the redirect been resolved?

 

[EVFoodie]

Yes, the redirect issues appear to have gone away! Thank you so much for all the help so far!

 

[Bobbye]

You're welcome- but I have one more thing to ask:

You have a lot of processes on the Startup menu that will start on boot, then run in the background. These are all available to you through All Programs when you need them. Stopping them from starting on boot does not uninstall anything. It just allows the resources to be applied elsewhere.

There are also some Services set to Automatic Startup Type. This means every time you start the computer, they all start, By changing the Startup to Manual, they will only start when needed.

Would you like to stop these entries? It would be done in the HJT log and a short script for Combofix. I have most of it done.

Let me know, then we'll finish up.

 

[EVFoodie]

Yes, I go into MSCONFIG every so often and remove certain programs and processes that I know I don't need to run automatically, but many of them add themselves back as soon as you open them manually. VERY annoying...

If you have something that would help with that, I'd definitely be interested.

Thank you again!

 

[Bobbye]

Please print this log. You will need it to change Services and take processes off of Startup

Please reopen HijackThis to 'so system scan only.'. Check each of the following -if present:
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
-----------------
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Close all Windows except HijackThis and click on "Fix Checked
===================================================
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

--------------------------------------------
Click on Start> Run> Type services.msc> enter> Find each of the Services (023) you checked in HJT. For all but one, double click to open> Change Startup Type tp Manual. The exception is Java Quick Starter Change the Startup Type to Disabled and Stop the Service.
Exit Services when finished.
==================================================
Stay in Safe Mode and go on to next reply. Keep the print out near you.

 

[Bobbye]

Continuing with Startup Cleanup: You can uncheck any processes that you stopped in HijackThis. None need to start on boot. The exe at the end of the entry is 'usually' what you will see in Startup:

To remove entries from the Startup Menu using the msconfig utility:

• Click on Start> Run> type in msconfig> enter>
  
  
• Click on Selective Startup
• Choose the Startup tab:
  
  
  
  All images courtesy NetSquirrel
• To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
• Uncheck any processes you do not need to start on boot.
• Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
========================================
Please reboot back into Normal Mode- close nag message> stay in Selective Startup
=======================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
Folder::
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp
DDS::
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=-
"HPBootOp"=-
"VX3000"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update].
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

Please advise if you notice any diference. Don't forget to empty the Recycle Bin!

 

[EVFoodie]

Thanks for the cleanup help! It appears the ComboFix log exceeds 50K bytes, so I will break it into two parts

Here is the most recent ComboFix log - Part I:

ComboFix 11-08-13.02 - Compaq_Administrator 08/13/2011 11:54:47.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.605 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-11 00:54 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 00:53 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-06 17:06 . 2011-08-13 18:20 -------- d-----w- C:\HijackThis
2011-08-04 21:56 . 2011-08-04 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-04 21:54 . 2011-08-04 21:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-04 21:25 . 2011-08-04 21:25 -------- d-----w- C:\_OTM
2011-08-02 01:11 . 2011-08-02 01:11 -------- d-----w- c:\program files\ESET
2011-07-25 21:43 . 2011-08-04 22:23 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 18:44 . 2011-06-14 14:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-10 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 02:52 . 2011-02-01 19:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-02-01 19:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 15:15 . 2011-02-18 15:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 14:10 . 2004-08-10 12:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-07-01 15:02 . 2011-05-14 20:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-01-20 06:05 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-04_22.23.57 )))))))))))))))))))))))))))))))))))))))))

Edit: Lengthy Snapshot entries deleted by Bobbye
.

 

[EVFoodie]

Here is ComboFix log - Part II:

Edit: Lenthy Snapshot entries delted by Bobbye

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-29 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-29 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-4-24 884795]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote.lnk
backup=c:\windows\pss\Logitech Harmony Remote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 14:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 23:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-04-28 00:36 260896 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-12-14 05:08 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2006-12-06 14:02 163576 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2007-03-25 16:55 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-12-01 04:49 4662776 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"aawservice"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/19/2011 11:04 PM 84200]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/19/2011 11:04 PM 56064]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [4/24/2010 9:31 AM 17149]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/19/2011 11:04 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/19/2011 11:04 PM 88736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/24/2010 9:31 AM 384608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/19/2011 11:04 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/19/2011 11:04 PM 84488]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [6/7/2008 7:49 PM 29824]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\rzukn2oa.default\
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/arizona/home.cox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 12:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-13 12:08:35
ComboFix-quarantined-files.txt 2011-08-13 19:08
ComboFix2.txt 2011-08-06 16:56
ComboFix3.txt 2011-08-04 22:27
.
Pre-Run: 126,705,221,632 bytes free
Post-Run: 126,699,110,400 bytes free
.
- - End Of File - - A5A527931E3007A114E390F9C340D3CA

 

[Bobbye]

Okay, Combofix look fine. You still have some unneeded processes on startup. Most are auto-updaters. I don't allow any auto-updates except the AV.

System is clean! Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Keep the directions I gave you. Keep the system lean, don't run any processes you don't need to, stop auto-updates, stay safe:

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o] [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   Clean the temporary internet files often:
   [o] Temporary File Cleaner
   [o] ATF Cleaner by Atribune
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.

 

[Bobbye]

Oops! Forgot! Please update the Adobe Reader to v10 and uninstall the v7 that you have: Adobe Reader site

 

[EVFoodie]

Bobbye, thank you so much for the help. Seriously, it's a tremendous service you and your colleagues provide. I blog (as do my friends), so you'll be getting some good press from me...

If you ever need foodie advice or some help on a good bottle of vino, just let me know...Pay it forward...

 

[Bobbye]

You're very welcome! It was my pleasure. I'll keep your offer in mind.

Peace