Jump to content

dsj1000

Honorary Members
 View Profile  See their activity

  • Posts

    40

  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    DFW Texas
  1. dsj1000
    Thank you for your reply. Since I am a paying user, I will submit en email to support as indicated in option 2. Don
  2. dsj1000
    How can I remove this trojan: "Vista Home Security 2012"? I got this infection this afternoon, and my Malwarebytes does not find and remove it. Spybot finds numerous infections and says it "fixed" them, but the icon still shows in the systray. Help. Thanks Don
  3. dsj1000
    Chris: OK, everything seems to be working correctly. Can you help me understand what was going on with my problem? I am still unclear what caused my restore points to disappear, and the pc to lock up. Thanks very much for your help! Don
  4. dsj1000
    Good morning: Sorry for the delay in replying; had several problems running ESET, but once I turned off all of the McAfee and other apps it run successfully, however - it did not produce a log.txt file. The on screen window said no infections found, but it did quarantine three items and deleted them once the app closed. Here is the result of running "Security Check": Results of screen317's Security Check version 0.99.5 Windows Vista Service Pack 1 (UAC is disabled!) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee SecurityCenter WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.1.53.64 Adobe Reader 9.3.3 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe Malwarebytes' Anti-Malware mbamservice.exe McAfee VIRUSS~1 mcshield.exe McAfee VIRUSS~1 mcsysmon.exe Windows Defender MSASCui.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` What is next step? Thanks again for your help! Also, I had a video card failure two weeks ago and have just received a "refurbished card" and need to replace the temp card. there are some differences between the temp and the final card so I want to make sure with you that it is safe to do this now, or should I wait till you are finished with my pc? Don
  5. dsj1000
    Thanks you for the reply. ComboFix ran successfully and here is the log file. What is the next step? ComboFix 10-08-05.01 - Don 08/06/2010 10:17:01.1.2 - x86 Microsoft
  6. dsj1000
    Yes, thank you for following up. Any idea what to do to prove this?
  7. dsj1000
    This new post is in response to my earlier one about suspecting that my pc may be infected, however neither my McAfee nor Malwarebytes detects anything. However, in following the steps to download/run a new Malware, then run Defogger-Disable, then run DDS, and then run GMER - everything went well until I tried GMER. The first attempt locked the pc and not even the clock would keep time. I rebooted and then tried to run it again. This time I got into the "scan" step, but during the scan (after about 20 seconds) the pc stopped responding. I could stll move the cursor around the screen, but could not click on anything. The small round blue/green circle kept running; this time the clock continued to keep time. After five minutes of the GMER box staying white - but translucent, I rebooted the pc and am now posting this new post as requested, and attaching the two DDS txt files, and last Malwarebytes scan log. Please let me know what is next step. Thanks. Don DDS (Ver_10-03-17.01) - NTFSx86 Run by Don at 15:26:20.64 on Thu 07/22/2010 Internet Explorer: 8.0.6001.18928 Microsoft
  8. dsj1000
    Firefox: Thanks for the reply. I am using the following McAfee products: Security Center Version 9.15 VirusScan Ver. 13.15 Personal Firewall Ver. 10.15 SiteAdvisor Ver. 2.8. In looking for the process to as the exclusions you notes, I can not find the area to add them. I checked the examples and there is not one for only McAfee, but I did try to work throuogh them, but no luck. I had heard that there might be some problems so I normally turn off Malwear's antivirus. Understanding that it might be a conflict between the two applications, how can we explain why the restore points disappeared, or why the restore function can not "see" the Window's Backup Image? Thanks aggain for your help. Don
  9. dsj1000
    I am trying to determine if I may have some kind of malwear problem or a hardware issue and would really appreciate your input. I recently replaced my hardrive after a major crash and then reloaded Vista Ultimate and other applications. Things were looking good, then problems started. Here's whats happening: PC display freezes for 30 - 60 seconds (application stops and shows "Not Responding" and display turns transparent white) and then returns to normal, and this happens at irregular intervals. Sometimes it does not recover even after five minutes. Seems like this started when I loaded a plugin to watch streaming videos about four days ago. I created several (atleast 6) restore points and now I can not find them. Only two remain from yesterday when I did Windows Updates. The restore does not resolve, or improve the problem. I did a full backup to another internal drive and I can see the backup image file, but the pc does not recognize the backup. No matter what I do to try to restore the pc with the backup that was made by Windows, it will not see it as a valid backup image. I do have both Malwearbytes and McaFee running and neither one can detect any malwear on the pc. Does this sound like a virus, or a hardware problem? Thanks for your guidance. Don
  10. dsj1000
    Maurice: Here is the Combo-Fix log for today. What's next? Computer seems sluggish after running the scans. Don ComboFix 09-08-06.01 - Don 08/07/2009 18:10.6.2 - NTFSx86 Microsoft
  11. dsj1000
    OK, here is the lastest set of logs for 7 Aug 09. While running Combo-Fix, it stalled after the log file opened and I was trying to save a copy. Had to do a hard reboot. The log was created. Also, during the running - near the start of scanning using Combo-Fix, Mcafee poped up and indicated that it quaranteened a Trojan; was only on the screen for about three seconds and I did not see the details. Everything seemed to proceed normally. Here are the logs: All processes killed ========== FILES ========== C:\Windows\System32\geyekrhicpjcmu.dat moved successfully. C:\$RECYCLE.BIN\S-1-5-21-4041010409-2044806714-3416792504-1002 moved successfully. C:\$RECYCLE.BIN moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Don ->Temp folder emptied: 505779 bytes ->Temporary Internet Files folder emptied: 22693008 bytes ->Java cache emptied: 13425503 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 21524395 bytes User: Don 2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Tien ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 12888 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55.47 mb OTL by OldTimer - Version 3.0.10.3 log created on 08072009_175049 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.40 Database version: 2574 Windows 6.0.6001 Service Pack 1 8/7/2009 6:03:51 PM mbam-log-2009-08-07 (18-03-51).txt Scan type: Quick Scan Objects scanned: 103318 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:30:22 PM, on 8/7/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Trend Micro\HijackThis\FINDEM.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Replay AV] "C:\Program Files\Replay AV 8\ReplayAV.exe" -quiet O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...678/mcfscan.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FYMMY - Unknown owner - C:\Users\DON2~1\AppData\Local\Temp\FYMMY.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: Microsoft Office Groove Audit Service MicrosoftTHREADORDER (MicrosoftTHREADORDER) - Unknown owner - C:\Windows\system32\acpkcs201n.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7953 bytes
  12. dsj1000
    Maurice: Everything seems t be running 99% correct; not crash dumps, or other system freezes! Here's the result of the last set of scans: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\windows\system32\geyekrbrbexmob.dat" deleted successfully. File "C:\windows\system32\geyekrmyrdwjqx.dll" deleted successfully. File "c:\windows\system32\geyekrcireqlfo.dll" deleted successfully. File "c:\windows\system32\geyekrvrivrnlm.dat" deleted successfully. File "c:\windows\system32\geyekrnntptbvt.dll" deleted successfully. File "c:\windows\system32\geyekrdfepqgwh.dll" deleted successfully. File "c:\windows\system32\drivers\geyekrocdmwyxp.sys" deleted successfully. File "c:\windows\system32\geyekrcitdecti.dat" deleted successfully. Driver "geyekrxdxiwesy" deleted successfully. Completed script processing. ******************* Finished! Terminate. OTL logfile created on: 8/6/2009 6:04:23 PM - Run 7 OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Don\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 372.61 Gb Total Space | 327.63 Gb Free Space | 87.93% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 698.63 Gb Total Space | 602.31 Gb Free Space | 86.21% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DON-PC Current User Name: Don Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2008/11/04 22:34:50 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2007/05/15 16:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe PRC - [2009/02/02 02:33:18 | 00,317,440 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007/05/15 16:08:38 | 00,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2007/04/13 17:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2006/12/15 02:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2008/01/19 09:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2007/05/15 16:08:08 | 00,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe PRC - [2009/07/30 17:19:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2007/04/06 11:01:07 | 00,782,848 | ---- | M] (Applian Technologies Inc.) -- C:\Program Files\Replay AV 8\ReplayAV.exe PRC - [2008/01/19 09:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008/01/19 09:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2009/07/28 10:53:12 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2007/05/15 16:08:00 | 00,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe PRC - [2008/01/19 09:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2007/05/15 16:08:38 | 00,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2008/01/19 09:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe PRC - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe PRC - [2009/07/31 21:49:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2007/05/15 16:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running]) SRV - [2009/02/02 02:33:18 | 00,317,440 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent [Auto | Running]) SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2008/11/05 17:35:08 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped]) SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped]) SRV - [2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped]) SRV - [2006/11/02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped]) SRV - [2008/01/19 09:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running]) SRV - [2008/06/20 03:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - File not found -- -- (FYMMY [On_Demand | Stopped]) SRV - [2009/03/22 15:59:04 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe -- (GoToAssist [On_Demand | Stopped]) SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/06/20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2007/04/13 17:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Running]) SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running]) SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2006/12/15 02:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2008/07/26 08:27:42 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped]) SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running]) SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running]) SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running]) SRV - [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped]) SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running]) SRV - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [unknown | Running]) SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running]) SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - File not found -- -- (MicrosoftTHREADORDER [Auto | Stopped]) SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running]) SRV - [2008/06/20 03:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006/12/24 02:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2008/11/04 22:34:50 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running]) SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008/01/19 09:35:27 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running]) SRV - [2007/01/25 19:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped]) SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2008/01/19 09:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [On_Demand | Stopped]) SRV - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=" FF - prefs.js..browser.search.selectedEngine: "AIM Search" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/20 16:12:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/20 19:41:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/24 10:59:19 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/14 17:20:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2009/07/17 17:14:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/14 15:32:40 | 00,000,000 | ---D | M] [2008/09/06 20:11:48 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\45zlaw1e.default\extensions [2007/12/09 15:46:29 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\45zlaw1e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/09/10 17:49:01 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\45zlaw1e.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2008/09/06 20:11:46 | 00,000,246 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\AIM Search.src [2008/09/10 17:49:10 | 00,001,010 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\aimsearch.gif [2008/09/10 17:49:10 | 00,000,301 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\aimsearch.src [2008/11/22 12:00:04 | 00,000,275 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\search.xml [2009/07/30 17:20:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007/10/06 11:21:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/06 11:20:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/07/30 17:20:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2007/10/06 11:20:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com [2007/10/06 11:20:50 | 00,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2007/10/06 11:20:51 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2007/10/06 11:20:50 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2003/03/18 21:20:00 | 01,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll [2003/02/21 04:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll [2009/07/30 17:19:52 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/01/04 23:57:08 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/01/08 01:14:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/05/19 10:05:00 | 00,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll [2007/10/06 11:20:51 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007/10/06 11:22:06 | 00,140,624 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/10/06 11:22:18 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2007/10/06 11:21:56 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2005/08/09 20:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2007/10/06 11:20:52 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2007/10/06 11:20:52 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2007/10/06 11:20:52 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2007/10/06 11:20:52 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2007/10/06 11:20:52 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2007/10/06 11:20:52 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2007/10/06 11:20:52 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2007/10/06 11:20:52 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2007/10/06 11:20:52 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2007/10/06 11:20:52 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2007/10/06 11:20:52 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2007/10/06 11:20:52 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKCU..\Run: [Replay AV] C:\Program Files\Replay AV 8\ReplayAV.exe (Applian Technologies Inc.) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...678/mcfscan.cab (McFreeScan Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 14 Days ========== [2009/08/06 17:53:56 | 00,015,867 | ---- | C] () -- C:\Users\Don\Desktop\Malwearbytes Fix 6 Aug 2009.docx [2009/08/05 22:26:17 | 02,744,341 | -H-- | C] () -- C:\Users\Don\AppData\Local\IconCache.db [2009/08/05 21:36:48 | 00,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\temp [2009/08/05 21:29:55 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2009/08/05 21:15:34 | 32,207,58528 | -HS- | C] () -- C:\hiberfil.sys [2009/08/04 21:55:50 | 00,000,091 | ---- | C] () -- C:\Windows\System32\geyekrhicpjcmu.dat [2009/08/04 21:29:44 | 00,000,000 | ---D | C] -- C:\Avenger [2009/08/04 17:51:10 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\Avenger [2009/08/04 17:35:38 | 00,021,189 | ---- | C] () -- C:\Users\Don\Desktop\Fix-instructions 4 Aug 09.docx [2009/08/04 08:33:16 | 00,278,846 | ---- | C] () -- C:\Users\Don\Desktop\gmer.zip [2009/08/04 08:27:46 | 04,626,422 | ---- | C] () -- C:\Users\Don\Desktop\avz4.zip [2009/08/04 08:27:22 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\avz4 [2009/08/03 15:14:31 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2009/08/03 15:14:22 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/03 15:14:21 | 00,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\SUPERAntiSpyware.com [2009/08/03 15:14:21 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/08/02 20:13:40 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\FixPolicies [2009/08/02 20:12:00 | 00,185,065 | ---- | C] () -- C:\Users\Don\Desktop\FixPolicies.exe [2009/08/01 21:54:44 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\Fix1Aug09 [2009/07/31 21:49:53 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe [2009/07/31 16:47:15 | 00,000,706 | ---- | C] () -- C:\Users\Don\Desktop\opera.exe - Shortcut.lnk [2009/07/30 21:37:04 | 00,000,000 | ---D | C] -- C:\DCE [2009/07/30 21:05:36 | 00,035,127 | ---- | C] () -- C:\Users\Public\Documents\Malwarebytes Forum 30 July 09.docx [2009/07/30 17:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009/07/30 16:52:09 | 00,000,000 | ---D | C] -- C:\_OTL [2009/07/30 11:16:36 | 00,287,232 | ---- | C] () -- C:\Users\Don\Desktop\gmer.exe [2009/07/25 19:42:17 | 00,562,539 | ---- | C] () -- C:\Users\Don\Desktop\SecurityCheck.exe [2009/07/24 15:53:43 | 00,000,733 | ---- | C] () -- C:\Users\Don\Desktop\NTREGOPT.lnk [2009/07/24 15:53:43 | 00,000,714 | ---- | C] () -- C:\Users\Don\Desktop\ERUNT.lnk [2009/07/24 15:53:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT ========== Files - Modified Within 14 Days ========== [2009/08/06 18:02:25 | 00,006,331 | ---- | M] () -- C:\Windows\System32\Config.MPF [2009/08/06 18:01:34 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/08/06 18:01:34 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/08/06 18:01:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/08/06 18:01:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/08/06 18:01:26 | 32,207,58528 | -HS- | M] () -- C:\hiberfil.sys [2009/08/06 18:01:21 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2009/08/06 17:58:27 | 02,744,341 | -H-- | M] () -- C:\Users\Don\AppData\Local\IconCache.db [2009/08/06 17:53:56 | 00,015,867 | ---- | M] () -- C:\Users\Don\Desktop\Malwearbytes Fix 6 Aug 2009.docx [2009/08/05 22:54:37 | 02,628,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/08/05 22:54:37 | 00,797,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/08/05 22:54:37 | 00,005,064 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/08/05 22:10:16 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09FC0A04-5003-4B4F-9F6B-0F4197BFE6BC}.job [2009/08/05 21:30:14 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini [2009/08/05 21:29:49 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009/08/05 18:19:41 | 00,000,091 | ---- | M] () -- C:\Windows\System32\geyekrhicpjcmu.dat [2009/08/05 18:08:19 | 24,275,8748 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009/08/04 21:21:18 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2009/08/04 17:35:38 | 00,021,189 | ---- | M] () -- C:\Users\Don\Desktop\Fix-instructions 4 Aug 09.docx [2009/08/04 08:34:01 | 00,287,232 | ---- | M] () -- C:\Users\Don\Desktop\gmer.exe [2009/08/04 08:33:17 | 00,278,846 | ---- | M] () -- C:\Users\Don\Desktop\gmer.zip [2009/08/04 08:27:49 | 04,626,422 | ---- | M] () -- C:\Users\Don\Desktop\avz4.zip [2009/08/03 15:14:22 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/02 20:12:01 | 00,185,065 | ---- | M] () -- C:\Users\Don\Desktop\FixPolicies.exe [2009/08/02 11:45:57 | 00,142,944 | ---- | M] () -- C:\Users\Don\AppData\Local\GDIPFONTCACHEV1.DAT [2009/08/02 10:53:04 | 00,474,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/08/02 00:19:48 | 00,002,032 | ---- | M] () -- C:\Users\Don\AppData\Local\d3d9caps.dat [2009/07/31 21:49:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe [2009/07/31 16:47:15 | 00,000,706 | ---- | M] () -- C:\Users\Don\Desktop\opera.exe - Shortcut.lnk [2009/07/30 21:05:37 | 00,035,127 | ---- | M] () -- C:\Users\Public\Documents\Malwarebytes Forum 30 July 09.docx [2009/07/25 19:42:19 | 00,562,539 | ---- | M] () -- C:\Users\Don\Desktop\SecurityCheck.exe [2009/07/24 15:53:43 | 00,000,733 | ---- | M] () -- C:\Users\Don\Desktop\NTREGOPT.lnk [2009/07/24 15:53:43 | 00,000,714 | ---- | M] () -- C:\Users\Don\Desktop\ERUNT.lnk ========== LOP Check ========== [2009/08/03 15:14:21 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming [2008/09/02 21:18:52 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\acccore [2008/07/13 12:53:47 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Ahead [2008/09/02 21:18:23 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\AIM [2008/11/12 19:38:04 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Autodesk [2009/06/07 18:28:28 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Canon [2007/08/20 18:47:38 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Centra [2008/04/13 12:34:35 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Intuit [2008/09/02 19:07:40 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Leadertech [2006/11/02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Media Center Programs [2009/03/27 00:41:46 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Nokia [2008/10/13 16:41:07 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\NSeries [2007/05/11 16:28:15 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Opera [2008/10/13 16:41:20 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\PC Suite [2009/06/12 17:43:15 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\PureEdge [2008/04/11 13:13:00 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\ScanSoft [2007/07/03 22:59:14 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Share-to-Web Upload Folder [2007/05/10 18:21:16 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Template [2009/07/20 10:18:00 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/07/15 01:00:00 | 00,000,336 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2009/06/01 01:00:10 | 00,000,328 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/08/06 18:01:31 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/08/06 17:58:29 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/08/05 22:10:16 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{09FC0A04-5003-4B4F-9F6B-0F4197BFE6BC}.job ========== Purity Check ========== < End of report > What's next step? I am have several minor glitches, which started when the Trojan activity began. 1. Am getting MS windows notice that "Windows host process (Rundll32) has stopped ....." What do I do about this? Does not seem to be affecting operations. 2. Windows Defender failed to initialize and msut be started manually..... What do I do about this? Thanks!!!! Don
  13. dsj1000
    Maurice: Have rebooted twice just as a test and everyting seems to be running fine now!! I can't believe it! It's beer time! More to come on this tomorrow, but things are difinitely looking up! Thanks a bunch so far! Don
  14. dsj1000
    Maurice: flood control lifted and here is the GMER log file: file is still too large, so I am attaching file. What does it look like? will reboot now. don Gmer_5Aug09.txt Gmer_5Aug09.txt
  15. dsj1000
    Maurice: Finally, things seem to be looking up! Here's the results of the scans. Once I disconnected from the internet, the system rebooted nicely in normal mode and Combofix came right up and completed the scan. Everythign seems to be runnign well, but I have not rebooted since the successful MBAM scan - NO Virus found, althouht McaFee poped up and said Trojan found and removed - during the MBAM scan?? Here's the logs: ComboFix: ComboFix 09-08-04.03 - Don 08/05/2009 21:17.5.2 - NTFSx86 Microsoft
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.