Jump to content

lharrison616

Members
  • Content Count

    54
  • Joined

  • Last visited

Everything posted by lharrison616

  1. OK all seems well now. Thank you very much and I also appreciate your patience with me as I was only able to reply in the late evening due to work. I have installed WOT and will add The spyware software you suggested. I have had no other problems at all. I will also be careful about who uses the computer.
  2. I also noticed that an Icon that said free games on the desktop was no longer useable. That was installed by a friend and I kind of figured it was malware or adware.
  3. it had several lines like the ones I copied and Deleted Successfully was the last thing in the box (looked like a DOS box) after I pressed a key it just deleted the fix.bat file
  4. I did complete the scan. no IE crashes so far. C:Program Files (x86)Dell DataSafe Local Backuphstart.exe a variant of Win32/HiddenStart.A applicationC:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdatehstart.exe a variant of Win32/HiddenStart.A applicationC:UsersJamesAppDataLocalLowGamingWonderlandEIInstallrCache0061C62D.exe a variant of Win32/Toolbar.MyWebSearch.O applicationC:UsersJamesAppDataLocalLowMindDabble_4pEIInstallrCache00233256.exe a variant of Win32/Toolbar.MyWebSearch.O application Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.19.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635James :: JAMES-PC [administrator] 7/18/2013 10:34:31 PMmbam-log-2013-07-18 (22-34-31).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 216091Time elapsed: 5 minute(s), 10 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  5. OK I get the duh award today. I started Eset and after running for 20 minutes I realize that I forgot to disable my Virus Scanner. Do I need to rerun the scan with it disabled?
  6. No IE Crashes since I mentioned it. here are the logs. # AdwCleaner v2.305 - Logfile created 07/17/2013 at 23:01:21# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : James - JAMES-PC# Boot Mode : Normal# Running from : C:UsersJamesDesktopadwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:ProgramDataAVG Secure Search ***** [Registry] ***** ***** [internet Browsers] ***** - Internet Explorer v10.0.9200.16635 [OK] Registry is clean. - Google Chrome v28.0.1500.72 File : C:UsersJamesAppDataLocalGoogleChromeUser DataDefaultPreferences Deleted [l.25] : keyword = "isearch.avg.com", ************************* AdwCleaner[R1].txt - [14258 octets] - [15/07/2013 19:06:11]AdwCleaner[R2].txt - [1202 octets] - [17/07/2013 22:58:34]AdwCleaner[s1].txt - [13932 octets] - [15/07/2013 19:12:05]AdwCleaner[s2].txt - [1101 octets] - [17/07/2013 23:01:21] ########## EOF - C:AdwCleaner[s2].txt - [1161 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.1.6 (07.17.2013:4)OS: Windows 7 Home Premium x64Ran by James on Wed 07/17/2013 at 23:08:03.84~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaretheseaappSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingapnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingapnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingaskpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingaskpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{38bc6857-67fa-4358-afae-28e0f9ad2128}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{950AF0F1-B122-468F-A4C5-D758AF36BF5D}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{38bc6857-67fa-4358-afae-28e0f9ad2128}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee} ~~~ Files Successfully deleted: [File] C:Program Files (x86)4pres.dll ~~~ Folders Successfully deleted: [Folder] "C:UsersJamesappdatalocalvisi_coupon" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/17/2013 at 23:15:44.85End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. After the scan the computer restarted and when I clicked on internet explorer it said it was unavailable or had been moved and asked me if I wanted to remove the icon. I restarted the computer and it works now. This has happened in the past few days also. A restart seems to fix it. ComboFix 13-07-16.01 - James 07/17/2013 18:27:02.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2779 [GMT -5:00]Running from: c:usersJamesDesktopComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:programdataAMMYYc:programdataAMMYYhrc:programdataAMMYYhr3c:programdataAMMYYsettings3.binc:windowswininit.ini.Infected copy of c:windowssystem32Services.exe was found and disinfectedRestored copy from - c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1services.exe..((((((((((((((((((((((((( Files Created from 2013-06-18 to 2013-07-18 )))))))))))))))))))))))))))))))..2013-07-18 00:28 . 2013-07-18 00:28 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-07-16 00:02 . 2013-06-05 03:34 3153920 ----a-w- c:windowssystem32win32k.sys2013-07-16 00:02 . 2013-04-10 05:48 1732608 ----a-w- c:program filesWindows JournalNBDoc.DLL2013-07-16 00:02 . 2013-04-10 05:46 1393152 ----a-w- c:program filesWindows JournalJNTFiltr.dll2013-07-16 00:02 . 2013-04-10 05:46 1367040 ----a-w- c:program filesCommon FilesMicrosoft Sharedinkjournal.dll2013-07-16 00:02 . 2013-04-10 05:46 1402880 ----a-w- c:program filesWindows JournalJNWDRV.dll2013-07-16 00:02 . 2013-04-10 05:03 936448 ----a-w- c:program files (x86)Common FilesMicrosoft Sharedinkjournal.dll2013-07-15 23:54 . 2013-05-27 05:50 1011712 ----a-w- c:program filesWindows DefenderMpSvc.dll2013-07-15 23:54 . 2013-05-27 05:50 571904 ----a-w- c:program filesWindows DefenderMpClient.dll2013-07-15 23:54 . 2013-05-27 04:57 392704 ----a-w- c:program files (x86)Windows DefenderMpClient.dll2013-07-15 23:54 . 2013-05-27 05:50 314880 ----a-w- c:program filesWindows DefenderMpCommu.dll2013-07-15 23:54 . 2013-05-27 04:57 54784 ----a-w- c:program files (x86)Windows DefenderMpOAV.dll2013-07-15 23:54 . 2013-05-27 03:15 9216 ----a-w- c:program files (x86)Windows DefenderMpAsDesc.dll2013-07-15 23:54 . 2013-05-27 04:57 4608 ----a-w- c:program files (x86)Windows DefenderMsMpLics.dll2013-07-15 23:50 . 2013-04-09 23:34 1247744 ----a-w- c:windowsSysWow64DWrite.dll2013-07-15 23:50 . 2013-04-02 22:51 1643520 ----a-w- c:windowssystem32DWrite.dll2013-07-15 23:49 . 2013-06-04 06:00 624128 ----a-w- c:windowssystem32qedit.dll2013-07-15 23:49 . 2013-06-04 04:53 509440 ----a-w- c:windowsSysWow64qedit.dll2013-07-15 23:49 . 2013-05-06 06:03 1887744 ----a-w- c:windowssystem32WMVDECOD.DLL2013-07-15 23:49 . 2013-05-06 04:56 1620480 ----a-w- c:windowsSysWow64WMVDECOD.DLL2013-07-15 23:30 . 2011-07-24 01:44 161720 ----a-w- c:program files (x86)4pres.dll2013-06-18 01:48 . 2013-06-18 01:48 -------- d-----w- c:program files (x86)Microsoft.NET...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-16 02:45 . 2010-07-10 01:13 78185248 ----a-w- c:windowssystem32MRT.exe2013-06-13 01:45 . 2012-06-02 00:14 692104 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-06-13 01:45 . 2011-05-15 19:22 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-05-13 05:51 . 2013-06-12 01:30 184320 ----a-w- c:windowssystem32cryptsvc.dll2013-05-13 05:51 . 2013-06-12 01:30 1464320 ----a-w- c:windowssystem32crypt32.dll2013-05-13 05:51 . 2013-06-12 01:30 139776 ----a-w- c:windowssystem32cryptnet.dll2013-05-13 05:50 . 2013-06-12 01:30 52224 ----a-w- c:windowssystem32certenc.dll2013-05-13 04:45 . 2013-06-12 01:30 1160192 ----a-w- c:windowsSysWow64crypt32.dll2013-05-13 04:45 . 2013-06-12 01:30 103936 ----a-w- c:windowsSysWow64cryptnet.dll2013-05-13 04:45 . 2013-06-12 01:30 140288 ----a-w- c:windowsSysWow64cryptsvc.dll2013-05-13 03:43 . 2013-06-12 01:30 1192448 ----a-w- c:windowssystem32certutil.exe2013-05-13 03:08 . 2013-06-12 01:30 903168 ----a-w- c:windowsSysWow64certutil.exe2013-05-13 03:08 . 2013-06-12 01:30 43008 ----a-w- c:windowsSysWow64certenc.dll2013-05-10 05:49 . 2013-06-12 01:30 30720 ----a-w- c:windowssystem32cryptdlg.dll2013-05-10 03:20 . 2013-06-12 01:30 24576 ----a-w- c:windowsSysWow64cryptdlg.dll2013-05-08 06:39 . 2013-06-12 01:30 1910632 ----a-w- c:windowssystem32driverstcpip.sys2013-05-03 01:15 . 2013-05-03 01:15 73728 ----a-w- c:windowsSysWow64SetIEInstalledDate.exe2013-05-03 01:15 . 2013-05-03 01:15 719360 ----a-w- c:windowsSysWow64mshtmlmedia.dll2013-05-03 01:15 . 2013-05-03 01:15 61952 ----a-w- c:windowsSysWow64tdc.ocx2013-05-03 01:15 . 2013-05-03 01:15 523264 ----a-w- c:windowsSysWow64vbscript.dll2013-05-03 01:15 . 2013-05-03 01:15 48640 ----a-w- c:windowsSysWow64mshtmler.dll2013-05-03 01:15 . 2013-05-03 01:15 38400 ----a-w- c:windowsSysWow64imgutil.dll2013-05-03 01:15 . 2013-05-03 01:15 361984 ----a-w- c:windowsSysWow64html.iec2013-05-03 01:15 . 2013-05-03 01:15 23040 ----a-w- c:windowsSysWow64licmgr10.dll2013-05-03 01:15 . 2013-05-03 01:15 226304 ----a-w- c:windowssystem32elshyph.dll2013-05-03 01:15 . 2013-05-03 01:15 185344 ----a-w- c:windowsSysWow64elshyph.dll2013-05-03 01:15 . 2013-05-03 01:15 158720 ----a-w- c:windowsSysWow64msls31.dll2013-05-03 01:15 . 2013-05-03 01:15 150528 ----a-w- c:windowsSysWow64iexpress.exe2013-05-03 01:15 . 2013-05-03 01:15 1441280 ----a-w- c:windowsSysWow64inetcpl.cpl2013-05-03 01:15 . 2013-05-03 01:15 138752 ----a-w- c:windowsSysWow64wextract.exe2013-05-03 01:15 . 2013-05-03 01:15 137216 ----a-w- c:windowsSysWow64ieUnatt.exe2013-05-03 01:15 . 2013-05-03 01:15 12800 ----a-w- c:windowsSysWow64mshta.exe2013-05-03 01:15 . 2013-05-03 01:15 110592 ----a-w- c:windowsSysWow64IEAdvpack.dll2013-05-03 01:15 . 2013-05-03 01:15 1054720 ----a-w- c:windowssystem32MsSpellCheckingFacility.exe2013-05-03 01:15 . 2013-05-03 01:15 97280 ----a-w- c:windowssystem32mshtmled.dll2013-05-03 01:15 . 2013-05-03 01:15 92160 ----a-w- c:windowssystem32SetIEInstalledDate.exe2013-05-03 01:15 . 2013-05-03 01:15 905728 ----a-w- c:windowssystem32mshtmlmedia.dll2013-05-03 01:15 . 2013-05-03 01:15 81408 ----a-w- c:windowssystem32icardie.dll2013-05-03 01:15 . 2013-05-03 01:15 77312 ----a-w- c:windowssystem32tdc.ocx2013-05-03 01:15 . 2013-05-03 01:15 762368 ----a-w- c:windowssystem32ieapfltr.dll2013-05-03 01:15 . 2013-05-03 01:15 62976 ----a-w- c:windowssystem32pngfilt.dll2013-05-03 01:15 . 2013-05-03 01:15 599552 ----a-w- c:windowssystem32vbscript.dll2013-05-03 01:15 . 2013-05-03 01:15 52224 ----a-w- c:windowssystem32msfeedsbs.dll2013-05-03 01:15 . 2013-05-03 01:15 51200 ----a-w- c:windowssystem32imgutil.dll2013-05-03 01:15 . 2013-05-03 01:15 48640 ----a-w- c:windowssystem32mshtmler.dll2013-05-03 01:15 . 2013-05-03 01:15 452096 ----a-w- c:windowssystem32dxtmsft.dll2013-05-03 01:15 . 2013-05-03 01:15 441856 ----a-w- c:windowssystem32html.iec2013-05-03 01:15 . 2013-05-03 01:15 281600 ----a-w- c:windowssystem32dxtrans.dll2013-05-03 01:15 . 2013-05-03 01:15 27648 ----a-w- c:windowssystem32licmgr10.dll2013-05-03 01:15 . 2013-05-03 01:15 270848 ----a-w- c:windowssystem32iedkcs32.dll2013-05-03 01:15 . 2013-05-03 01:15 247296 ----a-w- c:windowssystem32webcheck.dll2013-05-03 01:15 . 2013-05-03 01:15 235008 ----a-w- c:windowssystem32url.dll2013-05-03 01:15 . 2013-05-03 01:15 216064 ----a-w- c:windowssystem32msls31.dll2013-05-03 01:15 . 2013-05-03 01:15 197120 ----a-w- c:windowssystem32msrating.dll2013-05-03 01:15 . 2013-05-03 01:15 173568 ----a-w- c:windowssystem32ieUnatt.exe2013-05-03 01:15 . 2013-05-03 01:15 167424 ----a-w- c:windowssystem32iexpress.exe2013-05-03 01:15 . 2013-05-03 01:15 1509376 ----a-w- c:windowssystem32inetcpl.cpl2013-05-03 01:15 . 2013-05-03 01:15 149504 ----a-w- c:windowssystem32occache.dll2013-05-03 01:15 . 2013-05-03 01:15 144896 ----a-w- c:windowssystem32wextract.exe2013-05-03 01:15 . 2013-05-03 01:15 1400416 ----a-w- c:windowssystem32ieapfltr.dat2013-05-03 01:15 . 2013-05-03 01:15 13824 ----a-w- c:windowssystem32mshta.exe2013-05-03 01:15 . 2013-05-03 01:15 136192 ----a-w- c:windowssystem32iepeers.dll2013-05-03 01:15 . 2013-05-03 01:15 135680 ----a-w- c:windowssystem32IEAdvpack.dll2013-05-03 01:15 . 2013-05-03 01:15 12800 ----a-w- c:windowssystem32msfeedssync.exe2013-05-03 01:15 . 2013-05-03 01:15 102912 ----a-w- c:windowssystem32inseng.dll2013-05-03 01:11 . 2013-05-03 01:11 9728 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 9728 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 522752 ----a-w- c:windowssystem32XpsGdiConverter.dll2013-05-03 01:11 . 2013-05-03 01:11 465920 ----a-w- c:windowssystem32WMPhoto.dll2013-05-03 01:11 . 2013-05-03 01:11 417792 ----a-w- c:windowsSysWow64WMPhoto.dll2013-05-03 01:11 . 2013-05-03 01:11 4096 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-user32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 4096 ---ha-w- c:windowssystem32api-ms-win-downlevel-user32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3928064 ----a-w- c:windowssystem32d2d1.dll2013-05-03 01:11 . 2013-05-03 01:11 364544 ----a-w- c:windowsSysWow64XpsGdiConverter.dll2013-05-03 01:11 . 2013-05-03 01:11 363008 ----a-w- c:windowssystem32dxgi.dll2013-05-03 01:11 . 2013-05-03 01:11 3584 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3584 ---ha-w- c:windowssystem32api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-version-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowssystem32api-ms-win-downlevel-version-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowssystem32api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2776576 ----a-w- c:windowssystem32msmpeg2vdec.dll2013-05-03 01:11 . 2013-05-03 01:11 2565120 ----a-w- c:windowssystem32d3d10warp.dll2013-05-03 01:11 . 2013-05-03 01:11 2560 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2560 ---ha-w- c:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2284544 ----a-w- c:windowsSysWow64msmpeg2vdec.dll2013-05-03 01:11 . 2013-05-03 01:11 220160 ----a-w- c:windowsSysWow64d3d10core.dll2013-05-03 01:11 . 2013-05-03 01:11 1682432 ----a-w- c:windowssystem32XpsPrint.dll2013-05-03 01:11 . 2013-05-03 01:11 1158144 ----a-w- c:windowsSysWow64XpsPrint.dll2013-05-03 01:11 . 2013-05-03 01:11 1080832 ----a-w- c:windowsSysWow64d3d10.dll2013-05-03 01:11 . 2013-05-03 01:11 10752 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 10752 ---ha-w- c:windowssystem32api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 1175552 ----a-w- c:windowssystem32FntCache.dll2013-05-03 01:11 . 2013-05-03 01:11 648192 ----a-w- c:windowssystem32d3d10level9.dll2013-05-03 01:11 . 2013-05-03 01:11 604160 ----a-w- c:windowsSysWow64d3d10level9.dll2013-05-03 01:11 . 2013-05-03 01:11 3419136 ----a-w- c:windowsSysWow64d2d1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2009-02-27 35696]"Dell DataSafe Online"="c:program files (x86)Dell DataSafe OnlineDataSafeOnline.exe" [2010-02-09 1807680]"PDVDDXSrv"="c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:program files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [2009-10-15 498160]"AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656]"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2013-03-13 1532992]"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2013-02-18 152392].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]"c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"="c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" [2012-02-10 559616].c:programdataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan2.1.121SSScheduler.exe [2010-9-3 255536]Microsoft Office.lnk - c:program files (x86)Microsoft OfficeOfficeOSA9.EXE -b -l [1999-2-17 65588].c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe /firstrun [2009-12-15 1324384].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:windowssystem32driversHipShieldK.sys;c:windowsSYSNATIVEdriversHipShieldK.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe [x]R3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys;c:windowsSYSNATIVEdriversmferkdet.sys [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:windowssystem32driversmfewfpk.sys;c:windowsSYSNATIVEdriversmfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys;c:windowsSYSNATIVEDriversPxHlpa64.sys [x]S1 aswKbd;aswKbd; [x]S2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_7f58c91b65c73836AESTSr64.exe;c:windowsSYSNATIVEDriverStoreFileRepositorystwrt64.inf_amd64_neutral_7f58c91b65c73836AESTSr64.exe [x]S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [x]S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe;c:program filesDellDellDockDockLogin.exe [x]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:windowssystem32mfevtps.exe;c:windowsSYSNATIVEmfevtps.exe [x]S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [x]S2 SftService;SoftThinks Agent Service;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE [x]S3 cfwids;McAfee Inc. cfwids;c:windowssystem32driverscfwids.sys;c:windowsSYSNATIVEdriverscfwids.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32DRIVERSCtClsFlt.sys;c:windowsSYSNATIVEDRIVERSCtClsFlt.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:windowssystem32driversmfefirek.sys;c:windowsSYSNATIVEdriversmfefirek.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys;c:windowsSYSNATIVEDriversRtsUStor.sys [x]S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys;c:windowsSYSNATIVEDRIVERSSftfslh.sys [x]S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys;c:windowsSYSNATIVEDRIVERSSftplaylh.sys [x]S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys;c:windowsSYSNATIVEDRIVERSSftredirlh.sys [x]S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys;c:windowsSYSNATIVEDRIVERSSftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys;c:windowsSYSNATIVEDRIVERSyk62x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-16 00:32 1173456 ----a-w- c:program files (x86)GoogleChromeApplication28.0.1500.72Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-17 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-06-02 01:45].2013-07-18 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-08-10 00:13].2013-07-18 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-08-10 00:13]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"Apoint"="c:program filesDellTPadApoint.exe" [2010-04-06 384296]"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2010-02-25 487424]"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-02-21 165912]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2010-02-21 387608]"Persistence"="c:windowssystem32igfxpers.exe" [2010-02-21 365592]"Broadcom Wireless Manager UI"="c:program filesDellDell Wireless WLAN CardWLTRAY.exe" [2009-07-17 4968960]"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2009-06-05 186904].------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmmLocal Page = c:windowsSysWOW64blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: msn.comdellTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-DellSupportCenter - c:program files (x86)Dell Support Centerbinsprtcmd.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SpywareTerminatorShield - c:program files (x86)Spyware TerminatorSpywareTerminatorShield.exeHKLM-Run-SpywareTerminatorUpdater - c:program files (x86)Spyware TerminatorSpywareTerminatorUpdate.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMcAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,.[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exec:windowsSysWOW64rundll32.exec:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exec:program files (x86)Dell DataSafe Local BackupTOASTER.EXEc:program files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXEc:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe.**************************************************************************.Completion time: 2013-07-17 19:38:18 - machine was rebootedComboFix-quarantined-files.txt 2013-07-18 00:38.Pre-Run: 245,965,357,056 bytes freePost-Run: 248,205,225,984 bytes free.- - End Of File - - 8472BCE7A80C5CEA96FB6ED6B63E4C88CDB4DE4BBD714F152979DA2DCBEF57EB
  8. Completed the scan. would you rather me attach the txt files or copy and paste them into the post? aswMBR.txt MBR.zip
  9. I removed my web search from this laptop but I have had a few browser crashes since then. I have uploaded attach, dds, attach.txt dds.txt
  10. ESET did not give me the option to list found threats or export them. It said it found no threats. MBAM seems to work fine alongside Kaspersky, I usually disable Kaspersky when I run it though. Here are the other two logs. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.04.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 LD :: LD-PC-DELL [administrator] Protection: Enabled 1/4/2013 5:52:24 PM mbam-log-2013-01-04 (17-52-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212716 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) CKScanner 2.1 - Additional Security Risks - These are not necessarily bad c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_desoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_defaultsoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_essoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_frsoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_itsoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_kosoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_zh-cnsoundsfirecrackle.ogg scanner sequence 3.FA.11.XJNAWB ----- EOF -----
  11. I have noit noted any other errors, popups or anything. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-02 19:11:37 ----------------------------- 19:11:37.921 OS Version: Windows x64 6.1.7601 Service Pack 1 19:11:37.921 Number of processors: 4 586 0x2A07 19:11:37.922 ComputerName: LD-PC-DELL UserName: LD 19:11:41.818 Initialize success 19:14:26.263 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 19:14:26.266 Disk 0 Vendor: ST31000524AS JC49 Size: 953869MB BusType: 3 19:14:26.277 Disk 0 MBR read successfully 19:14:26.280 Disk 0 MBR scan 19:14:26.282 Disk 0 Windows VISTA default MBR code 19:14:26.285 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63 19:14:26.288 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920 19:14:26.305 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888 19:14:26.323 Disk 0 scanning C:Windowssystem32drivers 19:14:32.077 Service scanning 19:14:36.017 Service KL1 C:Windowssystem32DRIVERSkl1.sys **LOCKED** 5 19:14:36.046 Service kl2 C:Windowssystem32DRIVERSkl2.sys **LOCKED** 5 19:14:36.097 Service KLIM6 C:Windowssystem32DRIVERSklim6.sys **LOCKED** 5 19:14:36.125 Service klmouflt C:Windowssystem32DRIVERSklmouflt.sys **LOCKED** 5 19:14:42.632 Modules scanning 19:14:42.643 Disk 0 trace - called modules: 19:14:42.666 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 19:14:42.672 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa800659c060] 19:14:42.678 3 CLASSPNP.SYS[fffff88001e1743f] -> nt!IofCallDriver -> [0xfffffa800628e520] 19:14:42.683 5 ACPI.sys[fffff88000f1c7a1] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa800610c060] 19:14:42.689 Scan finished successfully 19:14:50.134 Disk 0 MBR has been saved successfully to "C:UsersLDDesktopMBR.dat" 19:14:50.138 The log file has been saved successfully to "C:UsersLDDesktopaswMBR.txt"
  12. For the past week or so Yahoo mail has been sending mass emails with an advertising link I suspect it may be my Motorola Smartphone but want to make sure my PC is clean. Dell Inspiron 620 64 bit windows 7 with 6 gigs of ram DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37 Run by LD at 22:21:41 on 2012-12-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4186 [GMT -6:00] . AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\splwow64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\notepad.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{9B7C596D-ACA4-43E7-9C63-184BAD56343B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C728B1EE-F695-4A3C-A324-59C80028D72E} : DHCPNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\9mfvx3zq.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\9mfvx3zq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-26 22:24; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-4 55856] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 206448] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-29 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-29 682344] R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-14 65657] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-4 1692480] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-5 3027840] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-4 317440] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-29 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-4 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-6 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-30 03:57:08 -------- d-----w- C:\Users\LD\AppData\Roaming\Malwarebytes 2012-12-30 03:57:06 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-30 03:57:05 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-30 03:57:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-30 03:56:51 -------- d-----w- C:\Users\LD\AppData\Local\Programs 2012-12-28 11:20:40 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8F2AB67-F0DC-43F7-8C2F-51C1E804E005}\mpengine.dll 2012-12-25 04:26:49 -------- d--h--w- C:\ProgramData\CanonIJEGV 2012-12-25 04:10:34 -------- d-----w- C:\ProgramData\CanonIJ 2012-12-25 04:09:30 -------- d--h--w- C:\ProgramData\CanonIJScan 2012-12-25 04:08:43 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX 2012-12-25 04:08:42 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter 2012-12-25 04:08:42 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2 2012-12-25 04:08:42 -------- d--h--w- C:\ProgramData\CanonEPP 2012-12-25 02:14:41 -------- d-----w- C:\ProgramData\CanonIJPLM 2012-12-25 02:14:32 -------- d-----w- C:\ProgramData\Canon IJ Network Tool 2012-12-25 02:14:28 316416 ----a-w- C:\Windows\SysWow64\CNC_B1L.dll 2012-12-25 02:14:28 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2012-12-25 02:14:28 102912 ----a-w- C:\Windows\SysWow64\CNC_B1U.dll 2012-12-25 02:14:27 -------- d--h--w- C:\ProgramData\CanonIJFAX 2012-12-25 02:12:55 -------- d-----w- C:\Program Files\Common Files\CANON 2012-12-25 02:12:47 -------- d-----w- C:\ProgramData\CanonIJWSpt 2012-12-25 02:11:23 -------- d-----w- C:\Program Files\Canon 2012-12-25 02:10:11 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB1.DLL 2012-12-25 02:10:11 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB1.DLL 2012-12-25 02:10:04 385024 ----a-w- C:\Windows\System32\CNMLMB1.DLL 2012-12-25 02:10:03 302592 ----a-w- C:\Windows\System32\CNCALB1.DLL 2012-12-25 02:09:59 256000 ----a-w- C:\Windows\System32\CNMIUB1.DLL 2012-12-25 02:09:43 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL 2012-12-25 02:09:43 -------- d-----w- C:\Windows\System32\STRING 2012-12-25 02:09:42 356864 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2012-12-25 01:47:46 -------- d-----w- C:\Program Files (x86)\Canon 2012-12-21 09:00:25 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 09:00:25 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 09:00:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 09:00:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-13 01:15:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-06 00:41:02 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe . ==================== Find3M ==================== . 2012-12-11 19:45:47 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 19:45:47 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-23 00:50:23 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys . ============= FINISH: 22:22:07.23 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/5/2012 6:18:48 PM System Uptime: 12/29/2012 10:10:17 PM (0 hours ago) . Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 851.461 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP134: 12/18/2012 2:04:06 AM - Windows Update RP135: 12/21/2012 3:00:11 AM - Windows Update RP136: 12/25/2012 12:19:27 AM - Windows Update RP137: 12/28/2012 5:20:15 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Bejeweled 2 Deluxe Bing Bar Bing Rewards Client Installer Blackhawk Striker 2 Bounce Symphony Build-a-lot 2 Cake Mania Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 5.1 Canon MX430 series MP Drivers Canon MX430 series On-screen Manual Canon MX430 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CHIRP Chuzzle Deluxe Citrix Presentation Server Client - Web Only Conexant HD Audio D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Edoc Viewer Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell Support Center Dell VideoStage Diablo III Diner Dash 2 Restaurant Rescue DirectX 9 Runtime Dora's World Adventure eBay EchoLink Escape Whisper Valley Family Tree Legends Farm Frenzy FATE Final Drive Fury Final Drive Nitro FTB7900 Garmin BaseCamp Garmin USB Drivers GotoCamera Client GSAK 8.1.1.44 (patch) Intel® Processor Graphics Java Auto Updater Java 6 Update 27 (64-bit) Java 6 Update 37 Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update Kaspersky Anti-Virus 2012 Logitech Vid HD Logitech Webcam Software Luxor Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Corporation Microsoft IntelliType Pro 8.2 Microsoft LifeCam Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MotoCast MotoHelper MergeModules Motorola Device Manager Motorola Device Software Update MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.9.0 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Namco All-Stars PAC-MAN Netflix in Windows Media Center Penguins! PhotoShowExpress PL-2303 USB-to-Serial Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer RBVirtualFolder64Inst Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Samantha Swift Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.10 Sonic CinePlayer Decoder Pack TeamViewer 7 TG-UV2.2 TrustedID Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Wedding Dash - Ready, Aim, Love! WildTangent Games WildTangent Games App (Dell Games) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/29/2012 10:11:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 12/29/2012 10:11:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 12/29/2012 10:11:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. . ==== End Of File =========================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:23:39 PM, on 12/29/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe C:\Users\LD\Downloads\Antivirus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11718 bytes
  13. Than you very much. I appreciate the time you invested to help me out. Everything seems to be zipping right along and a lot better. One more Question. What free antivirus do you recommend?
  14. [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=8d6e7df687c3ed4a96cd9de91974e696 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-26 11:28:22 # local_time=2011-03-26 06:28:22 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 14491442 14491442 0 0 # compatibility_mode=1024 16777215 100 0 12404410 12404410 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=450085 # found=8 # cleaned=8 # scan_time=35940 C:\Documents and Settings\LD Harrison\Application Data\Sun\Java\Deployment\cache\6.0\26\78482bda-7b30ab6b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\LD Harrison\My Documents\Software and instalation files\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\LD Harrison\My Documents\Software and instalation files\Drivers for usb to serial cable\CH341SER.EXE probably a variant of Win32/Agent.BQHRDXF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\268fb64-25807394 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C F:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\330b3de5-392ba355 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C F:\Program Files\Gamevance\gvun.exe Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\I386\Apps\APP16726\src\SpyInstall_HPPre.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C G:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP704\A0119108.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6179 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/26/2011 11:22:02 PM mbam-log-2011-03-26 (23-22-02).txt Scan type: Quick scan Objects scanned: 151915 Time elapsed: 11 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. ComboFix 11-03-24.06 - LD Harrison 03/25/2011 17:49:47.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.557 [GMT -5:00] Running from: c:\documents and settings\LD Harrison\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\LD Harrison\g2mdlhlpx.exe c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2} c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome.manifest c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\_cfg.js c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\c.js c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\overlay.xul c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\install.rdf c:\netzeroinstaller\NetZeroInstaller.exe c:\windows\system32\midas.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll G:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))) . . 2011-03-25 04:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-03-25 04:27 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-03-25 04:27 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-03-25 04:27 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-03-25 04:27 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-03-25 04:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-03-25 04:27 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-03-25 04:27 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-03-11 03:08 . 2011-03-11 03:09 -------- d-----w- c:\program files\Hanso Recorder 2011-03-11 00:19 . 2011-03-11 00:19 -------- d-----w- c:\program files\PX 2011-03-11 00:13 . 2011-03-11 00:13 -------- d-----w- c:\program files\PuXing 2011-03-09 03:42 . 2011-03-09 03:42 -------- d-----w- c:\documents and settings\LD Harrison\Application Data\Weathersoft 2011-03-09 03:40 . 2011-03-09 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Weathersoft 2011-03-09 03:40 . 2011-03-09 03:40 -------- d-----w- c:\program files\Weathersoft 2011-03-07 04:20 . 2011-03-07 04:20 -------- d-----w- c:\documents and settings\LD Harrison\Application Data\Thunderbird 2011-03-04 02:04 . 2011-03-19 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-03-04 02:04 . 2011-03-04 02:04 -------- d-----w- c:\program files\FTB7900 2011-03-04 02:04 . 2009-02-06 16:41 143360 ----a-w- c:\windows\system32\scom60.OCX 2011-03-04 02:04 . 2009-02-06 16:40 106496 ----a-w- c:\windows\system32\Protocol.dll 2011-03-04 02:04 . 2009-02-06 16:40 114688 ----a-w- c:\windows\system32\supercom.dll 2011-03-04 02:04 . 2004-04-29 20:23 311296 ----a-w- c:\windows\system32\c1sizer.ocx 2011-03-04 02:04 . 2002-12-02 15:03 447760 ----a-w- c:\windows\system32\Vsflex7L.ocx 2011-02-27 22:57 . 2011-02-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-02-26 15:28 . 2011-03-12 23:30 -------- d-----w- c:\documents and settings\LD Harrison\fldigi.files 2011-02-26 15:28 . 2011-02-26 15:28 -------- d-----w- c:\documents and settings\LD Harrison\NBEMS.files 2011-02-26 15:28 . 2011-02-26 15:28 -------- d-----w- c:\program files\Fldigi-3.21.3 . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2005-03-02 23:44 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2005-03-02 23:44 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-03 03:40 . 2011-01-11 05:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19 . 2008-07-16 19:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2005-03-03 00:54 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2005-03-03 00:54 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2005-03-02 23:44 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2005-03-02 23:44 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2005-03-02 23:44 1854976 ----a-w- c:\windows\system32\win32k.sys 1998-04-30 20:56 . 2006-06-15 00:01 129024 ----a-w- c:\program files\UNWISE.EXE 2011-03-18 17:53 . 2011-03-25 04:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-02 1953792] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTMSG"="LTMSG.exe 7" [X] "3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952] "CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248] "AlcWzrd"="ALCWZRD.EXE" [2004-11-29 2748928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-22 184320] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "GPSTrackingUnit"="c:\program files\Beacon GPS Tracking Unit\MonitorSupa.exe" [2007-12-11 36864] "VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "PATHPILOT"="c:\program files\Hanso Recorder\Hanso Recorder.lnk" [2011-03-11 682] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\LD Harrison\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2002-8-9 299008] Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-25 113664] Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-12-25 270336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-25 106496] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\LD Harrison\\Desktop\\emulators\\nes\\nesticleo42\\NESTCL95.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\LD Harrison\\My Documents\\emulators\\nes\\nesticleo42\\NESTCL95.EXE"= "c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "22576:TCP"= 22576:TCP:BitComet 22576 TCP "22576:UDP"= 22576:UDP:BitComet 22576 UDP . R1 Myscope;Myscope;c:\program files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys [4/20/2008 3:39 PM 82920] R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [3/1/2007 7:08 PM 70016] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/7/2010 5:21 PM 91392] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11/9/2010 10:40 PM 2011944] S2 gupdate1c8ff664d35f32c;Google Update Service (gupdate1c8ff664d35f32c);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2008 1:06 AM 133104] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [9/28/2007 8:25 PM 37488] S3 DoradoPC;Conexant VGA Camera;c:\windows\system32\drivers\drdvid40.sys [1/22/2007 12:05 AM 106816] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [11/16/2006 6:46 PM 19034] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/9/2010 12:49 AM 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/6/2009 9:27 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [1/9/2010 12:49 AM 23936] S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2/5/2008 8:51 PM 51200] S3 Usrserft;Myscope Upper Filter Driver;c:\program files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys [4/20/2008 3:39 PM 65592] S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\drivers\w940nd.sys [7/6/2008 12:44 PM 16925] . Contents of the 'Scheduled Tasks' folder . 2011-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . 2011-03-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-16 15:28] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-08-16 03:59] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-08-16 03:59] . 2005-10-14 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12] . 2005-10-14 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12] . 2005-10-14 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12] . 2011-03-25 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-10-14 22:26] . 2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{4597B97F-F354-46AB-8D3B-B7B882A3A2F5}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228" IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227" IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm FF - ProfilePath - c:\documents and settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . AddRemove-DVD Decrypter - c:\program files\DVD Decrypter\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-25 18:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2432) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\program files\TeamViewer\Version5\TeamViewer.exe c:\windows\LTMSG.exe c:\progra~1\AIM\AIMWDI~1.EXE c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe c:\windows\system32\HPZipm12.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Completion time: 2011-03-25 18:15:57 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-25 23:15 . Pre-Run: 52,061,257,728 bytes free Post-Run: 62,421,663,744 bytes free . - - End Of File - - DBD651BCD6710B5AD68DA8F8E443D75F
  16. OTL logfile created on: 3/24/2011 11:34:47 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\LD Harrison\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 604.00 Mb Available Physical Memory | 60.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 180.30 Gb Total Space | 48.31 Gb Free Space | 26.80% Space Free | Partition Type: NTFS Drive D: | 11.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 141.03 Gb Total Space | 33.19 Gb Free Space | 23.54% Space Free | Partition Type: NTFS Drive G: | 8.00 Gb Total Space | 1.42 Gb Free Space | 17.74% Space Free | Partition Type: FAT32 Computer Name: LD | User Name: LD Harrison | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\LD Harrison\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Pechora\GotoCamera\GotoCam.exe () PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent) PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe () PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe (Digibak) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation) PRC - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\WINDOWS\ltmsg.exe (Agere Systems) PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\LD Harrison\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LxrSII1s) -- File not found SRV - (AppMgmt) -- File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Entertainment Task Scheduler) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment Aggregation and Control Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola) DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (MUD) -- C:\WINDOWS\system32\drivers\MUD.sys (Magellan) DRV - (CH341SER) -- C:\WINDOWS\system32\drivers\CH341SER.SYS (www.winchiphead.com) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (3c1807pd) -- C:\WINDOWS\system32\drivers\3c1807pd.sys (U.S. Robotics Corporation) DRV - (KS-959) -- C:\WINDOWS\system32\drivers\KS-959.sys (Kingsun Corporation) DRV - (LxrSII1d) -- C:\WINDOWS\system32\drivers\LxrSII1d.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link) DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link) DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link) DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link) DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link) DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link) DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (Myscope) -- C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys (U.S. Robotics) DRV - (Usrserft) -- C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys (U.S. Robotics) DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation) DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\sqcaptur.sys (Service & Quality Technology.) DRV - (DoradoPC) -- C:\WINDOWS\system32\drivers\drdvid40.sys (Conexant Systems Inc.) DRV - (USRpdA) -- C:\WINDOWS\system32\drivers\USRpdA.sys (U.S. Robotics Corporation) DRV - (w89c940) -- C:\WINDOWS\system32\drivers\w940nd.sys (Winbond Electronics Corporation) DRV - (wandrv) -- C:\WINDOWS\system32\drivers\wandrv.sys (America Online, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (NetZero, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}:1.0 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}: C:\Documents and Settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2} [2009/02/21 02:57:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meeting Center\Modules\Firefox [2009/11/04 18:21:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/05 19:09:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 23:27:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 23:27:15 | 000,000,000 | ---D | M] [2010/10/20 17:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Extensions [2010/10/20 17:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/03/24 23:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions [2011/03/10 18:41:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/09/13 18:49:30 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010/05/26 19:01:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/03/10 18:41:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011/01/01 19:07:56 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011/02/10 18:32:43 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011/03/24 23:22:36 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010/01/27 19:16:05 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} [2011/01/26 18:47:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2008/07/22 23:04:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2) [2011/01/01 19:07:58 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\searchplugins\conduit.xml [2011/03/24 23:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/13 10:35:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/01/11 00:16:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/27 17:58:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2009/02/24 19:08:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/11/04 18:21:46 | 000,000,000 | ---D | M] (Genesys Meeting Center) -- C:\PROGRAM FILES\MEETING CENTER\MODULES\FIREFOX [2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/02/25 19:42:08 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2006/06/06 21:10:53 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.) O4 - HKLM..\Run: [3c1807pd] File not found O4 - HKLM..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GPSTrackingUnit] C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe (Digibak) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems) O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PATHPILOT] C:\Program Files\Hanso Recorder\Hanso Recorder.lnk () O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc) O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.) O4 - Startup: C:\Documents and Settings\LD Harrison\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.) O4 - Startup: C:\Documents and Settings\LD Harrison\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.) O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.) O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found O15 - HKCU\..Trusted Domains: compuserve.com ([]* is out of zone range - 5) O15 - HKCU\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 6) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://www.mathxl.com/applets/PearsonInstallAsst.cab (PearsonAsstX Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} http://www.mathxl.com/applets/DeltaCVX.cab (DeltaCVX Control) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\LD Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\LD Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/12/25 21:58:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/10/09 17:54:15 | 000,000,150 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - G:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{2c6deb20-62fd-11da-8509-00038a000011}\Shell\AutoRun\command - "" = setupSNK.exe O33 - MountPoints2\{7070cdb2-22be-11dc-85a8-00038a000011}\Shell - "" = AutoRun O33 - MountPoints2\{7070cdb2-22be-11dc-85a8-00038a000011}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7070cdb2-22be-11dc-85a8-00038a000011}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{7c4eaf90-21d5-11db-8555-00038a000011}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe O33 - MountPoints2\{acd40646-b96a-11df-ac3c-00a0c9aaee56}\Shell - "" = AutoRun O33 - MountPoints2\{acd40646-b96a-11df-ac3c-00a0c9aaee56}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{acd40646-b96a-11df-ac3c-00a0c9aaee56}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.mjpg - C:\WINDOWS\System32\CnxtMJPG.dll (Conexant Systems Inc.) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave9 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2011/03/24 23:30:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LD Harrison\Desktop\OTL.exe [2011/03/24 23:24:42 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\LD Harrison\Desktop\Firefox Setup 4.0.exe [2011/03/24 03:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/03/23 20:19:46 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\LD Harrison\Desktop\ATF-Cleaner.exe [2011/03/23 20:08:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\LD Harrison\Desktop\HijackThis.exe [2011/03/10 22:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Hanso Recorder [2011/03/10 22:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hanso Recorder [2011/03/10 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hanso Recorder [2011/03/10 20:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Desktop\Quenshang Dat [2011/03/10 19:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\PX [2011/03/10 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\PuXing [2011/03/10 18:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Desktop\Puxing 777 [2011/03/08 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Application Data\Weathersoft [2011/03/08 22:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Weather [2011/03/08 22:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WeatherScope [2011/03/08 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Weathersoft [2011/03/08 22:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Weathersoft [2011/03/06 23:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Application Data\Thunderbird [2011/03/03 21:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\EchoLink [2011/03/03 21:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Yaesumemoryfiles [2011/03/03 21:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/03/03 21:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FTB7900 [2011/03/03 21:04:13 | 000,447,760 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\Vsflex7L.ocx [2011/03/03 21:04:13 | 000,311,296 | ---- | C] (ComponenetOne) -- C:\WINDOWS\System32\c1sizer.ocx [2011/03/03 21:04:13 | 000,143,360 | ---- | C] (ADONTEC Ltd.) -- C:\WINDOWS\System32\scom60.OCX [2011/03/03 21:04:13 | 000,114,688 | ---- | C] (ADONTEC LTD) -- C:\WINDOWS\System32\supercom.dll [2011/03/03 21:04:13 | 000,106,496 | ---- | C] (ADONTEC LTD) -- C:\WINDOWS\System32\Protocol.dll [2011/03/03 21:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\FTB7900 [2011/02/27 17:58:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/02/27 17:58:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/02/27 17:58:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/02/27 17:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2011/02/27 14:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\GPS Files [2011/02/27 14:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Computer Boot discs keys [2011/02/27 14:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Reciepts [2011/02/27 14:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\My Writing [2011/02/27 14:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Virus Malware Removal [2011/02/27 14:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Windows 7 Beta [2011/02/27 14:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Phone Pocket PC [2011/02/27 14:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Bill of sale etc [2011/02/27 13:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Weather Software etc [2011/02/27 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Self Help Etc [2011/02/27 13:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Family Keepsakes [2011/02/27 13:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\My Documents\Geneology Forms and blanks [2011/02/26 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\NBEMS.files [2011/02/26 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\fldigi.files [2011/02/26 10:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LD Harrison\Start Menu\Programs\Fldigi [2011/02/26 10:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fldigi-3.21.3 [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/24 23:30:57 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4597B97F-F354-46AB-8D3B-B7B882A3A2F5}.job [2011/03/24 23:30:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LD Harrison\Desktop\OTL.exe [2011/03/24 23:27:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/03/24 23:27:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/03/24 23:27:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/03/24 23:25:54 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\LD Harrison\Desktop\Firefox Setup 4.0.exe [2011/03/24 22:12:29 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2011/03/24 19:07:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\prvlcl.dat [2011/03/24 18:47:47 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.ris [2011/03/24 18:47:41 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.enw [2011/03/24 18:47:35 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.bibtex [2011/03/24 18:20:30 | 003,932,739 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\CE000407.jpg [2011/03/24 17:56:39 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Microsoft Office Word 2003.lnk [2011/03/24 14:08:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/03/24 06:26:29 | 109,681,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/03/24 06:23:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/03/24 01:27:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/03/23 20:19:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\LD Harrison\Desktop\ATF-Cleaner.exe [2011/03/23 20:08:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\LD Harrison\Desktop\HijackThis.exe [2011/03/23 20:04:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/23 20:03:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/23 20:03:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011/03/23 20:03:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2011/03/22 08:40:41 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI [2011/03/20 18:52:35 | 000,000,048 | ---- | M] () -- C:\WINDOWS\webica.ini [2011/03/18 09:04:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/03/16 03:35:05 | 000,465,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/03/16 03:35:05 | 000,081,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/03/16 03:07:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/14 19:31:22 | 006,492,096 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\GotoCameraSetup60203.exe [2011/03/12 20:26:27 | 000,014,163 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\7900latest.CSV [2011/03/10 22:09:08 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk [2011/03/10 22:09:08 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hanso Recorder.lnk [2011/03/10 19:19:02 | 000,001,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PX6IN1.lnk [2011/03/10 19:13:39 | 000,001,443 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PX-777 V5.0.lnk [2011/03/08 23:12:34 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Application Data\WeatherScopePrefs.xml [2011/03/08 23:12:31 | 000,002,600 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi2.wxscript [2011/03/08 23:08:46 | 000,002,438 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi.wxscript [2011/03/08 22:47:46 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\new_orleans.wxscript [2011/03/05 19:05:51 | 002,898,668 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\94EF8C96d01.pdf [2011/02/27 16:28:41 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/26 10:28:19 | 000,001,579 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Fldigi 3.21.3.lnk [2011/02/26 10:28:19 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\LD Harrison\Desktop\Flarq 4.3.1.lnk [2011/02/26 09:59:36 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\LD Harrison\g2mdlhlpx.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/24 23:27:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/03/24 18:47:46 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.ris [2011/03/24 18:47:41 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.enw [2011/03/24 18:47:35 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Land_records_of_Newton_County_Mississipp.bibtex [2011/03/24 18:20:26 | 003,932,739 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\CE000407.jpg [2011/03/14 19:31:06 | 006,492,096 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\GotoCameraSetup60203.exe [2011/03/12 20:26:27 | 000,014,163 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\7900latest.CSV [2011/03/10 22:09:08 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk [2011/03/10 22:09:08 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hanso Recorder.lnk [2011/03/10 19:19:02 | 000,001,405 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PX6IN1.lnk [2011/03/10 19:19:01 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PX6IN1.lnk [2011/03/10 19:13:39 | 000,001,443 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PX-777 V5.0.lnk [2011/03/08 23:12:31 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi2.wxscript [2011/03/08 23:08:46 | 000,002,438 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Mississippi.wxscript [2011/03/08 22:47:45 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\new_orleans.wxscript [2011/03/08 22:42:34 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\WeatherScopePrefs.xml [2011/03/05 19:16:24 | 002,898,668 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\94EF8C96d01.pdf [2011/02/26 10:28:19 | 000,001,579 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Fldigi 3.21.3.lnk [2011/02/26 10:28:19 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Desktop\Flarq 4.3.1.lnk [2011/02/26 09:59:35 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\LD Harrison\g2mdlhlpx.exe [2011/02/13 10:36:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/11/28 14:15:13 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\setup_ldm.iss [2010/04/05 20:39:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\prvlcl.dat [2009/01/25 21:49:33 | 000,001,040 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI [2009/01/13 19:56:53 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008/11/03 19:02:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2008/09/06 02:02:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\pident.ini [2008/09/06 01:58:37 | 000,000,581 | ---- | C] () -- C:\WINDOWS\pirchutl.ini [2008/01/18 20:01:48 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/01/17 21:00:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/09/28 22:45:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\removeark.exe [2007/09/28 22:45:47 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys [2007/09/12 20:14:50 | 000,023,974 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\Microsoft Access.ADR [2007/09/12 19:59:29 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007/09/06 19:46:10 | 000,000,471 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2007/03/28 20:36:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\$_hpcst$.hpc [2007/03/04 17:50:56 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll [2007/03/01 19:08:16 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys [2007/03/01 19:08:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe [2007/01/07 17:53:09 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys [2007/01/07 17:53:09 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys [2006/12/10 01:37:21 | 000,037,961 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat [2006/09/10 08:45:30 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI [2006/08/27 13:44:41 | 000,000,290 | ---- | C] () -- C:\WINDOWS\SCRABOUT.INI [2006/08/11 23:36:24 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll [2006/08/11 23:35:00 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\d2jsp.dll [2006/06/25 20:43:05 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ytlat22b.dat [2006/06/25 18:42:56 | 000,000,886 | ---- | C] () -- C:\WINDOWS\EntPack.dat [2006/06/25 18:42:56 | 000,000,175 | ---- | C] () -- C:\WINDOWS\EntPack.ini [2006/06/14 19:01:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini [2006/06/14 19:01:06 | 000,129,024 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2006/05/22 17:51:10 | 000,000,048 | ---- | C] () -- C:\WINDOWS\webica.ini [2006/05/22 14:40:48 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2006/04/28 18:38:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\MARPLOT.INI [2006/04/28 18:36:49 | 000,048,640 | ---- | C] () -- C:\WINDOWS\NOAA_32.DLL [2006/04/18 21:35:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/04/11 17:30:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll [2006/02/23 23:06:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/02/11 10:19:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2006/01/23 01:41:13 | 000,002,298 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\wklnhst.dat [2005/12/28 21:45:01 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Application Data\ViewerApp.dat [2005/12/26 23:02:10 | 000,145,408 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/25 21:55:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2005/12/02 01:46:37 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005/11/09 01:19:18 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\LD Harrison\Local Settings\Application Data\fusioncache.dat [2005/11/09 01:03:14 | 000,104,253 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2005/11/09 01:03:14 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2005/10/14 02:02:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/10/14 00:23:36 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2005/10/14 00:19:50 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2005/10/14 00:19:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/10/14 00:19:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/10/14 00:19:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/10/14 00:19:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/10/14 00:19:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/10/14 00:19:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/10/14 00:17:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/10/14 00:10:43 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2005/03/02 22:39:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/03/02 22:22:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat [2005/03/02 22:22:54 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005/03/02 21:47:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2005/03/02 21:46:33 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe [2005/03/02 20:55:52 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat [2005/03/02 20:00:52 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/03/02 19:58:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/03/02 19:55:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/03/02 18:45:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2005/03/02 18:45:11 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/03/02 18:44:55 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll [2005/03/02 18:44:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/03/02 18:44:54 | 000,465,336 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/03/02 18:44:54 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32
  17. My computer has slowed down drastically. Sony Vaio Pentium 4 3 GHZ with 1GB Ram Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:11:17 PM, on 3/23/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\LTMSG.exe C:\PROGRA~1\AIM\AIMWDI~1.EXE C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\LD Harrison\Desktop\HijackThis.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [GPSTrackingUnit] C:\Program Files\Beacon GPS Tracking Unit\MonitorSupa.exe O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files\Hanso Recorder\Hanso Recorder.lnk O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Google Update Service (gupdate1c8ff664d35f32c) (gupdate1c8ff664d35f32c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing) O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15434 bytes
  18. Sorry it took so long for me to respond but the Computer had a hard drive failure so I plan on purchasing a new computer for her. Thanks for your patience and help on this problem. Again Thank you very much.
  19. The file named Cleanme was what I tried to run but nothing happeneed. I will try again when I can get back to that computer this afternoon.
  20. Combofix will not run i clicked it and nothing happens. I even tried it in safe mode and nothing there either I even left it for a few minutes after clicking and still nothing. It's looking more like I need to format the HD and start over but I will await your response.
  21. Malwarebytes will not run on the computer. The computer will connect to the internet but will not let you go to PC pitstop website as well as any anti virus site. When I click on the file to run Malwarebytes it simply does nothing.
  22. info.txt logfile of random's system information tool 1.06 2009-04-08 15:58:54 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4x4 Evo2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Terminal Reality\4x4 Evo2\Uninst.isu" Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} America Online-->C:\WINDOWS\Aolunins_us.exe AOL Coach Version 1.0(Build:20011028.1)-->C:\WINDOWS\AolCInUn.exe ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Battle.net-->C:\WINDOWS\bnetunin.exe Belkin N Wireless USB Adapter Setup-->C:\Program Files\InstallShield Installation Information\{28FA3609-B6E2-4BCA-B089-F5122AC417C5}\setup.exe -runfromtemp -l0x0009 -removeonly Big Game Hunter II - Open Season-->C:\WINDOWS\uninst.exe -f"C:\Program Files\HeadGames\Big Game Hunter II\DeIsL1.isu" -c"C:\Program Files\HeadGames\Big Game Hunter II\_ISREG32.DLL" Big Game Hunter II-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Headgames\Big Game Hunter II\Uninst.isu" Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe" Camp Funshine: Carrie the Caregiver 3-->C:\PROGRA~1\SHOCKW~1.COM\CAMPFU~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CAMPFU~1\INSTALL.LOG CIF USB Camera-->C:\Program Files\InstallShield Installation Information\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}\setup.exe -runfromtemp -l0x0009 -removeonly ClueFinders Mystery Mansion Arcade-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\ClueFinders Mystery Mansion Arcade\Uninstall.xml" C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Diablo-->C:\WINDOWS\diabunin.exe Diner Dash-->"C:\Program Files\Oberon Media\Diner Dash\Uninstall.exe" "C:\Program Files\Oberon Media\Diner Dash\install.log" Dirt Track Racing-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ratbag\Dirt Track Racing\Uninst.isu" Dogz (remove only)-->"C:\Program Files\Ubisoft\Dogz\uninstall.exe" 1033 Dynomite Deluxe 2.70y-->C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24} ebgcRes-->MsiExec.exe /X{41F8316B-D73A-44CE-98A3-A43CDED14857} ebgcSDK-->MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822} Event Planner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{741849D8-E8D9-49CF-B373-0D7507ED0A56}\setup.exe" Galaxy of Games 201-->C:\PROGRA~1\eGames\GALAXY~1\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~1\INSTALL.LOG GSP Sudoku-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EFE9337-4BA0-4982-9D24-1844318B92C9}\Setup.exe" -l0x9 -removeonly GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly Hallmark Card Studio 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}\setup.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Jessica\Desktop\Virus and malware sc\HijackThis.exe" /uninstall Hollywood Pets Patch v1.3-->"C:\Program Files\Hollywood Pets\unins000.exe" Horsez-->C:\Program Files\UbiSoft\Lexis Numérique\Horsez\Desinst.exe Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HOTLLAMA Media Player-->C:\PROGRA~1\HOTLLA~1\Player\UNWISE.EXE C:\PROGRA~1\HOTLLA~1\Player\INSTALL.LOG I Want To Ride-->MsiExec.exe /I{2A92E691-1C9D-4BD6-A2D8-BF1D4E745886} iConcepts Music Express -->C:\PROGRA~1\ICONCE~1\Setup.exe /remove /q0 Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} Jigsaw USA Special Edition-->C:\PROGRA~1\eGames\JIGSAW~1\UNWISE.EXE C:\PROGRA~1\eGames\JIGSAW~1\INSTALL.LOG JumpStart Kindergarten 98-->C:\WINDOWS\IsUninst.exe -fC:\KA\KG98\DeIsL1.isu Just Aces-->C:\PROGRA~1\eGames\JUSTAC~1\UNWISE.EXE C:\PROGRA~1\eGames\JUSTAC~1\INSTALL.LOG Kitty Luv v1.3-->"C:\Program Files\Kitty Luv\unins000.exe" Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Maze-->C:\PROGRA~1\eGames\Maze\UNWISE.EXE C:\PROGRA~1\eGames\Maze\INSTALL.LOG Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169} Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80} Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mighty Math Calculating Crew-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Mighty Math Calculating Crew\Uninstall.xml" Mind Twister Math-->C:\Program Files\The Learning Company\Mind Twister Math\uninstall.exe Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Muscle Car 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E2E76EE5-456B-4D81-93D1-DBCD2F755B18} My Web Search (Webfetti)-->rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsbar.dll,O Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu" Nickelodeon Toon Twister 3-D-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}\Setup.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall oobeFlagNetscape0-->MsiExec.exe /X{D95877BE-0165-42EC-B558-727F9F41372C} Paradise-->"C:\Program Files\UBISOFT\White Birds\Paradise\unins000.exe" Paws and Claws Pet School (remove only)-->C:\Program Files\Paws and Claws Pet School\Uninstall.exe Pet Vet (remove only)-->C:\Program Files\Pet Vet\Uninstall.exe Photo Explosion SE-->MsiExec.exe /X{5BC304B7-84B4-43B3-8A62-EB9BC2051544} PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Registry Defender-->"C:\Program Files\Registry Defender\Uninstall.exe" "C:\Program Files\Registry Defender\install.log" -u Ride! Carnival Tycoon-->"C:\Program Files\ValuSoft\Ride Carnival Tycoon\UnInstall.exe" Rings of the Magi-->C:\PROGRA~1\eGames\RINGSO~1\UNWISE.EXE C:\PROGRA~1\eGames\RINGSO~1\INSTALL.LOG Rugrats Mystery Adventures-->C:\WINDOWS\UNINST.EXE -f"C:\MATTEL~1\RUGRAT~1\DeIsL1.isu" S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log SimCity 3000-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Maxis\SIMCIT~1\Uninst.isu SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf Space Academy GX-1-->C:\Program Files\The Learning Company\Space Academy GX-1\uninstal.exe The King and I Thinking Adventure-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sound Source Interactive\The King and I Thinking Adventure\Uninst.isu" The Print Shop 21-->MsiExec.exe /I{DCF84385-88E3-4472-8144-E95B823FC5DB} The Print Shop Premier Edition 5.0-->C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\psfinst.dll" The Print Shop PressWriter 1.5-->C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop PressWriter 1.5\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop PressWriter 1.5\psfinst.dll" The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe The Sims Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009 The Sims-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu" The Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe The Weather Channel Desktop-->C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe Thinkin' Science-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Thinkin' Science\Uninstall.xml" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u Weather Services-->C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4 Wild Wheels Special Edition-->C:\PROGRA~1\eGames\WILDWH~1\UNWISE.EXE C:\PROGRA~1\eGames\WILDWH~1\INSTALL.LOG Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======Security center information====== AV: AVG Anti-Virus Free (outdated) ======System event log====== Computer Name: YOUR-9F425D0BBF Event Code: 32 Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system. Record Number: 22118 Source Name: SideBySide Time Written: 20090124194111.000000-480 Event Type: error User: Computer Name: YOUR-9F425D0BBF Event Code: 59 Message: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL. Reference error message: The operation completed successfully. . Record Number: 22117 Source Name: SideBySide Time Written: 20090124194110.000000-480 Event Type: error User: Computer Name: YOUR-9F425D0BBF Event Code: 59 Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. . Record Number: 22116 Source Name: SideBySide Time Written: 20090124194110.000000-480 Event Type: error User: Computer Name: YOUR-9F425D0BBF Event Code: 32 Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system. Record Number: 22115 Source Name: SideBySide Time Written: 20090124194110.000000-480 Event Type: error User: Computer Name: YOUR-9F425D0BBF Event Code: 5004 Message: Intel® PRO/100B PCI Adapter (TX) : Could not connect to the interrupt number supplied. Record Number: 22113 Source Name: E100B Time Written: 20090124194110.000000-480 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------
  23. Quick Question. This computer is on a home network via a wireless adapter. Will this computers problem affect the other computers on the network? Here are the txt files requested. Logfile of random's system information tool 1.06 (written by random/random) Run by Jessica at 2009-04-08 15:58:32 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 40 GB (55%) free of 73 GB Total RAM: 991 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58:47 PM, on 4/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\PackethSvc.exe C:\Documents and Settings\Jessica\Application Data\cogad\cogad.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Documents and Settings\Jessica\Application Data\Twain\Twain.exe C:\Documents and Settings\Jessica\Application Data\digifast\digifast.exe C:\Documents and Settings\Jessica\Application Data\Microsoft\Windows\yvgsj.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Jessica\Desktop\RSIT.exe C:\Documents and Settings\Jessica\Desktop\Virus and malware sc\Jessica.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60313 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {5a33d81c-ea90-49fb-8d9d-d1e6bd3bb928} - C:\WINDOWS\system32\ljJCvTmn.dll O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\mlJYQGVm.dll O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {d5bf4552-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe O4 - HKLM\..\Run: [10c022b6] rundll32.exe "C:\WINDOWS\system32\bwpifcia.dll",b O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Jessica\LOCALS~1\Temp\200947204055_mcinfo.exe /insfin O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Jessica\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Jessica\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Jessica\Application Data\Twain\Twain.exe O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\Jessica\Application Data\digifast\digifast.exe O4 - HKCU\..\Run: [sfKg6wIPuSpdc] C:\Documents and Settings\Jessica\Application Data\Microsoft\Windows\yvgsj.exe O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Jessica\LOCALS~1\Temp\3701902562.exe O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm429MFUS O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216342251761 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: dthtfm.dll,mxliup.dll,avgrsstx.dll O20 - Winlogon Notify: mlJYQGVm - C:\WINDOWS\SYSTEM32\mlJYQGVm.dll O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwssvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10841 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\rpc.job C:\WINDOWS\tasks\ubnkqcao.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a33d81c-ea90-49fb-8d9d-d1e6bd3bb928}] C:\WINDOWS\system32\ljJCvTmn.dll [2009-01-25 315904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}] C:\WINDOWS\system32\mlJYQGVm.dll [2009-01-25 36352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf4552-94f1-42bd-f434-3604812c807d}] C:\WINDOWS\system32\gsdrgfdrrgnd.dll - C:\WINDOWS\system32\gsdrgfdrrgnd.dll [2009-01-25 15000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 {74CC49F7-EB32-4A08-B204-948962A6E3DB} - SpamBlockerUtility - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll [] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-04-18 98304] "MediaPipe P2P Loader"=C:\Program Files\p2pnetworks\mpp2pl.exe /H [] "My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\MWSBAR.DLL,S [] "MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe [2008-11-16 32838] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-09-02 26112] "VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056] "AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-09-27 245760] "MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\M3PLUGIN.DLL,UPF [] "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488] "lrijh8s73jhbfgfd"=C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe [2009-01-25 15000] "10c022b6"=C:\WINDOWS\system32\bwpifcia.dll [2009-04-07 80896] "msci"=C:\DOCUME~1\Jessica\LOCALS~1\Temp\200947204055_mcinfo.exe /insfin [] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-07 1177368] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704] "MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe [2008-11-16 32838] "cogad"=C:\Documents and Settings\Jessica\Application Data\cogad\cogad.exe [2009-01-25 56832] "lrijh8s73jhbfgfd"=C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe [2009-01-25 15000] "tezrtsjhfr84iusjfo84f"=C:\DOCUME~1\Jessica\LOCALS~1\Temp\csrssc.exe [] "Twain"=C:\Documents and Settings\Jessica\Application Data\Twain\Twain.exe [2009-02-06 61952] "DigiFast"=C:\Documents and Settings\Jessica\Application Data\digifast\digifast.exe [2009-04-07 225792] "SfKg6wIPuSpdc"=C:\Documents and Settings\Jessica\Application Data\Microsoft\Windows\yvgsj.exe [2009-04-07 35840] "Diagnostic Manager"=C:\DOCUME~1\Jessica\LOCALS~1\Temp\3701902562.exe [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe America Online 7.0 Tray Icon.lnk - C:\Program Files\America Online 7.0\aoltray.exe Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe C:\Documents and Settings\Jessica\Start Menu\Programs\Startup America Online 6.0 Tray Icon.lnk - C:\America Online 6.0\aoltray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="dthtfm.dll,mxliup.dll,avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJYQGVm] C:\WINDOWS\system32\mlJYQGVm.dll [2009-01-25 36352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll [2009-01-25 15000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\mlJYQGVm.dll [2009-01-25 36352] "{5b62570d-675a-4366-8dec-62d6585270f8}"=C:\WINDOWS\system32\vritks.dll [2009-04-08 120832] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\ljJCvTmn [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\p2pnetworks\p2pnetworks.exe"="C:\Program Files\p2pnetworks\p2pnetworks.exe:*:Enabled:P2PNetworks" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\Documents and Settings\Jessica\Desktop\emulators\nes\nesticleo42\NESTCL95.EXE"="C:\Documents and Settings\Jessica\Desktop\emulators\nes\nesticleo42\NESTCL95.EXE:*:Disabled:NESTCL95" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] shell\AutoRun\command - E:\Start.exe ======List of files/folders created in the last 2 months====== 2009-04-08 15:58:32 ----D---- C:\rsit 2009-04-08 15:57:21 ----A---- C:\WINDOWS\system32\vritks.dll 2009-04-08 15:57:15 ----A---- C:\WINDOWS\system32\edhacdsj.dll 2009-04-07 21:39:38 ----D---- C:\Program Files\Hotbar 2009-04-07 20:59:04 ----HD---- C:\$AVG8.VAULT$ 2009-04-07 20:51:43 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-04-07 20:51:01 ----D---- C:\Program Files\AVG 2009-04-07 20:50:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-04-07 20:34:32 ----SH---- C:\WINDOWS\system32\aicfipwb.ini2 2009-04-07 20:31:24 ----SH---- C:\WINDOWS\system32\aicfipwb.tmp 2009-04-07 20:28:26 ----A---- C:\WINDOWS\system32\wutbhf.dll 2009-04-07 20:28:25 ----A---- C:\WINDOWS\system32\gcufxvwa.dll 2009-04-07 20:28:11 ----SH---- C:\WINDOWS\system32\aicfipwb.ini 2009-04-07 20:28:00 ----A---- C:\WINDOWS\system32\bwpifcia.dll 2009-04-07 19:57:04 ----SH---- C:\WINDOWS\system32\rkjxswhj.ini 2009-04-07 19:56:48 ----A---- C:\WINDOWS\system32\jhwsxjkr.dll 2009-04-07 19:55:17 ----D---- C:\Documents and Settings\Jessica\Application Data\digifast 2009-04-07 19:54:50 ----A---- C:\WINDOWS\system32\zvnspg.dll 2009-04-07 19:54:46 ----A---- C:\WINDOWS\system32\hxguwjfq.dll ======List of files/folders modified in the last 2 months====== 2009-04-08 15:58:48 ----ASH---- C:\WINDOWS\system32\nmTvCJjl.ini 2009-04-08 15:58:17 ----D---- C:\WINDOWS\Temp 2009-04-08 15:57:52 ----D---- C:\WINDOWS\system32 2009-04-08 15:57:24 ----ASH---- C:\WINDOWS\system32\nmTvCJjl.ini2 2009-04-08 15:57:05 ----A---- C:\WINDOWS\system32\1be3e6c8-.txt 2009-04-08 15:56:59 ----D---- C:\WINDOWS\system32\ias 2009-04-08 15:56:31 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-08 15:54:50 ----D---- C:\WINDOWS 2009-04-08 00:53:11 ----D---- C:\Documents and Settings\Jessica\Application Data\AdobeUM 2009-04-08 00:09:34 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-04-07 23:59:17 ----D---- C:\WINDOWS\Prefetch 2009-04-07 21:54:17 ----D---- C:\WINDOWS\system32\drivers 2009-04-07 21:42:29 ----D---- C:\Program Files 2009-04-07 21:41:25 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-07 21:20:47 ----D---- C:\Program Files\DownloadManager 2009-04-07 20:50:58 ----SHD---- C:\WINDOWS\Installer 2009-04-07 20:50:02 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-04-07 20:50:01 ----D---- C:\WINDOWS\WinSxS 2009-04-07 20:48:37 ----SD---- C:\Documents and Settings\Jessica\Application Data\Microsoft 2009-04-07 20:41:28 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com 2009-04-07 20:24:35 ----D---- C:\Program Files\Mozilla Firefox 2009-04-07 20:09:05 ----D---- C:\Program Files\IncrediMail 2009-04-07 20:08:33 ----RSD---- C:\WINDOWS\Fonts 2009-04-07 19:57:50 ----SH---- C:\WINDOWS\system32\tysatjcl.ini 2009-03-08 14:31:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgldx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-07 96520] R1 avgmfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-07 26184] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-13 21361] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-09-02 8552] R2 avgtdix;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-07 75272] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-29 517632] R3 S3Psddr;S3Psddr; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-13 167168] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396] R3 wandrv;WAN Network Driver; C:\WINDOWS\system32\DRIVERS\wandrv.sys [2000-12-03 22640] S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 285088] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496] S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-01-09 42496] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536] S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160] S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-09-09 130309] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968] S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-16 33280] S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-16 12928] S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032] S3 PAC207;CIF USB Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 505984] S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-13 167168] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys [] S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-04-07 902424] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-07 282904] R2 PackethSvc;Virtual NIC Service; C:\WINDOWS\system32\PackethSvc.exe [2000-12-07 51200] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-04-18 172032] R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2000-11-30 57344] S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwssvc.exe [2008-11-16 28762] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF-----------------
  24. AVG says there are trojans and adware on the computer and it had Spamblocker utility program that seems to be a big part of the problem tried to uninstall but it reappears and the IE redirects when i try to run any online scanner and Firefox will not even run. Please help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:07:41 PM, on 4/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Jessica\LOCALS~1\Temp\200947204055_mcinfo.exe C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Documents and Settings\Jessica\Application Data\cogad\cogad.exe C:\Documents and Settings\Jessica\Application Data\Twain\Twain.exe C:\Documents and Settings\Jessica\Application Data\digifast\digifast.exe C:\Documents and Settings\Jessica\Application Data\Microsoft\Windows\yvgsj.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\iConcepts Music Express\MEAutoDetect.exe C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\avgui.exe C:\DOCUME~1\Jessica\LOCALS~1\Temp\3701902562.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbSrv.exe C:\Documents and Settings\Jessica\Desktop\Virus and malware sc\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60313 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~2\bar\a.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe O4 - HKLM\..\Run: [10c022b6] rundll32.exe "C:\WINDOWS\system32\bwpifcia.dll",b O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Jessica\LOCALS~1\Temp\200947204055_mcinfo.exe /insfin O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwsoemon.exe O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Jessica\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jessica\LOCALS~1\Temp\winlognn.exe O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Jessica\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Jessica\Application Data\Twain\Twain.exe O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\Jessica\Application Data\digifast\digifast.exe O4 - HKCU\..\Run: [sfKg6wIPuSpdc] C:\Documents and Settings\Jessica\Application Data\Microsoft\Windows\yvgsj.exe O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Jessica\LOCALS~1\Temp\3701902562.exe O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm429MFUS O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216342251761 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: dthtfm.dll,mxliup.dll,avgrsstx.dll O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~2\bar\a.bin\mwssvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11128 bytes
  25. OK After reboot the formating problem with firefox is gone. havent had a web browser window close yet. I really appreciate your time. Hope you had a good night and I will check back on Sunday as we are going Geocaching tommmorrow. Have a great weekend and If I win the lottery I'm sending you on an all expense paid vacation. Keep your fingers crossed.
×
×
  • Create New...