MBAM freezing

[jimjamie46]

Freezes 30 seconds in. DDS log below.

Ark and Attached attached.

Thank god for rkill.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 21:53:14.53 on Sun 07/11/2010

Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.5.0_12

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.703.182 [GMT -4:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe

C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\UAService7.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINNT\htpatch.exe

C:\WINNT\System32\sistray.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

C:\program files\quicktime\qtsystem\quicktimeessentials.resources\da.lproj\quicktimequicktimeresources.exe

C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe

C:\Program Files\Iomega\Tools\imgicon.exe

C:\Program Files\Common Files\efax\Dllcmd32.exe

C:\Program Files\Citrix\GoToMeeting\452\g2mcomm.exe

C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Program Files\Citrix\GoToMeeting\452\g2mlauncher.exe

c:\program files\canon\photorecord\opprintcom\opprintserveropenpage.exe

c:\program files\common files\arcsoft\media browser\plugins\viewer\tagviewer\tagviewertagviewer.exe

C:\WINNT\explorer.exe

c:\documents and settings\administrator\local settings\temp\updates.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\Defogger.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.excite.com/

uSearch Page = hxxp://internetsearchservice.com

uWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

uSearch Bar = hxxp://internetsearchservice.com/ie6.html

uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}

uDefault_Search_URL = hxxp://internetsearchservice.com

mDefault_Page_URL = hxxp://www.comcast.net/

mDefault_Search_URL = hxxp://internetsearchservice.com

mSearch Page = hxxp://internetsearchservice.com

mSearch Bar = hxxp://internetsearchservice.com/ie6.html

mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}

uInternet Settings,ProxyServer = http=127.0.0.1:80

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://internetsearchservice.com

mSearchURL = hxxp://internetsearchservice.com

mSearchAssistant = hxxp://internetsearchservice.com

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\452\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [svchost] c:\documents and settings\all users\application data\csrss.exe

uRun: [wow64main.exe] c:\docume~1\admini~1\locals~1\temp\wow64main.exe

uRun: [winhbt.exe] c:\docume~1\admini~1\locals~1\temp\winhbt.exe

uRun: [u9rjjlurelot] c:\documents and settings\administrator\local settings\temp\m.22037.tmp.exe

uRun: [Desktop Security 2010] "c:\documents and settings\administrator\application data\desktop security 2010\Desktop Security 2010.exe" /STARTUP

uRun: [securityCenter] c:\documents and settings\administrator\application data\desktop security 2010\securitycenter.exe

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [HTpatch] c:\winnt\htpatch.exe

mRun: [siS Tray] c:\winnt\system32\sistray.EXE

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [sSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [updates] c:\documents and settings\administrator\local settings\temp\updates.exe

mRun: [CanonComndlg] c:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

mRun: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeessentials.resources\da.lproj\quicktimequicktimeresources.exe

mRun: [DriverCDPTPCLS60031] c:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

mRunServices: [updates] c:\documents and settings\administrator\local settings\temp\updates.exe

mRunServices: [OPPRINTCOMopapi1120023] c:\program files\canon\photorecord\opprintcom\opprintserveropenpage.exe

mRunServices: [QuickTimeQuickTime] c:\program files\quicktime\qtsystem\quicktime.resources\fi.lproj\quicktimequicktime.exe

mRunServices: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeessentials.resources\da.lproj\quicktimequicktimeresources.exe

mRunServices: [TagViewerRocket] c:\program files\common files\arcsoft\media browser\plugins\viewer\tagviewer\tagviewertagviewer.exe

mRunServices: [DWIntl20Reporting] c:\program files\common files\microsoft shared\dw\1033\applicationmicrosoft.exe

mRunServices: [CanonUiaction] c:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~3.lnk - c:\program files\iomega\tools\imgicon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~2.lnk - c:\program files\iomega\quiksync\QuikSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~4.lnk - c:\program files\iomega\tools\imgstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega\iomegaware\Commander.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\liveme~1.lnk - c:\program files\common files\efax\Dllcmd32.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\securebackupshare\ComcastSecureBackupSharestat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe

IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll

Trusted Zone: excite.com\www

Trusted Zone: google.com\www

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: ImageUploader - hxxp://www.boats.com/listing/ImageUploader.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

DPF: {74DC34F6-8FAD-4E94-B526-18DA01EC855D} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www1.arvidsjaur.se/AxisCamControl.ocx

DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.39.4/ttinst.cab

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

AppInit_DLLs: c:\progra~1\citrix\system32\mfaphook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\2qoh82bt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.excite.com

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

R1 cdfdrv;cdfdrv;c:\program files\common files\citrix\system32\cdfdrv.sys [2007-5-24 22968]

R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\winnt\system32\drivers\ComcastSecureBackupShare.sys [2010-6-15 54776]

R1 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2007-1-17 214664]

R2 BsUDF;InCD UDF Driver;c:\winnt\system32\drivers\bsudf.sys [2003-2-20 379038]

R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-9 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-9 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-9 144704]

R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [2003-9-5 39040]

R2 RadeSvc;Citrix Streaming Service;c:\program files\citrix\streaming client\RadeSvc.exe [2007-7-5 237568]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [2010-7-10 38224]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-9 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\winnt\system32\drivers\mfeavfk.sys [2007-1-17 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\winnt\system32\drivers\mfebopk.sys [2007-1-17 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\winnt\system32\drivers\mfesmfk.sys [2007-1-17 40552]

R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [2002-7-24 24784]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2003-9-5 54016]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2004-7-23 49776]

S2 gupdate1c9ceaca264209c;Google Update Service (gupdate1c9ceaca264209c);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]

S3 mferkdk;McAfee Inc. mferkdk;c:\winnt\system32\drivers\mferkdk.sys [2007-1-17 34248]

S4 CLIKCARD;CLIKCARD;c:\winnt\system32\drivers\CLIKCARD.SYS [1999-5-11 34692]

S4 D3NT;D3NT;c:\winnt\system32\drivers\D3NT.SYS [1999-2-3 90624]

S4 IOMEGNT;IOMEGNT;c:\winnt\system32\drivers\ASCNT.SYS [1998-8-27 37088]

S4 ppa3nt;ppa3nt;c:\winnt\system32\drivers\PPA3NT.SYS [1998-8-7 44256]

=============== Created Last 30 ================

2010-07-12 01:50:25 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-07-11 13:31:57 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_964.dat

2010-07-11 13:25:33 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_7d0.dat

2010-07-10 12:37:03 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-07-10 12:36:46 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-07-10 12:36:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-10 12:36:44 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-07-10 12:36:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 12:13:07 363520 ----a-w- C:\rkill.com

2010-07-10 12:07:43 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_5d0.dat

2010-07-05 15:28:47 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_7c4.dat

2010-07-05 15:23:21 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_998.dat

2010-06-24 02:49:57 54156 ---ha-w- c:\winnt\QTFont.qfn

2010-06-24 02:49:57 1409 ----a-w- c:\winnt\QTFont.for

2010-06-22 07:02:47 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_7c0.dat

2010-06-22 07:00:30 9013160 ----a-w- c:\documents and settings\all users\TempComcastSecureBackupShare-update-fd7a4104d2b2d587567c73de831db04b.exe

2010-06-21 14:00:59 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_648.dat

2010-06-18 17:12:25 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_5b8.dat

2010-06-15 07:04:38 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_250.dat

2010-06-15 07:04:26 54776 ----a-w- c:\winnt\system32\drivers\ComcastSecureBackupShare.sys

2010-06-15 07:02:13 9015424 ----a-w- c:\documents and settings\all users\TempComcastSecureBackupShare-update-9d139f00bf24a8f6ac0e09afee05b1ba.exe

2010-06-15 07:02:13 0 d-----w- c:\documents and settings\all users\Temp

==================== Find3M ====================

2010-06-11 11:22:07 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_2b0.dat

2010-06-10 11:28:05 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_930.dat

2010-06-10 11:22:29 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_740.dat

2010-06-10 07:27:15 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_5b4.dat

2010-06-10 02:14:50 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT

2010-05-15 16:19:28 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_258.dat

2010-05-13 03:32:30 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_670.dat

2010-05-13 03:32:09 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_530.dat

2010-05-11 10:43:32 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_880.dat

2010-05-11 10:38:04 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_73c.dat

2010-05-11 01:45:37 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_240.dat

2010-05-10 15:48:24 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_71c.dat

2010-05-10 01:34:29 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_55c.dat

2010-05-10 01:31:35 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_244.dat

2010-05-10 01:23:04 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT

2010-05-10 01:19:43 106496 ----a-w- c:\winnt\system32\ATL71.DLL

2010-05-08 01:28:18 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_844.dat

2010-05-08 01:22:50 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_45c.dat

2010-05-03 08:17:20 1650448 ------w- c:\winnt\system32\WIN32K.SYS

2010-04-15 07:22:26 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_234.dat

2010-04-14 20:17:14 576512 ----a-w- c:\winnt\system32\WININET.DLL

2010-04-13 22:29:01 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_24c.dat

2003-05-01 07:10:04 1897672 ------w- c:\program files\winzip.exe

2003-05-01 07:09:13 4013744 ------w- c:\program files\msgrplus.exe

2003-02-19 22:16:54 271 ---h--w- c:\program files\desktop.ini

2003-02-19 22:16:54 21952 ---h--w- c:\program files\folder.htt

2002-07-24 12:00:00 32528 ------w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 21:54:27.81 ===============

ark.zip

Attach.zip

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[jimjamie46]

Had to run Combofix it twice as it froze at "please wait"

Message "can not import creg.dat. Error accessing registry" both times.

Message "registry size too small - must increase size" at reboot second time.

Programs run, email ok now but can't get to internet via desktop icons, as if the icons have been disaabled.

Dopey me ran it both times with McAfee turned on. Do I need to redo ComboFix?

ComcoFix log:

ComboFix 10-07-12.02 - Administrator 07/12/2010 23:19:12.2.1 - x86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.703.392 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\console.exe

c:\documents and settings\Administrator\Application Data\alot

c:\documents and settings\Administrator\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\Administrator\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_image_search.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_news_search.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_shop_search.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_videos_search.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_web_search.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_2\images\default_1467_alot_crafts_search.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_2\images\default_1467_alot_crafts_search.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_3\images\default_1605_ALOT_Email.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_3\images\default_1605_ALOT_Email.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_4\images\default_1464_alot_crafts_ideas.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_4\images\default_1464_alot_crafts_ideas.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_5\images\default_1466_alot_crafts_shopping.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_5\images\default_1466_alot_crafts_shopping.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_6\images\default_1668_www.amazon.com_button.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_6\images\default_1668_www.amazon.com_button.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_7\images\2808_icon.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_8\images\2735_icon.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.png

c:\documents and settings\Administrator\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\Administrator\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Shared\images\alot_configure.bmp

c:\documents and settings\Administrator\Application Data\alot\Resources\Shared\images\alot_configure.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\Administrator\Application Data\alot\Resources\Shared\images\intro_popup.png

c:\documents and settings\Administrator\Application Data\alot\toolbar.xml

c:\documents and settings\Administrator\Application Data\alot\toolbar.xml.backup

c:\documents and settings\Administrator\Application Data\Desktop Security 2010

c:\documents and settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe

c:\documents and settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe

c:\documents and settings\Administrator\Application Data\Desktop Security 2010\securityhelper.exe

c:\documents and settings\Administrator\Application Data\Desktop Security 2010\taskmgr.dll

c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk

c:\documents and settings\Administrator\g2mdlhlpx.exe

c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe

c:\documents and settings\Administrator\Local Settings\Temp\updates.exe

c:\documents and settings\Administrator\Start Menu\Programs\Desktop Security 2010

c:\documents and settings\Administrator\Start Menu\Programs\Desktop Security 2010.lnk

c:\documents and settings\Administrator\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk

c:\documents and settings\Administrator\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk

c:\documents and settings\Administrator\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk

c:\documents and settings\Administrator\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk

c:\documents and settings\Administrator\svchost.exe

c:\program files\alot

c:\program files\alot\alotUninst.exe

c:\program files\alot\bin\alot.dll

c:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

c:\program files\Canon\PhotoRecord\OpPrintCom\OpPrintServerOpenPage.exe

c:\program files\Common Files\ArcSoft\Media Browser\Plugins\viewer\TagViewer\TagViewerTagViewer.exe

c:\program files\Common Files\Microsoft Shared\DW\1033\ApplicationMicrosoft.exe

c:\program files\FunWebProducts

c:\program files\FunWebProducts\Installr\1.bin\F3EZsetp.dll

c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL

c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL

c:\program files\Mozilla Firefox\searchplugins\search.xml

c:\program files\quicktime\qtsystem\quicktimeessentials.resources\da.lproj\quicktimequicktimeresources.exe

c:\program files\seekmo

c:\winnt\system32\247880

c:\winnt\system32\download

c:\winnt\system32\kazaabackupfiles

c:\winnt\system32\keylog.txt

c:\winnt\system32\remote.ini

c:\winnt\system32\sounds

c:\winnt\system32\wininit.dll

c:\winnt\Web\default.htt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GB

((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))

.

2010-07-13 03:40 . 2010-07-13 03:40 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_848.dat

2010-07-13 03:39 . 2010-07-13 03:39 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_5c0.dat

2010-07-10 12:37 . 2010-07-10 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-07-10 12:36 . 2010-04-29 19:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-07-10 12:36 . 2010-07-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 12:36 . 2010-07-10 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 12:36 . 2010-04-29 19:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-07-10 12:13 . 2010-07-10 12:00 363520 ----a-w- C:\rkill.com

2010-06-22 07:00 . 2010-06-22 07:01 9013160 ----a-w- c:\documents and settings\All Users\TempComcastSecureBackupShare-update-fd7a4104d2b2d587567c73de831db04b.exe

2010-06-15 07:04 . 2010-06-09 18:07 54776 ----a-w- c:\winnt\system32\drivers\ComcastSecureBackupShare.sys

2010-06-15 07:02 . 2010-06-15 07:02 9015424 ----a-w- c:\documents and settings\All Users\TempComcastSecureBackupShare-update-9d139f00bf24a8f6ac0e09afee05b1ba.exe

2010-06-15 07:02 . 2010-06-15 07:02 -------- d-----w- c:\documents and settings\All Users\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-12 04:33 . 2010-06-10 02:04 -------- d-----w- c:\program files\McAfee

2010-06-22 07:02 . 2010-03-19 00:07 -------- d-----w- c:\program files\SecureBackupShare

2010-06-10 03:02 . 2010-06-10 03:02 -------- d-----w- c:\documents and settings\Ctx_StreamingSvc\Application Data\SACore

2010-06-10 02:14 . 2010-05-10 01:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2010-06-10 02:08 . 2007-01-17 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-10 02:07 . 2010-06-10 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2010-06-10 02:04 . 2010-06-10 02:04 -------- d-----w- c:\program files\Common Files\McAfee

2010-06-10 02:04 . 2010-06-10 02:04 -------- d-----w- c:\program files\McAfee.com

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\AcrobatUpdater.exe

2010-05-18 09:24 . 2005-12-24 20:04 -------- d-----w- c:\program files\Google

2010-05-10 01:31 . 2010-05-10 01:31 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_244.dat

2010-05-10 01:29 . 2010-05-10 01:29 49152 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2010-05-10 01:29 . 2010-05-10 01:29 335872 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2010-05-10 01:28 . 2010-05-10 01:28 57344 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2010-05-10 01:23 . 2010-05-10 01:23 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT

2010-05-10 01:19 . 2003-03-19 02:05 106496 ----a-w- c:\winnt\system32\ATL71.DLL

2010-05-03 08:17 . 2002-07-24 12:00 1650448 ------w- c:\winnt\system32\WIN32K.SYS

2010-04-14 20:17 . 2010-04-14 20:17 576512 ----a-w- c:\winnt\system32\WININET.DLL

2003-05-01 07:10 . 2003-03-18 04:10 1897672 ------w- c:\program files\winzip.exe

2003-05-01 07:09 . 2003-03-22 18:41 4013744 ------w- c:\program files\msgrplus.exe

2003-02-19 22:16 . 2003-02-19 22:16 21952 ---h--w- c:\program files\folder.htt

2007-02-08 02:33 . 2007-02-08 02:33 60518 ------w- c:\program files\mozilla firefox\components\jar50.dll

2007-02-08 02:33 . 2007-02-08 02:33 49248 ------w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-02-08 02:33 . 2007-02-08 02:33 165992 ------w- c:\program files\mozilla firefox\components\xpinstal.dll

2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-01-30 05:03 . 2007-01-30 05:03 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-01-30 05:03 . 2007-01-30 05:03 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 09:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]

@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"

[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]

2010-06-18 12:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]

@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"

[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]

2010-06-18 12:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]

@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"

[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]

2010-06-18 12:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\452\g2mstart.exe" [2010-02-13 39816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]

"HTpatch"="c:\winnt\htpatch.exe" [2002-10-30 28672]

"SiS Tray"="c:\winnt\System32\sistray.EXE" [2002-11-17 303104]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-13 1101104]

"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]

"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-12 180269]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-11-09 323216]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Iomega Icons.lnk - c:\program files\Iomega\Tools\imgicon.exe [1999-5-6 28672]

Iomega QuikSync.lnk - c:\program files\Iomega\QuikSync\QuikSync.exe [1999-6-25 932864]

Iomega Startup Options.lnk - c:\program files\Iomega\Tools\imgstart.exe [1999-5-12 32768]

IomegaWare.lnk - c:\program files\Iomega\IomegaWare\Commander.exe [1999-7-15 270336]

Live Menu.lnk - c:\program files\Common Files\efax\Dllcmd32.exe [2003-3-22 33672]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-6-18 2374984]

TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-2-28 278528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R1 cdfdrv;cdfdrv;c:\program files\Common Files\Citrix\System32\cdfdrv.sys [5/24/2007 3:40 PM 22968]

R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\winnt\system32\drivers\ComcastSecureBackupShare.sys [6/15/2010 3:04 AM 54776]

R2 BsUDF;InCD UDF Driver;c:\winnt\system32\drivers\bsudf.sys [2/20/2003 10:37 AM 379038]

R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 9:02 AM 45896]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/9/2010 10:07 PM 203280]

R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [9/5/2003 2:06 AM 39040]

R2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:04 PM 24652]

R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [7/24/2002 8:00 AM 24784]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [9/5/2003 2:06 AM 54016]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/23/2004 10:04 PM 49776]

S2 gupdate1c9ceaca264209c;Google Update Service (gupdate1c9ceaca264209c);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2009 8:41 PM 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [7/10/2010 8:36 AM 38224]

S4 CLIKCARD;CLIKCARD;c:\winnt\system32\drivers\CLIKCARD.SYS [5/11/1999 3:57 PM 34692]

S4 D3NT;D3NT;c:\winnt\system32\drivers\D3NT.SYS [2/3/1999 12:02 PM 90624]

S4 IOMEGNT;IOMEGNT;c:\winnt\system32\drivers\ASCNT.SYS [8/27/1998 9:51 AM 37088]

S4 ppa3nt;ppa3nt;c:\winnt\system32\drivers\PPA3NT.SYS [8/7/1998 10:26 AM 44256]

--- Other Services/Drivers In Memory ---

*Deregistered* - WINIO

.

Contents of the 'Scheduled Tasks' folder

2010-07-13 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 00:41]

2010-07-13 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 00:41]

2010-07-01 c:\winnt\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-10 16:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.excite.com/

uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}

uDefault_Search_URL = hxxp://internetsearchservice.com

mSearch Bar = hxxp://internetsearchservice.com/ie6.html

mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}

uInternet Settings,ProxyServer = http=127.0.0.1:80

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://internetsearchservice.com

mSearchURL = hxxp://internetsearchservice.com

IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php

LSP: %SystemRoot%\system32\msafd.dll

Trusted Zone: excite.com\www

Trusted Zone: google.com\www

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: ImageUploader - hxxp://www.boats.com/listing/ImageUploader.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qoh82bt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.excite.com

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-CanonComndlg - c:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

HKLM-Run-QuickTimeQuickTimeResources - c:\program files\quicktime\qtsystem\quicktimeessentials.resources\da.lproj\quicktimequicktimeresources.exe

HKLM-Run-DriverCDPTPCLS60031 - c:\program files\canon\camera twain 61\pscamdatcdrapcls.exe

AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

AddRemove-mIRC - c:\winnt\system32\certsrv\certcontrol\gb\ntlm.exe

AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe

AddRemove-OBCD - c:\winnt\fonts\explorer.exe

AddRemove-Pop-Up Stopper Free Edition - c:\progra~1\PANICW~1\POP-UP~1\UNWISE.EXE

AddRemove-STDE13 - c:\winnt\STDE13 Uninstaller.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-12 23:40

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\winnt\system32\Perflib_Perfdata_848.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(212)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(2116)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

c:\program files\SecureBackupShare\LIBEAY32.dll

c:\program files\SecureBackupShare\dbghelp.dll

c:\winnt\system32\SHDOCVW.DLL

c:\progra~1\COMMON~1\efax\HsPfcW32.dll

c:\winnt\system32\HotRes32.dll

c:\program files\Iomega\Tools\IMGHOOK.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Citrix\System32\CdfSvc.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\McAfee\MSK\MskSrver.exe

c:\winnt\system32\regsvc.exe

c:\winnt\system32\MSTask.exe

c:\winnt\system32\stisvc.exe

c:\winnt\system32\UAService7.exe

c:\winnt\System32\WBEM\WinMgmt.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\winnt\SOUNDMAN.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\Citrix\GoToMeeting\452\g2mcomm.exe

c:\program files\Citrix\GoToMeeting\452\g2mlauncher.exe

.

**************************************************************************

.

Completion time: 2010-07-12 23:49:42 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-13 03:49

Pre-Run: 2,493,648,896 bytes free

Post-Run: 2,475,503,616 bytes free

- - End Of File - - 2A65B4F6ED036DF19972CAF833EEEFFA

[Elise]

Hello again,

Please click Start > Run, type sfc /scannow in the runbox and press enter. Let the System File Checker run unhindered. Note - you may be prompted for your XP CD. If you don't have one, maybe you can borrow one from a friend/family member

CF-SCRIPT

-------------

We need to execute a CF-script.

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
  

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:80
uInternet Settings,ProxyOverride = <local>

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[jimjamie46]

I had to skip scf /scannow. I've had Win2000 for 10 years and have since lost the CD. Is there a way around using the CD rom?

I followed the other instructions. The log is below.

This time McAfee was turned off.

I'm curious: are we trying to figure out why the MBAM won't complete its scan or have these latest steps been in lieu of MBAM?

ComboFix 10-07-13.02 - Administrator 07/13/2010 23:31:36.3.1 - x86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.703.381 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

.

((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))

.

2010-07-14 03:19 . 1999-12-01 03:39 17168 -c--a-w- c:\winnt\system32\dllcache\jupi32.dll

2010-07-14 03:19 . 1999-09-24 23:17 35856 -c--a-w- c:\winnt\system32\dllcache\jt1nd5.sys

2010-07-14 03:19 . 1999-12-01 03:39 27408 -c--a-w- c:\winnt\system32\dllcache\icam3ext.dll

2010-07-14 03:19 . 2003-06-19 19:05 140016 -c--a-w- c:\winnt\system32\dllcache\icam3.sys

2010-07-14 03:18 . 1999-12-01 03:39 7440 -c--a-w- c:\winnt\system32\dllcache\is4x.dll

2010-07-14 03:18 . 1999-12-01 03:39 7440 -c--a-w- c:\winnt\system32\dllcache\is450.dll

2010-07-14 03:18 . 1999-12-01 03:39 7440 -c--a-w- c:\winnt\system32\dllcache\is410.dll

2010-07-14 03:18 . 1999-12-01 03:39 7440 -c--a-w- c:\winnt\system32\dllcache\is01.dll

2010-07-14 03:18 . 2002-07-22 16:05 104720 -c--a-w- c:\winnt\system32\dllcache\ibmtrp.sys

2010-07-14 03:18 . 1999-10-08 18:06 100112 -c--a-w- c:\winnt\system32\dllcache\ibmtok.sys

2010-07-14 03:18 . 1999-11-30 05:32 7680 -c--a-w- c:\winnt\system32\dllcache\ibmsgnet.dll

2010-07-14 03:18 . 1999-10-04 17:56 28944 -c--a-w- c:\winnt\system32\dllcache\ibmexmp.sys

2010-07-14 03:18 . 1999-12-01 03:39 17680 -c--a-w- c:\winnt\system32\dllcache\hr132.dll

2010-07-14 03:18 . 1999-11-05 19:19 32528 -c--a-w- c:\winnt\system32\dllcache\forehe.sys

2010-07-14 03:18 . 1999-10-01 01:28 38464 -c--a-w- c:\winnt\system32\dllcache\ecnb.sys

2010-07-13 03:50 . 2010-07-13 03:50 -------- d-s---w- c:\winnt\Cookies

2010-07-13 03:46 . 2010-07-13 03:46 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_974.dat

2010-07-13 03:40 . 2010-07-13 03:40 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_848.dat

2010-07-13 03:39 . 2010-07-13 03:39 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_5c0.dat

2010-07-10 12:37 . 2010-07-10 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-07-10 12:36 . 2010-04-29 19:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-07-10 12:36 . 2010-07-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-10 12:36 . 2010-07-10 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 12:36 . 2010-04-29 19:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-07-10 12:13 . 2010-07-10 12:00 363520 ----a-w- C:\rkill.com

2010-06-22 07:00 . 2010-06-22 07:01 9013160 ----a-w- c:\documents and settings\All Users\TempComcastSecureBackupShare-update-fd7a4104d2b2d587567c73de831db04b.exe

2010-06-15 07:04 . 2010-06-09 18:07 54776 ----a-w- c:\winnt\system32\drivers\ComcastSecureBackupShare.sys

2010-06-15 07:02 . 2010-06-15 07:02 9015424 ----a-w- c:\documents and settings\All Users\TempComcastSecureBackupShare-update-9d139f00bf24a8f6ac0e09afee05b1ba.exe

2010-06-15 07:02 . 2010-06-15 07:02 -------- d-----w- c:\documents and settings\All Users\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-13 04:43 . 2010-06-10 02:04 -------- d-----w- c:\program files\McAfee

2010-06-22 07:02 . 2010-03-19 00:07 -------- d-----w- c:\program files\SecureBackupShare

2010-06-10 03:02 . 2010-06-10 03:02 -------- d-----w- c:\documents and settings\Ctx_StreamingSvc\Application Data\SACore

2010-06-10 02:14 . 2010-05-10 01:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2010-06-10 02:08 . 2007-01-17 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-10 02:07 . 2010-06-10 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2010-06-10 02:04 . 2010-06-10 02:04 -------- d-----w- c:\program files\Common Files\McAfee

2010-06-10 02:04 . 2010-06-10 02:04 -------- d-----w- c:\program files\McAfee.com

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\19793\AcrobatUpdater.exe

2010-05-18 09:24 . 2005-12-24 20:04 -------- d-----w- c:\program files\Google

2010-05-10 01:31 . 2010-05-10 01:31 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_244.dat

2010-05-10 01:29 . 2010-05-10 01:29 49152 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2010-05-10 01:29 . 2010-05-10 01:29 335872 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2010-05-10 01:28 . 2010-05-10 01:28 57344 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2010-05-10 01:23 . 2010-05-10 01:23 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT

2010-05-10 01:19 . 2003-03-19 02:05 106496 ----a-w- c:\winnt\system32\ATL71.DLL

2010-05-03 08:17 . 2002-07-24 12:00 1650448 ------w- c:\winnt\system32\WIN32K.SYS

2003-05-01 07:10 . 2003-03-18 04:10 1897672 ------w- c:\program files\winzip.exe

2003-05-01 07:09 . 2003-03-22 18:41 4013744 ------w- c:\program files\msgrplus.exe

2003-02-19 22:16 . 2003-02-19 22:16 21952 ---h--w- c:\program files\folder.htt

2007-02-08 02:33 . 2007-02-08 02:33 60518 ------w- c:\program files\mozilla firefox\components\jar50.dll

2007-02-08 02:33 . 2007-02-08 02:33 49248 ------w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-02-08 02:33 . 2007-02-08 02:33 165992 ------w- c:\program files\mozilla firefox\components\xpinstal.dll

2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-01-30 05:03 . 2007-01-30 05:03 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-01-30 05:03 . 2007-01-30 05:03 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 09:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]

@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"

[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]

2010-06-18 12:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]

@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"

[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]

2010-06-18 12:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]

@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"

[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]

2010-06-18 12:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\452\g2mstart.exe" [2010-02-13 39816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]

"HTpatch"="c:\winnt\htpatch.exe" [2002-10-30 28672]

"SiS Tray"="c:\winnt\System32\sistray.EXE" [2002-11-17 303104]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-13 1101104]

"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]

"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-12 180269]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-11-09 323216]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Iomega Icons.lnk - c:\program files\Iomega\Tools\imgicon.exe [1999-5-6 28672]

Iomega QuikSync.lnk - c:\program files\Iomega\QuikSync\QuikSync.exe [1999-6-25 932864]

Iomega Startup Options.lnk - c:\program files\Iomega\Tools\imgstart.exe [1999-5-12 32768]

IomegaWare.lnk - c:\program files\Iomega\IomegaWare\Commander.exe [1999-7-15 270336]

Live Menu.lnk - c:\program files\Common Files\efax\Dllcmd32.exe [2003-3-22 33672]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-6-18 2374984]

TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-2-28 278528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R1 cdfdrv;cdfdrv;c:\program files\Common Files\Citrix\System32\cdfdrv.sys [5/24/2007 3:40 PM 22968]

R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\winnt\system32\drivers\ComcastSecureBackupShare.sys [6/15/2010 3:04 AM 54776]

R2 BsUDF;InCD UDF Driver;c:\winnt\system32\drivers\bsudf.sys [2/20/2003 10:37 AM 379038]

R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 9:02 AM 45896]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/9/2010 10:07 PM 203280]

R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [9/5/2003 2:06 AM 39040]

R2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:04 PM 24652]

R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [7/24/2002 8:00 AM 24784]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [9/5/2003 2:06 AM 54016]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/23/2004 10:04 PM 49776]

S2 gupdate1c9ceaca264209c;Google Update Service (gupdate1c9ceaca264209c);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2009 8:41 PM 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [7/10/2010 8:36 AM 38224]

S4 CLIKCARD;CLIKCARD;c:\winnt\system32\drivers\CLIKCARD.SYS [5/11/1999 3:57 PM 34692]

S4 D3NT;D3NT;c:\winnt\system32\drivers\D3NT.SYS [2/3/1999 12:02 PM 90624]

S4 IOMEGNT;IOMEGNT;c:\winnt\system32\drivers\ASCNT.SYS [8/27/1998 9:51 AM 37088]

S4 ppa3nt;ppa3nt;c:\winnt\system32\drivers\PPA3NT.SYS [8/7/1998 10:26 AM 44256]

--- Other Services/Drivers In Memory ---

*Deregistered* - WINIO

.

Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 00:41]

2010-07-14 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 00:41]

2010-07-01 c:\winnt\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-10 16:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.excite.com/

uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}

uDefault_Search_URL = hxxp://internetsearchservice.com

mSearch Bar = hxxp://internetsearchservice.com/ie6.html

mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}

uSearchAssistant = hxxp://internetsearchservice.com

mSearchURL = hxxp://internetsearchservice.com

IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php

LSP: %SystemRoot%\system32\msafd.dll

Trusted Zone: excite.com\www

Trusted Zone: google.com\www

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: ImageUploader - hxxp://www.boats.com/listing/ImageUploader.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qoh82bt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.excite.com

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-13 23:37

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(212)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

c:\program files\McAfee\SiteAdvisor\saHook.dll

.

Completion time: 2010-07-13 23:41:20

ComboFix-quarantined-files.txt 2010-07-14 03:41

ComboFix2.txt 2010-07-13 03:49

Pre-Run: 2,479,919,104 bytes free

Post-Run: 2,473,127,936 bytes free

- - End Of File - - 42BF117F5CB7A7BE52C1856B4B810E08

[Elise]

Unfortunately, without the CD there is nothing we can do about those files that don't pass sigcheck.

So, lets see what other problems there are. Please let me know how things are running now.

Please try to run MBAM now, update it and do a full scan. Let me know if it completes and if so, please post me the log.

[jimjamie46]

Was able to complete a MBAM full scan. Log below.

I removed the infected files. I have a printscreen of MBAM just before deleting showing the bad files. Not attached.

I've attached the log that appeared after MBAM deleted the files. Nearly identical to the scan log.

My desktop icons still don't work. I have IE 6. Firefox fine, email fine. What is blocking IE?

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4299

Windows 5.0.2195 Service Pack 4

Internet Explorer 6.0.2800.1106

7/15/2010 7:18:04 AM

mbam-log-2010-07-15 (07-18-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 176375

Time elapsed: 1 hour(s), 20 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 8

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir (PUP.FunWebProducts) -> No action taken.

mbam_log_2010_07_15__07_31_04_.zip

[Elise]

Please first update MBAM, then repeat the scan.

I'm not sure if I understand your desktop icons problem correct: does only the IE desktop icon not work, or does none of the desktop icons work?

Are you aware that microsoft ended all support for Windows 2000 this week? This is a very old OS and no further security/vulnerability patches will be released to address bugs or other problems.

[jimjamie46]

I can get to out to the web via IE if I go to Start>Search>On the Internet. However if I create a Favorite from there, send it to my desktop the icon doesn't work. No favorites work in IE either, but Bookmarks work in Firefox.Other, non internet shortcuts on the desktop do work, but no internet shortcuts work. When I click one, a timer pops up for a second as if it is trying to open. Something has changed the nature of the IE shortcuts.

Latest MBAM scan shows 1 file TrojanAgent. I removed it. Rebooted. Icons still not working. If I go to Run, type in www.Google.com and hit OK I get "Cannot find file www.Google.com' (or one of its components). Make sure path and filename are correct and that all required libraries are available"

McAfee was turned off for this scan.

Log after removal:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4317

Windows 5.0.2195 Service Pack 4

Internet Explorer 6.0.2800.1106

7/16/2010 6:28:36 AM

mbam-log-2010-07-16 (06-28-36).txt

Scan type: Full scan (C:\|)

Objects scanned: 178712

Time elapsed: 1 hour(s), 58 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securityhelper.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

[Elise]

Lets see if we can get a better look at your internet settings.

On a side note, as mentioned before, because your version of windows is this old, also Internet Explorer cannot be upgraded. IE6 is a very unsafe browser. For day-to-day use, I strongly recommend you to use Firefox.

OTL

-----

Please download OTL from one of the following mirrors:

• • This is THE Mirror
    

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

[jimjamie46]

The Firefox shortcut on the desktop works, so it isn't "desktop" specific is it.

Both logs below.

Aren't you amazing!

OTL logfile created on: 7/17/2010 10:04:51 AM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 418.00 Mb Available Physical Memory | 59.00% Memory free

1,008.00 Mb Paging File | 591.00 Mb Available in Paging File | 59.00% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 38.33 Gb Total Space | 2.31 Gb Free Space | 6.03% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 232.88 Gb Total Space | 84.41 Gb Free Space | 36.24% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: USER

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/17 10:01:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2010/06/18 08:48:40 | 002,374,984 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2010/02/13 08:48:44 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe

PRC - [2010/02/13 08:48:44 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mlauncher.exe

PRC - [2010/02/13 08:48:44 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mcomm.exe

PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/02/09 09:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe

PRC - [2009/03/04 19:31:50 | 000,126,976 | ---- | M] () -- C:\WINNT\system32\UAService7.exe

PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2008/02/19 12:01:46 | 000,278,528 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

PRC - [2007/07/05 15:56:00 | 000,237,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe

PRC - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe

PRC - [2007/05/02 05:15:50 | 000,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe

PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/11/08 20:03:02 | 000,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe

PRC - [2006/08/12 09:35:00 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe

PRC - [2004/07/01 18:23:32 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\SOUNDMAN.EXE

PRC - [2003/06/19 15:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe

PRC - [2003/06/19 15:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe

PRC - [2003/06/19 15:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe

PRC - [2003/06/19 15:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe

PRC - [2003/02/03 03:09:00 | 000,033,672 | ---- | M] (eFax.com) -- C:\Program Files\Common Files\efax\Dllcmd32.exe

PRC - [2002/11/17 10:36:16 | 000,303,104 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINNT\system32\sistray.exe

PRC - [2002/10/30 05:40:34 | 000,028,672 | ---- | M] () -- C:\WINNT\htpatch.exe

PRC - [2002/09/12 22:13:18 | 001,101,104 | ---- | M] (Copyright © ahead software gmbh and its licensors) -- C:\Program Files\Ahead\InCD\InCD.exe

PRC - [1999/05/06 13:05:00 | 000,028,672 | ---- | M] (Iomega Corp.) -- C:\Program Files\Iomega\Tools\IMGICON.EXE

========== Modules (SafeList) ==========

MOD - [2010/07/17 10:01:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2006/05/19 05:18:24 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\IPHLPAPI.DLL

MOD - [2005/04/08 07:54:32 | 000,200,464 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\RASAPI32.DLL

MOD - [2005/04/08 07:54:32 | 000,134,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\adsldpc.dll

MOD - [2005/04/08 07:54:32 | 000,058,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\RASMAN.DLL

MOD - [2003/06/19 15:05:04 | 000,182,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\activeds.dll

MOD - [2003/06/19 15:05:04 | 000,126,736 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\TAPI32.DLL

MOD - [2003/06/19 15:05:04 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx

MOD - [2003/06/19 15:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll

MOD - [2003/06/19 15:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll

MOD - [2003/02/03 03:09:00 | 000,286,720 | ---- | M] (eFax.com) -- C:\WINNT\system32\HotRes32.dll

MOD - [2003/02/03 03:09:00 | 000,176,128 | ---- | M] (eFax.com) -- C:\Program Files\Common Files\efax\Hspfcw32.dll

MOD - [2002/07/24 08:00:00 | 000,081,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mprapi.dll

MOD - [2002/07/24 08:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rtutils.dll

MOD - [2002/07/24 08:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll

MOD - [2002/07/24 08:00:00 | 000,007,440 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\icmp.dll

MOD - [1999/05/06 12:50:08 | 000,069,632 | ---- | M] (Iomega Corp.) -- C:\Program Files\Iomega\Tools\IMGHOOK.DLL

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2010/02/09 09:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) [Auto | Running] -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe -- (ComcastSecureBackupSharebackup)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/18 22:48:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2009/03/04 19:31:50 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINNT\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)

SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2007/07/05 15:56:00 | 000,237,568 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc)

SRV - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)

SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)

SRV - [2003/06/19 15:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)

SRV - [2003/06/19 15:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)

SRV - [2003/06/19 15:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)

SRV - [2003/06/19 15:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)

SRV - [2003/06/19 15:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)

SRV - [2003/06/19 15:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)

SRV - [2003/05/01 03:04:42 | 000,139,264 | ---- | M] ( Iomega Corporation) [Auto | Stopped] -- C:\Program Files\Iomega\Tools\IomegaAccess.exe -- (IomegaAccess)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - File not found [Kernel | Disabled | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/06/09 14:07:56 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINNT\system32\drivers\ComcastSecureBackupShare.sys -- (ComcastSecureBackupShareFilter)

DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2007/05/24 15:40:18 | 000,022,968 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Program Files\Common Files\Citrix\System32\cdfdrv.sys -- (cdfdrv)

DRV - [2007/01/30 01:03:34 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2007/01/30 01:03:34 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)

DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\afc.sys -- (Afc)

DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)

DRV - [2004/07/01 14:49:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/06/19 15:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2003/06/19 15:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)

DRV - [2003/06/19 15:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)

DRV - [2003/06/19 15:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)

DRV - [2003/06/19 15:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)

DRV - [2003/06/19 15:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)

DRV - [2003/06/19 15:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2003/06/19 15:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)

DRV - [2003/06/19 15:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)

DRV - [2002/12/24 01:52:40 | 000,054,016 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ousb2hub.sys -- (ousb2hub)

DRV - [2002/12/24 01:52:40 | 000,039,040 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ousbehci.sys -- (ousbehci)

DRV - [2002/11/28 05:46:54 | 000,256,820 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2002/10/31 01:18:16 | 000,026,854 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\SISAGPx.sys -- (SISAGP)

DRV - [2002/10/21 00:47:16 | 000,006,891 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\siside.sys -- (SiSide)

DRV - [2002/10/17 03:22:06 | 000,019,712 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\sisidex.sys -- (sisidex)

DRV - [2002/09/13 17:34:44 | 000,379,038 | ---- | M] (ahead software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\bsudf.sys -- (BsUDF)

DRV - [2002/08/20 05:21:32 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sisperf.sys -- (sisperf)

DRV - [2002/08/01 22:30:12 | 000,035,427 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002/07/24 08:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)

DRV - [2002/07/24 08:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)

DRV - [2002/05/23 02:46:10 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINNT\System32\drivers\incdrm.sys -- (incdrm)

DRV - [2002/03/26 04:59:50 | 000,047,918 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\R8139n5.sys -- (rtl8139)

DRV - [1999/09/25 06:35:16 | 000,002,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [1999/05/11 15:57:20 | 000,034,692 | ---- | M] (Iomega Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\CLIKCARD.SYS -- (CLIKCARD)

DRV - [1999/02/03 12:02:30 | 000,090,624 | ---- | M] (Iomega Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\D3NT.SYS -- (D3NT)

DRV - [1998/08/27 09:51:00 | 000,037,088 | ---- | M] (Iomega) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\ASCNT.SYS -- (IOMEGNT)

DRV - [1998/08/07 10:26:12 | 000,044,256 | ---- | M] (Iomega Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\PPA3NT.SYS -- (ppa3nt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/

IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:80

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/

IE - HKU\S-1-5-21-796845957-1078081533-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.excite.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/17 02:41:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/05/09 21:18:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/05/09 21:18:08 | 000,000,000 | ---D | M]

[2007/02/07 22:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2qoh82bt.default\extensions

[2010/07/15 07:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/01/09 17:27:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[2009/12/18 05:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru

[2007/02/07 22:33:06 | 000,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll

[2007/02/07 22:33:08 | 000,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll

[2007/02/07 22:33:06 | 000,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll

[2007/01/30 01:03:56 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll

[2007/01/30 01:03:56 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll

[2009/03/27 11:30:34 | 000,155,648 | ---- | M] (Dassault Syst

[Elise]

Hello again,

Did you try to recreate the IE icon on your desktop?

Please let me know how things are after the following fix.

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   :otl
   IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
   IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:80
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

[jimjamie46]

Latest log. A new IE shortcut moved to the desktop will not work.

OTL log file below.

All processes killed

========== OTL ==========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: A

User: Admin2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 119688 bytes

User: Administrator

->Temp folder emptied: 389396 bytes

->Temporary Internet Files folder emptied: 2990621 bytes

->Java cache emptied: 22922990 bytes

->FireFox cache emptied: 54790127 bytes

->Flash cache emptied: 642558 bytes

User: All Users

User: Ctx_StreamingSvc

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: ZBX

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5120 bytes

RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 78.00 mb

OTL by OldTimer - Version 3.2.9.0 log created on 07182010_002303

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Elise]

Since you have no CD, we are somewhat limited in our options. does IE work from the start menu?

[jimjamie46]

Yes, If I do Start, Search, On the Internet. So the program is there. I'm running IE 6.

[jimjamie46]

Can I borrow someone else's or is it a one to one situation?

What really stinks is that I can't click on any links in my emails. (I have and Evite invite that I can't open)

[Elise]

You can always copy links from emails and paste them directly in your webbrowser.

You can borrow a CD, but it has to be the exact same Windows version as your installed Windows.

[jimjamie46]

The links often are just "click here". Is there a way to find out what the URL is?

[Elise]

Right click on the link, select Copy link address (or something like that) and then paste them in your browser.

[jimjamie46]

Right clicking will expose the menu with "copy shorcut" available, but nothing will be pasted.

[jimjamie46]

When I right click a desktop shortcut it does not have "open". Bitmap attached.

If I create a new shortcut from Firefox and drag it to the desktop it does not work.

New bookmarks open in Firefox.

No favorites work in IE.

A new Favorite in IE will not open either.

I think it is related to Desktop Security 2010. Do you agree? I spent time Googling the problem but there are too may possibilities to chase down if we think Desktop Security 2010 was the cause. Do you agree?

shortcuts.bmp

[Elise]

I don't think this is related to desktop security. I think tis is a corrupted windows installation, simply due to age in combination with an infection (which always puts strain on a system).

Please click Start > Run, type chkdsk /r in the runbox and press enter. When asked if you want to schedule a scan for the next reboot, type Y. Then reboot your computer and let the diskcheck run unhindered.

Note - this may take a while. When done, let me know how things are running.

[jimjamie46]

I found my Win 2000 install CD!

[Elise]

That is great news!

First, run the checkdisk as instructed in my previous post so we can rule out harddisk errors.

[jimjamie46]

I found my Win 2000 install CD!

What do I do next?