McAfee does not find it but MBAM does and Spybot does. Both programs will remove it but it always comes back once I restart the computer. I have even tried in safe mode. Here are the required logs, hope I did't forget anything. Could someone please take a look for me? Thanks!
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7694
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
9/12/2011 09:07:02 PM
mbam-log-2011-09-12 (21-07-02).txt
Scan type: Quick scan
Objects scanned: 240965
Time elapsed: 7 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> 4428 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_21
Run by Family at 20:11:05 on 2011-09-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.1817 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\java.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k termlfsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\diskperfm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\taskeng.exe
C:\Users\Family\Desktop\Scanners\gmer.exe
C:\Windows\system\svchost.exe -k NetworkService
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110621044448.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{85F265C6-2F78-422F-BF1C-9D481E980FD1} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{EF51299E-9794-4ACC-ADAD-F679B68B1152} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{F6422208-BDC8-4E91-8A42-02DC8310A15B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm035U8us&ptb=FOtrFlRDXdA01XSwmP2Gog&ind=2011082700&ptnrS=ZJxdm035U8us&si=51633&n=77deafcc&psa=&st=kwd&searchfor=
FF - component: c:\program files\firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\family\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\family\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-14 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-14 163400]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-8-14 54776]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 165000]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-5 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 337912]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\drivers\OA002Afx.sys [2007-6-8 148056]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\drivers\OA002Ufd.sys [2008-6-3 144672]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys [2008-7-31 268672]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-1-12 31616]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-22 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-7-31 836384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-3-21 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-3-21 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-5 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-5 40552]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-12 23:41:15 7680 ----a-w- c:\windows\system\svchost.exe
2011-09-12 22:57:33 -------- d-----w- c:\users\family\appdata\local\temp
2011-09-12 22:45:49 -------- d-----w- C:\$RECYCLE.BIN
2011-09-12 22:29:47 -------- d-----w- C:\ComboFix
2011-09-12 21:31:45 -------- d-----w- c:\users\family\appdata\local\Adobe
2011-09-11 05:05:39 -------- d-----w- c:\program files\CCleaner
2011-09-11 02:39:19 691 ----a-w- c:\users\family\appdata\roaming\GetValue.vbs
2011-09-11 02:39:19 35 ----a-w- c:\users\family\appdata\roaming\SetValue.bat
2011-08-30 00:43:07 218624 ----a-w- c:\windows\system32\tercdw32.dll
2011-08-29 22:47:46 -------- d-----w- c:\program files\RegSupreme Pro
2011-08-27 21:22:29 -------- d--h--w- c:\programdata\Common Files
2011-08-27 21:17:58 -------- d-----w- c:\program files\AVG
2011-08-27 21:17:43 -------- d-----w- c:\programdata\avg9
2011-08-27 04:31:27 -------- d-----w- c:\users\family\appdata\roaming\Tific
2011-08-27 04:31:27 -------- d-----w- c:\users\family\appdata\local\Tific
.
==================== Find3M ====================
.
2011-08-11 11:07:08 2562 ----a-w- c:\windows\memsetk.dll
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2006-05-31 14:14:50 108056 ----a-w- c:\program files\common files\secman.dll
2006-03-12 00:09:30 626176 ----a-w- c:\program files\common files\osmax.ocx
.
============= FINISH: 20:12:54.73 ===============
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/5/2009 06:10:53 AM
System Uptime: 9/12/2011 07:35:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 255.88 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.518 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1311.805 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
5 Card Slingo Deluxe
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
aiofw
aioprnt
aioscnnr
ALZip
Any DVD Cloner Platinum 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AVI to DVD Converter
Banctec Service Agreement
Bonjour
Brother MFL-Pro Suite
Browser Address Error Redirector
C4USelfUpdater
CCleaner
center
CEP (Color Enable Package) v.9.0 (beta)
Choice Guard
Command & Conquer 3
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
Dell Webcam Center
Dell Webcam Central
Dell Webcam Manager
DirectXInstallService
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EASEUS Partition Master 7.1.1 Home Edition
EDocs
Facebook Plug-In
Free Realms
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Super SpongeBob Collapse!
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.12.4
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KODAK AiO Home Center
ksDIP
Linksys EasyLink Advisor
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Online Backup
McAfee Total Protection
McAfee Virtual Technician
Memeo Instant Backup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKV Splitter
Monitor Webcam Driver (1.01.02.0804)
Move Media Player
Mozilla Firefox (3.6.20)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
OGA Notifier 2.0.0048.0
PeerBlock 1.0+ (r404)
PreReq
Product Documentation Launcher
Pure Networks Platform
QuickTime
RegSupreme
RegSupreme Pro
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Seagate Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.3
Slingo Deluxe
Snail Mail
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Switch Sound File Converter
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VoiceOver Kit
WBFS Manager 3.0
WebEx Support Manager for Internet Explorer
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
XPS MiniView Gadget
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/9/2011 07:02:53 AM, Error: EventLog [6008] - The previous system shutdown at 6:06:53 AM on 9/9/2011 was unexpected.
9/9/2011 06:01:14 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:07 PM on 9/8/2011 was unexpected.
9/9/2011 04:59:24 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
9/9/2011 04:51:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
9/9/2011 04:50:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
9/9/2011 04:49:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter spldr Wanarpv6
9/9/2011 04:48:34 PM, Error: EventLog [6008] - The previous system shutdown at 4:47:05 PM on 9/9/2011 was unexpected.
9/9/2011 02:59:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
9/7/2011 07:37:08 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
9/7/2011 06:56:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001EE5202071 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/7/2011 06:56:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0022191F8369 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/7/2011 02:45:57 PM, Error: EventLog [6008] - The previous system shutdown at 2:23:37 PM on 9/7/2011 was unexpected.
9/6/2011 08:31:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/6/2011 08:28:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/6/2011 08:28:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC mfehidk mfenlfk mfewfpk MOBKFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/6/2011 08:28:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/6/2011 08:27:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/6/2011 08:27:14 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:44 PM on 9/6/2011 was unexpected.
9/6/2011 07:42:28 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/6/2011 06:32:00 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Kodak with shared resource name Kodak. Error 2114. The printer cannot be used by others on the network.
9/6/2011 06:32:00 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer KODAK ESP 5200 Series AiO with shared resource name KODAK ESP 5200 Series AiO. Error 2114. The printer cannot be used by others on the network.
9/6/2011 06:09:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:51:03 AM on 9/6/2011 was unexpected.
9/6/2011 02:35:45 PM, Error: EventLog [6008] - The previous system shutdown at 9:35:22 AM on 9/6/2011 was unexpected.
9/5/2011 12:52:25 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
9/5/2011 12:51:35 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:15 PM on 9/4/2011 was unexpected.
9/12/2011 06:32:44 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/12/2011 06:32:42 PM, Error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
9/11/2011 01:15:19 AM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
9/10/2011 11:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 11:04:30 PM on 9/10/2011 was unexpected.
9/10/2011 09:50:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/10/2011 09:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
.
==== End Of File ===========================
will post GMER is a second message
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7694
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
9/12/2011 09:07:02 PM
mbam-log-2011-09-12 (21-07-02).txt
Scan type: Quick scan
Objects scanned: 240965
Time elapsed: 7 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> 4428 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_21
Run by Family at 20:11:05 on 2011-09-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.1817 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\java.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k termlfsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\diskperfm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\taskeng.exe
C:\Users\Family\Desktop\Scanners\gmer.exe
C:\Windows\system\svchost.exe -k NetworkService
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110621044448.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{85F265C6-2F78-422F-BF1C-9D481E980FD1} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{EF51299E-9794-4ACC-ADAD-F679B68B1152} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{F6422208-BDC8-4E91-8A42-02DC8310A15B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm035U8us&ptb=FOtrFlRDXdA01XSwmP2Gog&ind=2011082700&ptnrS=ZJxdm035U8us&si=51633&n=77deafcc&psa=&st=kwd&searchfor=
FF - component: c:\program files\firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\family\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\3tn0abw9.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\family\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-14 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-14 163400]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-8-14 54776]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 165000]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-5 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 337912]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\drivers\OA002Afx.sys [2007-6-8 148056]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\drivers\OA002Ufd.sys [2008-6-3 144672]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys [2008-7-31 268672]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-1-12 31616]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-22 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-7-31 836384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-3-21 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-3-21 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-5 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 85984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-5 40552]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-12 23:41:15 7680 ----a-w- c:\windows\system\svchost.exe
2011-09-12 22:57:33 -------- d-----w- c:\users\family\appdata\local\temp
2011-09-12 22:45:49 -------- d-----w- C:\$RECYCLE.BIN
2011-09-12 22:29:47 -------- d-----w- C:\ComboFix
2011-09-12 21:31:45 -------- d-----w- c:\users\family\appdata\local\Adobe
2011-09-11 05:05:39 -------- d-----w- c:\program files\CCleaner
2011-09-11 02:39:19 691 ----a-w- c:\users\family\appdata\roaming\GetValue.vbs
2011-09-11 02:39:19 35 ----a-w- c:\users\family\appdata\roaming\SetValue.bat
2011-08-30 00:43:07 218624 ----a-w- c:\windows\system32\tercdw32.dll
2011-08-29 22:47:46 -------- d-----w- c:\program files\RegSupreme Pro
2011-08-27 21:22:29 -------- d--h--w- c:\programdata\Common Files
2011-08-27 21:17:58 -------- d-----w- c:\program files\AVG
2011-08-27 21:17:43 -------- d-----w- c:\programdata\avg9
2011-08-27 04:31:27 -------- d-----w- c:\users\family\appdata\roaming\Tific
2011-08-27 04:31:27 -------- d-----w- c:\users\family\appdata\local\Tific
.
==================== Find3M ====================
.
2011-08-11 11:07:08 2562 ----a-w- c:\windows\memsetk.dll
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2006-05-31 14:14:50 108056 ----a-w- c:\program files\common files\secman.dll
2006-03-12 00:09:30 626176 ----a-w- c:\program files\common files\osmax.ocx
.
============= FINISH: 20:12:54.73 ===============
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/5/2009 06:10:53 AM
System Uptime: 9/12/2011 07:35:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 255.88 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.518 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1311.805 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
5 Card Slingo Deluxe
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
aiofw
aioprnt
aioscnnr
ALZip
Any DVD Cloner Platinum 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AVI to DVD Converter
Banctec Service Agreement
Bonjour
Brother MFL-Pro Suite
Browser Address Error Redirector
C4USelfUpdater
CCleaner
center
CEP (Color Enable Package) v.9.0 (beta)
Choice Guard
Command & Conquer 3
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
Dell Webcam Center
Dell Webcam Central
Dell Webcam Manager
DirectXInstallService
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EASEUS Partition Master 7.1.1 Home Edition
EDocs
Facebook Plug-In
Free Realms
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Super SpongeBob Collapse!
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.12.4
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KODAK AiO Home Center
ksDIP
Linksys EasyLink Advisor
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Online Backup
McAfee Total Protection
McAfee Virtual Technician
Memeo Instant Backup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKV Splitter
Monitor Webcam Driver (1.01.02.0804)
Move Media Player
Mozilla Firefox (3.6.20)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
OGA Notifier 2.0.0048.0
PeerBlock 1.0+ (r404)
PreReq
Product Documentation Launcher
Pure Networks Platform
QuickTime
RegSupreme
RegSupreme Pro
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Seagate Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.3
Slingo Deluxe
Snail Mail
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Switch Sound File Converter
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VoiceOver Kit
WBFS Manager 3.0
WebEx Support Manager for Internet Explorer
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
XPS MiniView Gadget
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/9/2011 07:02:53 AM, Error: EventLog [6008] - The previous system shutdown at 6:06:53 AM on 9/9/2011 was unexpected.
9/9/2011 06:01:14 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:07 PM on 9/8/2011 was unexpected.
9/9/2011 04:59:24 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
9/9/2011 04:51:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
9/9/2011 04:50:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
9/9/2011 04:49:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter spldr Wanarpv6
9/9/2011 04:48:34 PM, Error: EventLog [6008] - The previous system shutdown at 4:47:05 PM on 9/9/2011 was unexpected.
9/9/2011 02:59:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
9/7/2011 07:37:08 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
9/7/2011 06:56:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001EE5202071 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/7/2011 06:56:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0022191F8369 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/7/2011 02:45:57 PM, Error: EventLog [6008] - The previous system shutdown at 2:23:37 PM on 9/7/2011 was unexpected.
9/6/2011 08:31:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/6/2011 08:28:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/6/2011 08:28:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC mfehidk mfenlfk mfewfpk MOBKFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:22 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/6/2011 08:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/6/2011 08:28:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/6/2011 08:27:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/6/2011 08:27:14 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:44 PM on 9/6/2011 was unexpected.
9/6/2011 07:42:28 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/6/2011 06:32:00 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Kodak with shared resource name Kodak. Error 2114. The printer cannot be used by others on the network.
9/6/2011 06:32:00 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer KODAK ESP 5200 Series AiO with shared resource name KODAK ESP 5200 Series AiO. Error 2114. The printer cannot be used by others on the network.
9/6/2011 06:09:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:51:03 AM on 9/6/2011 was unexpected.
9/6/2011 02:35:45 PM, Error: EventLog [6008] - The previous system shutdown at 9:35:22 AM on 9/6/2011 was unexpected.
9/5/2011 12:52:25 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
9/5/2011 12:51:35 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:15 PM on 9/4/2011 was unexpected.
9/12/2011 06:32:44 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/12/2011 06:32:42 PM, Error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
9/11/2011 01:15:19 AM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
9/10/2011 11:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 11:04:30 PM on 9/10/2011 was unexpected.
9/10/2011 09:50:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/10/2011 09:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
.
==== End Of File ===========================
will post GMER is a second message