ipepper

Ok, thanks for the help. Question... why did you have me uninstall bittorrent? Is there a reason I should'nt install it again?

OK I take it back - when I turn the MS Security Essentials real time protection on things start hanging again.

better... file downloads don't seem to hangup anymore. The overall performance (browser-wise) is better. The overall system performance remains about 50% from where it used to be.

Here you go... RogueKiller V8.4.0 [Dec 18 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Admin [Admin rights] Mode : Scan -- Date : 12/18/2012 18:42:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500JB-00REA0 +++++ --- User --- [MBR] 1c1d3deb69840e93181e332dfa55fdd6 [bSP] c192851ad45fabb46a2564533df54248 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 138466 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12182012_02d1842.txt >> RKreport[1]_S_12182012_02d1842.txt

Done - I could not run defrag with "%systemdrive%" so I used C: instead. It seems slightly better than before but it still hangs frequently.

Done - Performance is slightly better browser-wise. PC still hangs periodically.

Here's the junkware log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.9.6 (12.07.2012:1) OS: Microsoft Windows XP x86 Ran by Admin on Fri 12/07/2012 at 20:46:40.40 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com" Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_current_user\software\pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/07/2012 at 20:56:45.59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Not noticing any difference in performance. Everything seems to work, it just takes 5 minutes for a web page to load (for example). It can take about 30 seconds to switch between windows. Not sure if this will help but here are some observations. I was curious and looked at the runnung processes in windows task manager and found multiple instancs of chrome.exe running when I only had 1 window and 1 tab open. I monitored the processes while trying to open the following web page (after googling for an answer). The web page took about 5 minutes to load and I.E. was hogging over 250MB memory. I tried opening the same web page in chrome which took just as long but chrome only used about 80MB. The strange thing is that the CPU usage is usually under 30% while I am waiting for it to complete a simple task. http://productforums.google.com/forum/#!topic/chrome/og-xdL55RJM

Here's the Kaspersky log: Status: Disinfected (events: 2) 12/4/2012 10:16:04 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip High 12/4/2012 10:16:03 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip/FedexInvoice_EE776129.exe High Status: Deleted (events: 2) 12/5/2012 7:10:46 AM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\Shared Drive\backup\Programs\Bleeping\OTL.exe High 12/5/2012 6:15:58 PM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\System Volume Information\_restore{BBCB31A8-FC60-4E6F-83E1-FF8611C6E7DD}\RP1126\A0119895.exe High

Here are the logs: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=badc5ec42a880742ba171922e0cd9fe6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-04 01:01:21 # local_time=2012-12-03 08:01:21 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 82177391 82177391 0 0 # compatibility_mode=5891 16776533 42 87 0 50514151 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=badc5ec42a880742ba171922e0cd9fe6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-04 02:50:29 # local_time=2012-12-03 09:50:29 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 82177651 82177651 0 0 # compatibility_mode=5891 16776869 42 87 0 50514411 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=93889 # found=3 # cleaned=3 # scan_time=6291 D:\Shared Drive\backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Shared Drive\backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Shared Drive\backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-03 22:06:29 ----------------------------- 22:06:29.359 OS Version: Windows 5.1.2600 Service Pack 3 22:06:29.359 Number of processors: 1 586 0x102 22:06:29.359 ComputerName: DELL1 UserName: Admin 22:06:30.481 Initialize success 22:11:00.249 AVAST engine defs: 12120301 22:11:12.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 22:11:12.737 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3 22:11:12.747 Disk 0 MBR read successfully 22:11:12.747 Disk 0 MBR scan 22:11:12.827 Disk 0 Windows XP default MBR code 22:11:12.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63 22:11:12.827 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 204796620 22:11:12.857 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 204796683 22:11:12.867 Disk 0 scanning sectors +488376000 22:11:12.997 Disk 0 scanning C:\WINDOWS\system32\drivers 22:11:25.735 Service scanning 22:11:41.278 Modules scanning 22:11:48.838 Disk 0 trace - called modules: 22:11:49.169 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS 22:11:49.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82382ab8] 22:11:49.169 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823a26d0] 22:11:49.830 AVAST engine scan C:\WINDOWS 22:12:03.309 AVAST engine scan C:\WINDOWS\system32 22:15:44.818 AVAST engine scan C:\WINDOWS\system32\drivers 22:16:09.193 AVAST engine scan C:\Documents and Settings\Admin 22:23:00.965 AVAST engine scan C:\Documents and Settings\All Users 22:24:05.648 Scan finished successfully 22:36:04.151 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat" 22:36:04.161 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Jeff, thanks for the help and advice. I will definately take the time to research malware prevention. ComboFix is uninstalled and I.E. security settings were already as recommended. One thing I forgot to ask... since Java is installed but does not show up in the control panel, should I reinstall it? MS Security Essentials did not like the last Java update so should I tell SE to trust it?

Thanks for helping Maniac. Here are the logs. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.02.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Admin :: DELL1 [administrator] 12/2/2012 8:54:48 AM mbam-log-2012-12-02 (08-54-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 236930 Time elapsed: 11 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) =========================================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Admin at 9:16:23 on 2012-12-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.180 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\program files\real\realplayer\update\realsched.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned> BHO: AutorunsDisabled - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [KBD] c:\hp\kbd\KBD.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///F:/LTOCX14N.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165807308463 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349019991182 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{228C18C5-7E2B-4AD9-9498-29C248E27831} : DHCPNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AutorunsDisabled - <no file> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944] S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2006-12-9 148352] S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2009-6-15 61440] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408] S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-11-25 47360] S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-11-25 47360] S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-11-25 28032] S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336] . =============== File Associations =============== . ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1" ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1" . =============== Created Last 30 ================ . 2012-12-02 13:06:53 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb6beaf-5f89-4da7-b24f-30492c84e107}\mpengine.dll . ==================== Find3M ==================== . 2012-11-11 11:10:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-11 11:10:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-12 19:32:08 88688 ----a-w- c:\windows\system32\cpwmon2k.dll 2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll 2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll 2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll 2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe . ============= FINISH: 9:17:26.14 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2006 7:46:24 PM System Uptime: 12/2/2012 7:55:50 AM (2 hours ago) . Motherboard: Dell Computer Corporation | | OptiPlex GX400 Processor: Intel® Pentium® 4 CPU 1.70GHz | Microprocessor | 1694/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 98 GiB total, 18.317 GiB free. D: is FIXED (NTFS) - 135 GiB total, 14.085 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP1060: 9/28/2012 11:46:36 PM - Software Distribution Service 3.0 RP1061: 9/29/2012 12:34:11 AM - Software Distribution Service 3.0 RP1062: 9/30/2012 9:10:44 AM - Software Distribution Service 3.0 RP1063: 9/30/2012 10:35:05 AM - Installed Multimedia / Internet Keyboard Driver VerR8.15 RP1064: 9/30/2012 11:01:25 AM - Removed Multimedia / Internet Keyboard Driver VerR8.15 RP1065: 9/30/2012 9:15:00 PM - Printer Driver CutePDF Writer Installed RP1066: 10/1/2012 7:45:21 PM - Software Distribution Service 3.0 RP1067: 10/2/2012 7:56:47 PM - System Checkpoint RP1068: 10/3/2012 5:55:08 PM - Software Distribution Service 3.0 RP1069: 10/4/2012 5:59:01 PM - System Checkpoint RP1070: 10/6/2012 10:14:18 AM - Software Distribution Service 3.0 RP1071: 10/7/2012 11:29:50 AM - Software Distribution Service 3.0 RP1072: 10/8/2012 8:07:13 PM - Software Distribution Service 3.0 RP1073: 10/9/2012 8:14:33 PM - System Checkpoint RP1074: 10/9/2012 10:22:10 PM - Software Distribution Service 3.0 RP1075: 10/10/2012 6:12:06 PM - Software Distribution Service 3.0 RP1076: 10/11/2012 6:59:28 PM - Software Distribution Service 3.0 RP1077: 10/12/2012 7:19:52 PM - System Checkpoint RP1078: 10/13/2012 8:59:41 AM - Software Distribution Service 3.0 RP1079: 10/14/2012 9:31:14 AM - Software Distribution Service 3.0 RP1080: 10/15/2012 6:13:05 PM - Software Distribution Service 3.0 RP1081: 10/17/2012 7:32:17 PM - Software Distribution Service 3.0 RP1082: 10/18/2012 7:43:40 PM - System Checkpoint RP1083: 10/19/2012 6:05:28 PM - Software Distribution Service 3.0 RP1084: 10/20/2012 6:39:58 PM - System Checkpoint RP1085: 10/21/2012 9:24:15 AM - Software Distribution Service 3.0 RP1086: 10/22/2012 6:21:48 PM - Software Distribution Service 3.0 RP1087: 10/23/2012 6:51:01 PM - System Checkpoint RP1088: 10/24/2012 6:02:41 PM - Software Distribution Service 3.0 RP1089: 10/26/2012 6:37:24 AM - Software Distribution Service 3.0 RP1090: 10/27/2012 10:12:42 AM - Software Distribution Service 3.0 RP1091: 10/28/2012 10:52:02 AM - Software Distribution Service 3.0 RP1092: 10/28/2012 1:29:04 PM - Software Distribution Service 3.0 RP1093: 10/29/2012 6:17:52 PM - Software Distribution Service 3.0 RP1094: 10/30/2012 8:26:57 PM - System Checkpoint RP1095: 10/31/2012 6:07:16 PM - Software Distribution Service 3.0 RP1096: 11/1/2012 6:41:54 PM - System Checkpoint RP1097: 11/2/2012 8:52:26 PM - Software Distribution Service 3.0 RP1098: 11/3/2012 9:16:15 PM - System Checkpoint RP1099: 11/4/2012 7:37:41 AM - Software Distribution Service 3.0 RP1100: 11/5/2012 6:26:40 PM - Software Distribution Service 3.0 RP1101: 11/7/2012 6:20:08 PM - Software Distribution Service 3.0 RP1102: 11/8/2012 8:37:11 PM - System Checkpoint RP1103: 11/9/2012 6:42:24 PM - Software Distribution Service 3.0 RP1104: 11/10/2012 7:27:14 PM - System Checkpoint RP1105: 11/11/2012 6:01:11 AM - Software Distribution Service 3.0 RP1106: 11/12/2012 6:20:03 PM - Software Distribution Service 3.0 RP1107: 11/13/2012 6:28:57 PM - System Checkpoint RP1108: 11/13/2012 11:04:46 PM - Software Distribution Service 3.0 RP1109: 11/15/2012 6:42:18 AM - Software Distribution Service 3.0 RP1110: 11/17/2012 9:08:06 AM - Software Distribution Service 3.0 RP1111: 11/18/2012 9:19:22 AM - System Checkpoint RP1112: 11/20/2012 5:56:44 PM - Software Distribution Service 3.0 RP1113: 11/21/2012 8:35:46 PM - System Checkpoint RP1114: 11/22/2012 9:15:31 AM - Software Distribution Service 3.0 RP1115: 11/23/2012 9:30:26 AM - System Checkpoint RP1116: 11/24/2012 9:24:36 AM - Software Distribution Service 3.0 RP1117: 11/25/2012 10:21:23 AM - System Checkpoint RP1118: 11/25/2012 1:37:14 PM - Software Distribution Service 3.0 RP1119: 11/26/2012 2:12:34 PM - System Checkpoint RP1120: 11/27/2012 6:49:44 PM - Software Distribution Service 3.0 RP1121: 11/28/2012 7:07:25 PM - System Checkpoint RP1122: 11/30/2012 5:51:42 PM - Software Distribution Service 3.0 RP1123: 12/1/2012 6:44:13 PM - System Checkpoint RP1124: 12/2/2012 8:06:48 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 7-Zip 4.57 ACDSee Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Adobe® Photoshop® Album Starter Edition 3.0 Apple Application Support Apple Software Update ArcSoft PhotoFantasy ArcSoft PhotoImpression AT&T Yahoo! Applications AT&T Yahoo! Music Jukebox Avi2Dvd 0.4.5 beta AviSynth 2.5 BitTorrent BLM 2.7.7 CCleaner Cisco Systems VPN Client 5.0.06.0160 Citrix XenApp Web Plugin Critical Update for Windows Media Player 11 (KB959772) CutePDF Writer 3.0 Dell Driver Download Manager DivX Content Uploader DivX Web Player DVD Decrypter (Remove Only) DVD Shrink 3.2 DVDStyler v1.8.1 eFax Messenger Plus Efficient Address Book Free 1.66 Enhanced Multimedia Keyboard Solution Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) hp business inkjet 1100 HP LaserJet P1000 series HP Photo Printing Software HP Precisionscan Pro 3.1 HP Share-to-Web HPCarePackCore HPCarePackProducts hppMSRedist hppusgP1000 HPSSupply ImgBurn J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Japanese Fonts Support For Adobe Reader 8 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java SE Runtime Environment 6 Update 1 K-Lite Mega Codec Pack 6.2.0 LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MediaMonkey 3.2 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Nero 7 Essentials neroxml Netflix Movie Viewer OGA Notifier 2.0.0048.0 PeerGuardian 2.0 PrintKey2000 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RivaTuner v2.11 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Signature995 Spybot - Search & Destroy SUPERAntiSpyware Free Edition SyncBack Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.1.8 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 Yahoo! Photos Easy Upload Tool Yahoo! Photos Print-at-Home Tool . ==== Event Viewer Messages From Past Week ======== . 12/1/2012 8:40:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 11/26/2012 6:03:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================

My PC has been running slower and slower and hangs periodically for 3-10 minutes while the hard drive grinds away. I have removed several bugs in the past but I suspect my machine is still infected. I would wipe it and rebuild from scratch but the OS and MS Office has limited install rights. Any help you can provide would be appreciated. I'm just not sure where to start. Here is the most recent Malwarebytes log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.27.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Admin :: DELL1 [administrator] 10/28/2012 12:53:41 PM mbam-log-2012-10-28 (12-53-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 231904 Time elapsed: 12 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Jeff, everything seems to be running fine. Thanks for your help and the fast responses!

So far so good FYI - I noticed ZoneAlarm Firewall is recorded in the ComboFix logs. I uninstalled it some time ago.

Here you go... ComboFix 12-11-29.02 - Owner 11/29/2012 22:32:22.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.500 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-3f117b75 a variant of Java/TrojanDownloader.Agent.NDJ trojan" "c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-5cd07129" "c:\program files\QuotationCafe_45\bar\1.bin\45datact.dll" "c:\program files\QuotationCafe_45\bar\1.bin\45htmlmu.dll" "c:\program files\QuotationCafe_45\bar\1.bin\45ieovr.dll" "c:\program files\QuotationCafe_45\bar\1.bin\45Plugin.dll" "c:\program files\QuotationCafe_45\bar\1.bin\45skin.dll" "c:\program files\QuotationCafe_45\bar\1.bin\T8HTML.DLL" "c:\shared\Backup\Programs\Audio\WinAmp\winamp5581_full_emusic-7plus_en-us.exe" "c:\shared\Backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe" "c:\shared\Backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe" "c:\shared\Backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe" "c:\shared\Backup\Programs\Winamp\winamp5601_full_emusic-7plus_en-us.exe" . . ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 ))))))))))))))))))))))))))))))) . . 2012-11-30 01:15 . 2012-11-30 01:15 -------- d-----w- c:\program files\ESET 2012-11-28 23:24 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02F08F6D-07D5-4973-A002-1E95201F55E0}\mpengine.dll 2012-11-28 23:23 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-25 16:04 . 2012-11-25 16:04 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-25 16:03 . 2012-11-25 16:03 -------- d-----w- c:\program files\Trend Micro 2012-11-23 14:19 . 2012-11-23 14:19 -------- d-----w- C:\FFOutput 2012-11-22 14:50 . 2012-11-22 14:50 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-21 23:39 . 2012-11-21 23:39 -------- d-----w- c:\program files\QuotationCafe_45 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2004-08-12 14:09 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-09 22:28 . 2012-04-02 23:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 22:28 . 2011-06-04 16:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-02 18:04 . 2004-08-12 14:06 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 23:54 . 2010-11-30 03:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 03:16 . 2012-10-30 17:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-18 22:38 . 2012-06-17 03:10 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-18 22:38 . 2011-12-04 01:07 746984 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-27 03:18 . 2010-12-27 03:18 16896 ----a-w- c:\program files\wmdmhelper.dll 2010-12-27 03:18 . 2010-12-27 03:18 9216 ----a-w- c:\program files\fixrjb.exe 2010-12-27 03:18 . 2010-12-27 03:18 641024 ----a-w- c:\program files\rjbres.dll 2010-12-27 03:18 . 2010-12-27 03:18 45056 ----a-w- c:\program files\ierjplug.dll 2010-12-27 03:18 . 2010-12-27 03:18 360960 ----a-w- c:\program files\rjdlg.dll 2010-12-27 03:18 . 2010-12-27 03:18 34304 ----a-w- c:\program files\rjprog.dll 2010-12-27 03:18 . 2010-12-27 03:18 139264 ----a-w- c:\program files\dunzip32.dll 2010-12-27 03:18 . 2010-12-27 03:18 943344 ----a-w- c:\program files\cddblink.dll 2010-12-27 03:18 . 2010-12-27 03:18 1115376 ----a-w- c:\program files\cddbmusicid.dll 2010-12-27 03:18 . 2010-12-27 03:18 23552 ----a-w- c:\program files\tnetdtct.dll 2010-12-27 03:18 . 2010-12-27 03:18 2041072 ----a-w- c:\program files\cddbcontrol.dll 2010-12-27 03:18 . 2010-12-27 03:18 74240 ----a-w- c:\program files\tsasdk.dll 2010-12-27 03:18 . 2010-12-27 03:18 45056 ----a-w- c:\program files\mmcdda32.dll 2010-12-27 03:18 . 2010-12-27 03:18 48128 ----a-w- c:\program files\tpasdk.dll 2010-12-27 03:18 . 2010-12-27 03:18 67072 ----a-w- c:\program files\rpwa3260.dll 2010-12-27 03:18 . 2010-12-27 03:18 46800 ----a-w- c:\program files\rpshellsearch.dll 2010-12-27 03:18 . 2010-12-27 03:18 16296 ----a-w- c:\program files\realtfon.fon 2010-12-27 03:18 . 2010-12-27 03:18 369320 ----a-w- c:\program files\realconverter.exe 2010-12-27 03:18 . 2010-12-27 03:18 345768 ----a-w- c:\program files\convert.exe 2010-12-27 03:17 . 2010-12-27 03:17 390384 ----a-w- c:\program files\mc_enc_mp4v.dll 2010-12-27 03:17 . 2010-12-27 03:17 371880 ----a-w- c:\program files\realtrimmer.exe 2010-12-27 03:17 . 2010-12-27 03:17 119968 ----a-w- c:\program files\realshare.exe 2010-12-27 03:17 . 2010-12-27 03:17 72192 ----a-w- c:\program files\rjwmapln.dll 2010-12-27 03:17 . 2010-12-27 03:17 719360 ----a-w- c:\program files\dbghelp.dll 2010-12-27 03:17 . 2010-12-27 03:17 46592 ----a-w- c:\program files\rpau3260.dll 2010-12-27 03:17 . 2010-12-27 03:17 27824 ----a-w- c:\program files\rndevicedbbuilder.exe 2010-12-27 03:17 . 2010-12-27 03:17 88064 ----a-w- c:\program files\hxaudiodevicehook.dll 2010-12-27 03:17 . 2010-12-27 03:17 86528 ----a-w- c:\program files\rpplugprot.dll 2010-12-27 03:17 . 2010-12-27 03:17 63168 ----a-w- c:\program files\rpshell.dll 2010-12-27 03:17 . 2010-12-27 03:17 117448 ----a-w- c:\program files\rdsf3260.dll 2010-12-27 03:17 . 2010-12-27 03:17 9728 ----a-w- c:\program files\realjbox.exe 2010-12-27 03:17 . 2010-12-27 03:17 491168 ----a-w- c:\program files\realplay.exe 2010-12-27 03:17 . 2010-12-27 03:17 18120 ----a-w- c:\program files\rphelperapp.exe 2010-12-27 03:17 . 2010-12-27 03:17 415456 ----a-w- c:\program files\recordingmanager.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2006-02-10 344064] "RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-10-6 869376] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [N/A] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\AutorunsDisabled Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-10-6 869376] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 16:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-12-27 03:17 274608 ----a-w- c:\program files\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Key] 2009-11-24 20:25 1874432 ----a-w- c:\program files\ASUS\Turbo Key\TurboKey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= . R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [11/21/2010 1:20 PM 90112] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1/18/2012 1:44 AM 450848] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/26/2010 2:00 PM 1684736] S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [1/18/2012 1:44 AM 22176] S3 MSSQL$UPSBAT;SQL Server (UPSBAT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/12/2004 9:06 AM 14336] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/21/2012 9:43 PM 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/21/2012 9:43 PM 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/21/2012 9:43 PM 121576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:28] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-30 00:34] . 2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-30 00:34] . 2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-606747145-839522115-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-26 00:34] . 2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-606747145-839522115-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-26 00:34] . 2012-11-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25] . 2011-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-606747145-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-606747145-839522115-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-606747145-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2012-11-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-606747145-839522115-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: aspdeploy.com\*.umich.cp Trusted Zone: av-fa-osoft01 Trusted Zone: umich.edu\*.businessobjects Trusted Zone: umich.edu\*.businessobjects.mpathways.dsc Trusted Zone: umich.edu\*.finops Trusted Zone: umich.edu\*.wolverineaccess Trusted Zone: umich.edu\businessobjects Trusted Zone: umich.edu\wolverineaccess TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mejuba.com/member/usercontrols/Files/Scripts/ImageUploader6.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-29 22:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Ótжþ* ] "DisplayName"="" "DeviceDesc"="" "ProviderName"="" "MFG"="?????" "ReinstallString"="?µ\01" "DeviceInstanceIds"=multi:"n\\download\\install\\driver\\2kxp_inf\\cx_19641.inf\00" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3108) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll c:\program files\MediaMonkey\DeskPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-11-29 22:40:57 ComboFix-quarantined-files.txt 2012-11-30 03:40 ComboFix2.txt 2012-11-28 00:14 . Pre-Run: 20,307,427,328 bytes free Post-Run: 20,325,285,888 bytes free . - - End Of File - - 50876B274FB296CEAD4320F8FD7C36EE

Here's the Logs: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.29.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: FAMILYROOM [administrator] 11/29/2012 8:04:44 PM mbam-log-2012-11-29 (20-04-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 223027 Time elapsed: 4 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================== C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-3f117b75 a variant of Java/TrojanDownloader.Agent.NDJ trojan C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-5cd07129 multiple threats C:\Program Files\QuotationCafe_45\bar\1.bin\45datact.dll a variant of Win32/Toolbar.MyWebSearch.A application C:\Program Files\QuotationCafe_45\bar\1.bin\45htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application C:\Program Files\QuotationCafe_45\bar\1.bin\45ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application C:\Program Files\QuotationCafe_45\bar\1.bin\45Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application C:\Program Files\QuotationCafe_45\bar\1.bin\45skin.dll a variant of Win32/Toolbar.MyWebSearch.P application C:\Program Files\QuotationCafe_45\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application C:\Shared\Backup\Programs\Audio\WinAmp\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application C:\Shared\Backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application C:\Shared\Backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe a variant of Win32/InstallIQ application C:\Shared\Backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application C:\Shared\Backup\Programs\Winamp\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069572.exe a variant of Win32/Toolbar.MyWebSearch.O application C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069574.dll a variant of Win32/Toolbar.MyWebSearch.Q application C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069575.dll Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069576.dll a variant of Win32/Toolbar.MyWebSearch.Q application C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069577.dll Win32/Toolbar.MyWebSearch application

Jeff, I do not have a Java icon in the cotrol panel. This might be because MS Security Essentials detected a virus in the last Java update and removed the file?? I have since reinstalled SE because Windows security alerts kept reporting my anti-virus was turned off when it was not. Now the SE history log is empty so I can't tell you what the file or virus name was. Should I continue with the remaining instructions or re-install Java?

It seems to take a little longer to boot than it should but it runs fine other than that.

Jeff, here's the adwcleaner Log: # AdwCleaner v2.009 - Logfile created 11/28/2012 at 18:11:02 # Updated 24/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Owner - FAMILYROOM # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\PIP Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\PIP ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.91 File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1408 octets] - [27/11/2012 22:28:31] AdwCleaner[s1].txt - [1357 octets] - [28/11/2012 18:11:02] ########## EOF - C:\AdwCleaner[s1].txt - [1417 octets] ##########

Jeff, Here's the AdwCleaner lo contents: # AdwCleaner v2.009 - Logfile created 11/27/2012 at 22:28:31 # Updated 24/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Owner - FAMILYROOM # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask ***** [Registry] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKCU\Software\PIP Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\PIP ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.91 File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1279 octets] - [27/11/2012 22:28:31] ########## EOF - C:\AdwCleaner[R1].txt - [1339 octets] ##########

Jeff, Here's the ComboFix log. log.txt

Jeff, Thanks for the quick response! I downloaded the tools, ran the scans and attached the logs here: aswMBR.txt attach.txt dds.txt

I recently used Malwarebytes to remove PUP "MyWebSearch" after noticing my browser was behaving strangely. However, the I.E. toolbar (AKA QuotationCafe_45) is still showing up in the I.E. Add-Ons. I also ran a HijackThis scan but when I clicked the “Analyze This” button I got an error "No Internet Connection Available." I tried turning off the Windows firewall and tried again with the same result. I have removed various other bugs before and I would just like some help verifying I have sufficiently eradicated everything. The most recent Malwarebytes and HijackThis logs are below. I appreciate any help you can offer. Thanks in advance, Pepper ============================================= Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.25.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: FAMILYROOM [administrator] 11/25/2012 9:25:15 AM mbam-log-2012-11-25 (09-25-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 224652 Time elapsed: 8 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 18 HKLM\SYSTEM\CurrentControlSet\Services\QuotationCafe_45Service (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3b069953-cf59-4926-9d28-a4589c462859} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{7abc0217-276f-4940-840e-2a0acbeb4249} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1D63CC1B-2217-4EEB-B89C-0C3BB3C46D7A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\QuotationCafe_45.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\QuotationCafe_45.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B069953-CF59-4926-9D28-A4589C462859} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B069953-CF59-4926-9D28-A4589C462859} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuotationCafe_45bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8619595f-4eef-4164-b040-fb7436301a06} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8619595F-4EEF-4164-B040-FB7436301A06} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8619595F-4EEF-4164-B040-FB7436301A06} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8619595F-4EEF-4164-B040-FB7436301A06} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8561f2a1-d885-4852-8289-81ae4ad0ad99} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8561F2A1-D885-4852-8289-81AE4AD0AD99} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8561F2A1-D885-4852-8289-81AE4AD0AD99} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8561F2A1-D885-4852-8289-81AE4AD0AD99} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QuotationCafe Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\QUOTAT~2\bar\1.bin\45srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QuotationCafe_45 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\QUOTAT~2\bar\1.bin\45brmon.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{6AB96DD7-6E0C-4A7F-93E0-A8A47A685D81} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.MyWebsearch) -> Bad: (http://home.mywebsea...CFegWMgodxwIAaA) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 7 C:\Program Files\QuotationCafe_45\bar\1.bin\45hkstub.dll (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\QuotationCafe_45\bar\1.bin\45brstub.dll (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\QuotationCafe_45\bar\1.bin\45SrchMn.exe (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\QuotationCafe_45\bar\1.bin\45SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. (end) =========================================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:56:17 AM, on 11/25/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre7\bin\jqs.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\PrintKey2000\Printkey2000.exe C:\Shared\Backup\Programs\Windows Utilities\Zoomit\ZoomIt.exe C:\Program Files\MediaMonkey\MediaMonkey.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: QuotationCafe - {99bced2f-1db3-4ecd-8e35-8906428a6cfe} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Startup: Shortcut to ZoomIt.exe.lnk = Backup\Programs\Windows Utilities\Zoomit\ZoomIt.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &Search - http://tbedits.quota...2012112118&cv=2 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...inAxControl.CAB O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....k_sys_ctrl3.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus....vex-2.2.5.0.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1285451521765 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1341341445343 O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.mejuba.co...geUploader6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=724 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 9098 bytes