Jump to content

ie not working mwb not working hijackthis not working

vonraschke

By vonraschke
in Resolved Malware Removal Logs

 Share

Recommended Posts

vonraschke

vonraschke

Posted
Posted

Im not sure what direction to go with this. Started with internet explorer opening for just a second then closing. Tried Malwarebytes and it opens for one second and closes and wont allow me to re open it. Also tried Hijack this and all it does is put a shortcut on my desktop and closes. I have read some erlier posts and have all ready run win32kdiag. Here are my results.. Let me know the next step please.

og file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a855eed5ad28db3548ad40195130e787\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

[1] 2009-02-06 05:41:05 227840 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:10:02 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2004-08-04 08:00:00 218112 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 12:39:29 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 12:39:29 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe ()

Finished!

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello and welcome to the forums!

I'm Extremeboy, and I will help you with your log.

--

You have a nasty rootkit infection on board here.

We are going to start with Combofix. Any problems or issues, please STOP and let me KNOW before continuing.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:

ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.

Link 1

Link 2

Please refer to this page for full instructions on how to run ComboFix.

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.

Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,

Extremeboy

Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted
Hello and welcome to the forums!

I'm Extremeboy, and I will help you with your log.

--

You have a nasty rootkit infection on board here.

We are going to start with Combofix. Any problems or issues, please STOP and let me KNOW before continuing.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:

ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.

Link 1

Link 2

Please refer to this page for full instructions on how to run ComboFix.

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.

Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,

Extremeboy

Adaware did not want to shut down and it would not let me remove the program. I ran combo fix anyway here is the report:

ComboFix 09-09-01.04 - Owner 09/01/2009 21:59.1.1 - NTFSx86

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! antivirus 4.7.1029 [VPS 000761-2] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

c:\windows\COUPON~1.DLL

c:\windows\COUPON~1.OCX

c:\windows\CouponBarIE.dll

c:\windows\CouponPrinter.ocx

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))

.

2009-08-31 21:47 . 2009-08-31 21:47 -------- d-----w- c:\program files\Trend Micro

2009-08-25 01:37 . 2009-08-25 01:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-08-25 01:09 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-25 01:09 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-21 03:45 . 2009-09-02 01:51 -------- d-----w- c:\program files\Alwil Software

2009-08-21 03:05 . 2009-08-21 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-21 03:05 . 2009-08-31 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-21 01:33 . 2009-08-21 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\A-PDF

2009-08-21 01:33 . 2009-08-21 01:33 -------- d-----w- c:\program files\A-PDF Image to PDF

2009-08-21 01:05 . 2009-08-21 01:10 -------- d-----w- c:\documents and settings\Owner\IGC

2009-08-21 01:02 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe

2009-08-21 01:02 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe

2009-08-21 00:58 . 2009-08-21 00:58 -------- d-----w- c:\program files\IGC

2009-08-13 07:00 . 2009-08-13 07:00 -------- d-----w- c:\windows\ServicePackFiles

2009-08-08 07:02 . 2009-08-08 07:03 -------- d-----w- C:\c8c2c5e6a72eb2d776

2009-08-08 07:02 . 2009-08-25 00:47 -------- d-----w- c:\windows\SxsCaPendDel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 02:06 . 2008-01-11 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2

2009-09-02 01:43 . 2007-11-28 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7

2009-09-02 01:43 . 2007-11-28 16:39 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG7

2009-08-28 20:32 . 2008-02-24 16:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2009-08-25 01:37 . 2008-12-14 21:22 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-25 00:46 . 2009-05-28 01:14 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

2009-08-21 02:13 . 2009-01-12 16:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Smilebox

2009-08-21 00:58 . 2007-11-27 20:30 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-08 17:39 . 2007-12-05 22:22 44032 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll

2009-08-01 16:16 . 2009-08-02 16:20 6256600 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup2.exe

2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe

2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe

2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll

2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll

2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll

2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetMagicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll

2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe

2009-08-01 16:12 . 2009-08-02 16:20 728600 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install2.exe

2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe

2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe

2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe

2009-07-22 22:02 . 2009-07-22 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-07-22 22:02 . 2008-12-14 21:22 -------- d-----w- c:\program files\Norton Security Scan

2009-07-22 22:01 . 2009-07-22 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-07-22 22:01 . 2009-07-22 22:01 -------- d-----w- c:\program files\NortonInstaller

2009-07-22 22:01 . 2009-07-22 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-07-22 21:02 . 2009-07-22 21:01 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-12 18:49 . 2007-12-05 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-25 08:44 . 2004-08-04 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:44 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:44 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:44 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:44 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:44 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 11:50 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2007-11-27 20:10 655872 ----a-w- c:\windows\system32\mstscax.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]

"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2009-01-29 254600]

"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"AS00_Gear311T"="c:\program files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2003-12-04 450560]

"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-10 29744]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2009-03-05 1288424]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\patchget.dat"=

"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=

"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=

"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=

"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=

"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Laplink\\FileMover\\SFTHost.exe"=

"c:\\Program Files\\Laplink\\FileMover\\FileMover.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-10 29744]

R3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-08-03 4736]

R3 NET8511;Compaq 10/100 Ethernet USB Adapter;c:\windows\system32\DRIVERS\NET8511.SYS [2001-02-19 24555]

R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\DRIVERS\wg311tn5.sys [2003-10-08 344448]

R3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc2.sys [2005-08-03 8960]

S0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2004-05-12 97408]

S0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2003-10-15 10240]

.

Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-31 c:\windows\Tasks\Norton Security Scan for Owner.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-22 22:02]

2009-09-02 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

LSP: ICF.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-01 22:05

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(944)

c:\windows\system32\ICF.dll

- - - - - - - > 'explorer.exe'(2716)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\windows\system32\acs.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\OpenOffice.org 2.2\program\soffice.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\OpenOffice.org 2.2\program\soffice.bin

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Java\jre1.6.0_03\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2009-09-02 22:13 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-02 02:12

Pre-Run: 91,884,191,744 bytes free

Post-Run: 91,793,522,688 bytes free

258 --- E O F --- 2009-08-14 07:00

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Please do not quote everything I said. Do not use the Reply button, but instead use the Add Reply button to reply back to me.

--

Run a new scan with Win32KDiag, followed by Malwarebytes. See if you can run it

Download and Run Win32KDiag

Please download Win32Diag from one of the links below and save it to your desktop.

Link 1

Link 2

Link 3

  1. Double-click on Win32Diag.exe to run it. If you are using Windows Vista, please right-click and select Run As Administrator
  2. A black command prompt window shall appear.
  3. It will now begin to scan. This may take a while, please be paitent until the scan is complete.
  4. Once it's done, in the black screen it will say "Finished! Press any key to exit.... Press any key to exit.
  5. A log file called Win32KDiag.txt will be created on your desktop.
  6. Please copy and paste the contents of that log file here in your next reply please.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with both logs in your next reply please.

With Regards,

Extremeboy

Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted

Here are the two logs you asked for. Malware Bytes encountered an error before it started Error code:732 (0, 0) it still let me scan but I dont think it got online as that is one of the issues I have been having. Internet Explorer is working now. Let me know the next step.

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

[1] 2009-02-06 05:41:05 227840 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:10:02 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2004-08-04 08:00:00 218112 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 12:39:29 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 05:41:05 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:10:02 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:15:13 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 12:39:29 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 12:39:29 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe ()

and...

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 2

9/2/2009 1:26:29 PM

mbam-log-2009-09-02 (13-26-29).txt

Scan type: Quick Scan

Objects scanned: 85470

Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Finished!

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Malwarebytes show:

Database version: 2551

It's not updated. Please update it and run a new scan with it. Run a quick-scan is enough. Post the log once it's done please.

--

Please run a scan with DDS followed by GMER to see what's left on your machine still.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results soon.

    [*]Follow the instructions that pop up for posting the results and then click Ok.

    [*]The black and message box window shall then disappear.

    [*]Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

  • Please download GMER from one of the following locations, and save it to your desktop:

    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click gmerRandomIcon.png or gmerDesktopIcon.png on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.

  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    gmerNoDialog.png

  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)

    [*]Click on btnScan.png and wait for the scan to finish.

    [*]If you see a rootkit warning window, click OK.

    [*]Push btnSave.png and save the logfile to your desktop.

    [*]Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

How's your computer running now?

With Regards,

Extremeboy

Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted

Here are the logs and reports you asked for. The computer is running fine I have not found anything that I cannot open or run. Thank you for your help.

DDS Log:

DS (Ver_09-07-30.01) - NTFSx86

Run by Owner at 8:58:30.53 on Fri 09/04/2009

Internet Explorer: 7.0.5730.13

AV: avast! antivirus 4.7.1029 [VPS 000761-2] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AS00_Gear311T] c:\program files\netgear\wg311tsu\utility\Gear311T.exe -hide

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

LSP: ICF.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.crsdata.net/maps/install/mgaxctrlv65.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-02 13:05 227,840 a------- c:\windows\system32\wbem\SET21.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET15.tmp

2009-09-01 22:11 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-09-01 21:56 229,376 a------- c:\windows\PEV.exe

2009-09-01 21:56 161,792 a------- c:\windows\SWREG.exe

2009-09-01 21:56 98,816 a------- c:\windows\sed.exe

2009-09-01 21:56 <DIR> --ds---- C:\ComboFix

2009-08-31 17:47 <DIR> --d----- c:\program files\Trend Micro

2009-08-24 21:37 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes

2009-08-24 21:09 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-24 21:09 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-20 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-20 23:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-20 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\A-PDF

2009-08-20 21:33 <DIR> --d----- c:\program files\A-PDF Image to PDF

2009-08-20 21:05 <DIR> --d----- c:\documents and settings\owner\IGC

2009-08-20 20:58 <DIR> --d----- c:\program files\IGC

2009-08-13 03:00 <DIR> --d----- c:\windows\ServicePackFiles

2009-08-08 03:02 <DIR> --d----- C:\c8c2c5e6a72eb2d776

2009-08-08 03:02 <DIR> --d----- c:\windows\SxsCaPendDel

==================== Find3M ====================

2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-06-29 12:12 827,392 -------- c:\windows\system32\wininet.dll

2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll

2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll

2009-06-25 14:36 517,120 a------- c:\windows\system32\mqsnap.dll

2009-06-25 14:36 471,552 a------- c:\windows\system32\mqutil.dll

2009-06-25 14:36 225,280 a------- c:\windows\system32\mqoa.dll

2009-06-25 14:36 186,880 a------- c:\windows\system32\mqtrig.dll

2009-06-25 14:36 177,152 a------- c:\windows\system32\mqrt.dll

2009-06-25 14:36 138,240 a------- c:\windows\system32\mqad.dll

2009-06-25 14:36 123,392 a------- c:\windows\system32\mqrtdep.dll

2009-06-25 14:36 95,744 a------- c:\windows\system32\mqsec.dll

2009-06-25 14:36 48,640 a------- c:\windows\system32\mqupgrd.dll

2009-06-25 14:36 47,104 a------- c:\windows\system32\mqdscli.dll

2009-06-25 14:36 16,896 a------- c:\windows\system32\mqise.dll

2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll

2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll

2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll

2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll

2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll

2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll

2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe

2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll

2006-07-05 05:33 472,000 a------- c:\windows\inf\wg311t\WG311T13.sys

2006-04-25 17:30 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE

2006-04-25 17:30 26,112 a------- c:\windows\inf\wg311t\install.exe

============= FINISH: 8:58:47.39 ===============

GMER Report:

GMER 1.0.15.15077 [6dcd0mkq.exe] - http://www.gmer.net

Rootkit scan 2009-09-04 11:38:47

Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074675.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074676.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074708.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074713.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074762.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074946.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074957.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074973.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074980.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP597\A0074991.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP598\A0075169.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP599\A0075190.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP599\A0075196.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP599\A0075202.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP599\A0076202.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP599\A0076219.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP600\A0076270.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{85AACF82-60BC-434C-8C9A-27C7305B1F0F}\RP609\A0076405.sys:1 8704 bytes executable

---- EOF - GMER 1.0.15 ----

Malware Bytes scan report:

Malwarebytes' Anti-Malware 1.40

Database version: 2739

Windows 5.1.2600 Service Pack 2

9/4/2009 8:55:20 AM

mbam-log-2009-09-04 (08-55-20).txt

Scan type: Quick Scan

Objects scanned: 88725

Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attach1.zip

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Let's update Java and run an online scan...

Update Java to Version 6 Update 16

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the kaspersky_scan_now.gif button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Kasaccept.png button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the KasperskySettings.png ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Kassave.png button, if you made any changes.

    [*]Now under the Scan section on the left:

    Select My Computer

    [*]The program will now start and scan your system. This will run for a while, be patient and let it finish.

    [*]Once the scan is complete, click on View scan report

    [*]Now, click on the Save Report as button.

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,

Extremeboy

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted
Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Sorry for the delay holiday weekend. I am working on the information you gave me in your last post. Will report back in a few hours

Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted

I updated Java but the Kaspersky would not update so I could not use it to scan. It keeps saying the "launch of the Java application is interrupted! please establish an uninterrupted internet connection for work with this program"

I ran a new DDS scan :

DS (Ver_09-07-30.01) - NTFSx86

Run by Owner at 20:26:14.68 on Mon 09/07/2009

Internet Explorer: 7.0.5730.13

AV: avast! antivirus 4.7.1029 [VPS 000761-2] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AS00_Gear311T] c:\program files\netgear\wg311tsu\utility\Gear311T.exe -hide

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: ICF.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.crsdata.net/maps/install/mgaxctrlv65.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-07 20:18 411,368 a------- c:\windows\system32\deploytk.dll

2009-09-07 20:18 73,728 a------- c:\windows\system32\javacpl.cpl

2009-09-07 20:15 <DIR> --d----- c:\windows\system32\appmgmt

2009-09-02 13:05 227,840 a------- c:\windows\system32\wbem\SET21.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET2B.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET1A39.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET19.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET15.tmp

2009-09-01 22:11 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-09-01 21:56 229,376 a------- c:\windows\PEV.exe

2009-09-01 21:56 161,792 a------- c:\windows\SWREG.exe

2009-09-01 21:56 98,816 a------- c:\windows\sed.exe

2009-09-01 21:56 <DIR> --ds---- C:\ComboFix

2009-08-31 17:47 <DIR> --d----- c:\program files\Trend Micro

2009-08-24 21:37 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes

2009-08-24 21:09 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-24 21:09 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-20 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-20 23:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-20 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\A-PDF

2009-08-20 21:33 <DIR> --d----- c:\program files\A-PDF Image to PDF

2009-08-20 21:05 <DIR> --d----- c:\documents and settings\owner\IGC

2009-08-20 20:58 <DIR> --d----- c:\program files\IGC

2009-08-13 03:00 <DIR> --d----- c:\windows\ServicePackFiles

==================== Find3M ====================

2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-06-29 12:12 827,392 -------- c:\windows\system32\wininet.dll

2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll

2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll

2009-06-25 14:36 517,120 a------- c:\windows\system32\mqsnap.dll

2009-06-25 14:36 471,552 a------- c:\windows\system32\mqutil.dll

2009-06-25 14:36 225,280 a------- c:\windows\system32\mqoa.dll

2009-06-25 14:36 186,880 a------- c:\windows\system32\mqtrig.dll

2009-06-25 14:36 177,152 a------- c:\windows\system32\mqrt.dll

2009-06-25 14:36 138,240 a------- c:\windows\system32\mqad.dll

2009-06-25 14:36 123,392 a------- c:\windows\system32\mqrtdep.dll

2009-06-25 14:36 95,744 a------- c:\windows\system32\mqsec.dll

2009-06-25 14:36 48,640 a------- c:\windows\system32\mqupgrd.dll

2009-06-25 14:36 47,104 a------- c:\windows\system32\mqdscli.dll

2009-06-25 14:36 16,896 a------- c:\windows\system32\mqise.dll

2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll

2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll

2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll

2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll

2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll

2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll

2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe

2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll

2006-07-05 05:33 472,000 a------- c:\windows\inf\wg311t\WG311T13.sys

2006-04-25 17:30 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE

2006-04-25 17:30 26,112 a------- c:\windows\inf\wg311t\install.exe

============= FINISH: 20:26:32.85 ===============

The computer seems to be working fine. Let me know if I need to do anything else.

dds_report.zip

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Run ESET instead please...

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    4. Check esetAcceptTerms.png
    5. Click the esetStart.png button.
    6. Accept any security warnings from your browser.
    7. Check esetScanArchives.png
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the esetBack.png button.
    13. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted

Here is the information you asked for.. The only problem I seem to be having is with video editing software very slow now. Takes 2 1/2 hours to burn 1 30 min dvd. Otherwise all good.

DDS scan results:

DDS (Ver_09-07-30.01) - NTFSx86

Run by Owner at 23:12:32.37 on Fri 09/11/2009

Internet Explorer: 7.0.5730.13

AV: avast! antivirus 4.7.1029 [VPS 000761-2] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AS00_Gear311T] c:\program files\netgear\wg311tsu\utility\Gear311T.exe -hide

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: ICF.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.crsdata.net/maps/install/mgaxctrlv65.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-09 17:59 <DIR> --d----- c:\program files\ESET

2009-09-07 20:36 <DIR> --d----- c:\windows\pss

2009-09-07 20:18 411,368 a------- c:\windows\system32\deploytk.dll

2009-09-07 20:18 73,728 a------- c:\windows\system32\javacpl.cpl

2009-09-07 20:15 <DIR> --d----- c:\windows\system32\appmgmt

2009-09-02 13:05 227,840 a------- c:\windows\system32\wbem\SET21.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET5D.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET2B.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET27B4.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET27.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET22.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET1A39.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET19.tmp

2009-09-02 13:05 227,840 -------- c:\windows\system32\wbem\SET15.tmp

2009-09-01 22:11 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-09-01 21:56 229,376 a------- c:\windows\PEV.exe

2009-09-01 21:56 161,792 a------- c:\windows\SWREG.exe

2009-09-01 21:56 98,816 a------- c:\windows\sed.exe

2009-09-01 21:56 <DIR> --ds---- C:\ComboFix

2009-08-31 17:47 <DIR> --d----- c:\program files\Trend Micro

2009-08-24 21:37 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes

2009-08-24 21:09 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-24 21:09 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-20 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-20 23:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-20 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\A-PDF

2009-08-20 21:33 <DIR> --d----- c:\program files\A-PDF Image to PDF

2009-08-20 21:05 <DIR> --d----- c:\documents and settings\owner\IGC

2009-08-20 20:58 <DIR> --d----- c:\program files\IGC

2009-08-13 03:00 <DIR> --d----- c:\windows\ServicePackFiles

==================== Find3M ====================

2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-06-29 12:12 827,392 -------- c:\windows\system32\wininet.dll

2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll

2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll

2009-06-25 14:36 517,120 a------- c:\windows\system32\mqsnap.dll

2009-06-25 14:36 471,552 a------- c:\windows\system32\mqutil.dll

2009-06-25 14:36 225,280 a------- c:\windows\system32\mqoa.dll

2009-06-25 14:36 186,880 a------- c:\windows\system32\mqtrig.dll

2009-06-25 14:36 177,152 a------- c:\windows\system32\mqrt.dll

2009-06-25 14:36 138,240 a------- c:\windows\system32\mqad.dll

2009-06-25 14:36 123,392 a------- c:\windows\system32\mqrtdep.dll

2009-06-25 14:36 95,744 a------- c:\windows\system32\mqsec.dll

2009-06-25 14:36 48,640 a------- c:\windows\system32\mqupgrd.dll

2009-06-25 14:36 47,104 a------- c:\windows\system32\mqdscli.dll

2009-06-25 14:36 16,896 a------- c:\windows\system32\mqise.dll

2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll

2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll

2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll

2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll

2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll

2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll

2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll

2006-07-05 05:33 472,000 a------- c:\windows\inf\wg311t\WG311T13.sys

2006-04-25 17:30 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE

2006-04-25 17:30 26,112 a------- c:\windows\inf\wg311t\install.exe

============= FINISH: 23:12:49.81 ===============

attach_dds.zip

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Take a OTL run for me. Things look good at the moment. :unsure:

Download and run OTL

  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the otlDesktopIcon.png icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.
  4. Push the runscanbutton.png button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites
vonraschke

vonraschke

Posted
  • Author
Posted

Sorry for the delay here are the reports.

OTL Extras logfile created on: 9/16/2009 9:04:41 PM - Run 1

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop\virus scanners

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 440.01 Mb Available Physical Memory | 42.99% Memory free

2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.65% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 85.07 Gb Free Space | 57.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-1A596CF80

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth II -- (Electronic Arts Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Electronic Arts\The Battle for Middle-earth II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)

"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- (MusicLab, LLC)

"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Laplink\FileMover\SFTHost.exe" = C:\Program Files\Laplink\FileMover\SFTHost.exe:*:Enabled:Laplink FileMover Host Module -- (Laplink Software, Inc.)

"C:\Program Files\Laplink\FileMover\FileMover.exe" = C:\Program Files\Laplink\FileMover\FileMover.exe:*:Enabled:Laplink FileMover -- (Laplink Software, Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{1535DCC2-6EB2-4FAC-9ABB-C3DC939BB87A}" = Chicken Hunter

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 3.3

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B490F29-C87D-4901-B27B-385CAA53E41A}" = FEAR

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4B4F81E0-9150-11D4-A594-0050BAC6946A}" = NickToons Racing

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49306CE-84C6-4024-BAD2-80FE34679069}" = NETGEAR 108 Mbps Wireless PCI Adapter WG311T

"{A4B60C2E-D205-4D85-B2BA-0F13EB655A38}" = FEAR

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1

"{AE17AF1D-2A46-47DB-8887-519615EF14FC}" = F.E.A.R. Gold Bonus Content

"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support

"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3FA280D-3AE4-43F3-AFB5-D459B36A05B7}" = Safe Eyes

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer

"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = FileMover

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007

"{E11BD6A7-5046-4D25-ABCB-386A54F71033}" = Nero 7 Essentials

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter

"{FE5D9F4E-3196-450B-9583-7367C15F81A1}" = OpenOffice.org 2.2

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"A-PDF Image to PDF_is1" = A-PDF Image to PDF 2.5

"Audacity_is1" = Audacity 1.2.6

"avast!" = avast! Antivirus

"BearShare" = BearShare

"Blue's Treasure Hunt" = Blue's Treasure Hunt

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Download Manager" = Download Manager 2.3.6

"ESET Online Scanner" = ESET Online Scanner v3

"Google Desktop" = Google Desktop

"HijackThis" = HijackThis 2.0.2

"HP Document Viewer" = HP Document Viewer 5.3

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP Photo & Imaging" = HP Image Zone 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"HPExtendedCapabilities" = HP Extended Capabilities 5.3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSNINST" = MSN

"MVApplication1" = Memorex exPressit Label Design Studio

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NSS" = Norton Security Scan

"NVIDIA Drivers" = NVIDIA Drivers

"Picasa 3" = Picasa 3

"PokerStars.net" = PokerStars.net

"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy

"SpywareBlaster_is1" = SpywareBlaster v3.5.1

"TTB000001.TTB000001Toolbar" = CouponBar

"VisualTour Studio" = VisualTour Studio

"VT Remote Support" = VT Remote Support

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 8/21/2009 4:35:49 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/23/2009 9:29:17 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/23/2009 9:29:55 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/23/2009 9:30:00 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/24/2009 3:40:26 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/24/2009 3:41:16 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/24/2009 3:41:17 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/24/2009 8:33:30 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/24/2009 8:34:34 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

Error - 8/24/2009 8:34:37 PM | Computer Name = OWNER-1A596CF80 | Source = avast! | ID = 33554522

Description =

[ Application Events ]

Error - 5/25/2009 7:50:21 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/27/2009 9:35:29 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/9/2009 9:27:40 PM | Computer Name = OWNER-1A596CF80 | Source = Application Error | ID = 1000

Description = Faulting application pdr.exe, version 7.0.0.2105, faulting module

menupainter.dll, version 2.5.9611.1820, fault address 0x00027100.

Error - 7/30/2009 12:53:38 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 2:32:09 PM | Computer Name = OWNER-1A596CF80 | Source = Microsoft Zoo Tycoon | ID = 1000

Description =

Error - 8/8/2009 4:25:45 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 4:27:04 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 6:18:15 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/20/2009 10:01:22 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application SmileboxTray.exe, version 1.0.0.10968, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2009 9:30:06 PM | Computer Name = OWNER-1A596CF80 | Source = Application Hang | ID = 1002

Description = Hanging application SmileboxTray.exe, version 1.0.0.10968, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 4:26:21 AM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

Error - 9/16/2009 1:08:52 PM | Computer Name = OWNER-1A596CF80 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

The

error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe

-secured -Embedding

< End of report >

OTL logfile created on: 9/16/2009 9:04:41 PM - Run 1

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop\virus scanners

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 440.01 Mb Available Physical Memory | 42.99% Memory free

2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.65% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 85.07 Gb Free Space | 57.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-1A596CF80

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/08/27 15:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

PRC - [2006/04/25 17:30:38 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe

PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2009/09/07 20:18:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007/01/17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2007/10/04 18:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2004/06/03 21:51:54 | 00,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

PRC - [2003/10/31 20:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

PRC - [2007/08/08 16:53:16 | 00,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

PRC - [2005/05/12 00:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

PRC - [2007/11/01 17:13:26 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

PRC - [2008/09/10 19:33:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/03/05 16:58:36 | 01,288,424 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\SafeEyes.exe

PRC - [2009/01/07 15:46:56 | 01,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe

PRC - [2009/09/07 20:18:26 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2007/05/07 11:40:06 | 00,149,040 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2009/01/29 05:11:16 | 00,254,600 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe

PRC - [2007/05/07 11:40:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

PRC - [2005/05/12 00:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2007/05/07 11:40:26 | 00,910,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2009/06/25 12:10:00 | 00,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE

PRC - [2005/05/12 01:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

PRC - [2007/05/29 16:34:28 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

PRC - [2007/05/29 16:34:28 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2005/05/12 01:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

PRC - [2008/09/10 19:33:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2005/05/12 00:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

PRC - [2009/09/16 21:03:56 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\virus scanners\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/08/27 15:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])

SRV - [2006/04/25 17:30:38 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [Auto | Running])

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - File not found -- -- (aswUpdSv [Auto | Stopped])

SRV - File not found -- -- (avast! Antivirus [Auto | Stopped])

SRV - File not found -- -- (avast! Mail Scanner [On_Demand | Stopped])

SRV - File not found -- -- (avast! Web Scanner [On_Demand | Stopped])

SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008/09/10 19:33:49 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])

SRV - [2009/05/01 13:13:22 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

SRV - [2009/09/07 20:18:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007/01/17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2007/05/07 11:37:12 | 00,779,824 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007/05/07 11:40:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2007/10/04 18:14:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])

SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/08/06 16:27:11 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

DRV - [2002/04/11 17:43:44 | 00,016,194 | ---- | M] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\System32\AWINDIS5.SYS -- (AWINDIS5 [On_Demand | Stopped])

DRV - [2004/10/15 19:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])

DRV - [2006/01/19 05:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])

DRV - [2006/01/19 10:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2004/08/03 19:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])

DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2005/03/08 00:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

DRV - [2005/03/08 00:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

DRV - [2005/03/08 00:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

DRV - [2005/08/03 16:59:36 | 00,004,736 | R--- | M] (Laplink Software, Inc.) -- C:\WINDOWS\System32\drivers\llusbflt.sys -- (LLUSBFLT [On_Demand | Stopped])

DRV - [2008/08/06 17:18:36 | 00,011,861 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])

DRV - [2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])

DRV - [2001/02/19 08:48:54 | 00,024,555 | R--- | M] (USB2LAN) -- C:\WINDOWS\System32\DRIVERS\NET8511.SYS -- (NET8511 [On_Demand | Stopped])

DRV - [2003/10/07 23:23:12 | 00,344,448 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\wg311tn5.sys -- (NETGEAR_WG311T_SERVICE [On_Demand | Running])

DRV - [2007/10/04 18:14:00 | 06,854,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2004/06/03 11:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [boot | Running])

DRV - [2004/05/25 16:58:02 | 00,048,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvax.sys -- (nvax [On_Demand | Running])

DRV - [2004/01/29 02:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys -- (NVENET [On_Demand | Running])

DRV - [2004/05/25 16:58:04 | 00,396,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])

DRV - [2004/04/02 16:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [boot | Running])

DRV - [2005/08/03 16:59:38 | 00,008,960 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\Drivers\usbbc2.sys -- (PLUsbbc2 [On_Demand | Stopped])

DRV - [2008/12/19 20:08:28 | 00,027,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])

DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/11/20 15:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2004/05/12 10:01:18 | 00,097,408 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\si3112r.sys -- (si3112r [boot | Running])

DRV - [2003/10/15 07:28:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [boot | Running])

DRV - [2003/10/15 07:28:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc [boot | Running])

DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2003/10/23 07:28:00 | 00,174,336 | ---- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\System32\DRIVERS\yukonwxp.sys -- (yukonwxp [On_Demand | Running])

DRV - File not found -- Service key not found. -- (eeCtrl [unknown | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-1757981266-706699826-839522115-1003\S-1-5-21-1757981266-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-706699826-839522115-1003\S-1-5-21-1757981266-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 03:04:13 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/07 20:18:26 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll (InternetSafety.com, Inc.)

O3 - HKU\S-1-5-21-1757981266-706699826-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1757981266-706699826-839522115-1003\..\Toolbar\WebBrowser: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll (InternetSafety.com, Inc.)

O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe ()

O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [iCF] C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-1757981266-706699826-839522115-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-1757981266-706699826-839522115-1003..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\S-1-5-21-1757981266-706699826-839522115-1003..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)

O4 - HKU\S-1-5-21-1757981266-706699826-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1757981266-706699826-839522115-1003..\Run: [smileboxTray] C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1757981266-706699826-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1757981266-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1757981266-706699826-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/26.30/uploader2.cab (UploadListView Class)

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.crsdata.net/maps/install/mgaxctrlv65.cab (Autodesk MapGuide ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.62/code/iPIX-ImageWell-ipix.cab (iPIX Media Send Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/27 16:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{38feb93e-7f90-11dd-99b6-000fb56103c5}\Shell\AutoRun\command - "" = J:\wd_windows_tools\WDSetup.exe -- File not found

O33 - MountPoints2\{5d22ec46-48d9-11de-870a-000fb56103c5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5d22ec46-48d9-11de-870a-000fb56103c5}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\{5d22ec46-48d9-11de-870a-000fb56103c5}\Shell\phone\command - "" = F:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[1 C:\Documents and Settings\Owner\Desktop\*.tmp files]

[2009/09/16 03:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2009/09/11 21:48:31 | 00,089,836 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\football.pds

[2009/09/09 17:59:11 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009/09/07 20:36:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/09/07 20:18:44 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/09/07 20:18:44 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/09/07 20:18:44 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/09/07 20:18:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/09/07 20:18:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/09/07 20:15:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/09/07 20:14:07 | 16,824,096 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u16-windows-i586-s.exe

[2009/09/07 20:11:53 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/09/04 11:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\virus scanners

[2009/09/04 09:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip

[2009/09/04 09:09:06 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2009/09/04 09:09:06 | 00,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[2009/09/04 09:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/09/04 09:08:40 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip

[2009/09/03 15:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth

[2009/09/01 22:13:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/09/01 22:11:05 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll

[2009/09/01 22:11:05 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll

[2009/09/01 22:11:05 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009/09/01 22:11:05 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll

[2009/09/01 22:11:05 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll

[2009/09/01 22:11:04 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009/09/01 22:11:04 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009/09/01 22:11:04 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009/09/01 22:11:04 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009/09/01 22:11:04 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009/09/01 22:11:04 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009/09/01 22:11:04 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009/09/01 22:11:04 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009/09/01 22:11:04 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009/09/01 22:11:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009/09/01 22:11:04 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009/09/01 22:11:04 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009/09/01 22:11:04 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009/09/01 22:11:04 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009/09/01 22:11:04 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009/09/01 22:11:04 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009/09/01 22:11:04 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009/09/01 22:11:04 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009/09/01 22:11:04 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009/09/01 22:11:04 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll

[2009/09/01 22:11:04 | 00,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll

[2009/09/01 22:11:04 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll

[2009/09/01 22:11:04 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll

[2009/09/01 22:11:04 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll

[2009/09/01 22:11:04 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009/09/01 22:11:04 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll

[2009/09/01 22:11:04 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009/09/01 22:11:04 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll

[2009/09/01 22:11:04 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009/09/01 22:11:04 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009/09/01 22:11:04 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009/09/01 22:11:04 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009/09/01 22:11:04 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll

[2009/09/01 22:11:04 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll

[2009/09/01 22:11:04 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll

[2009/09/01 22:11:04 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009/09/01 22:11:04 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll

[2009/09/01 22:11:04 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009/09/01 22:11:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009/09/01 22:11:04 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009/09/01 22:11:04 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\MsPMSNSv.dll

[2009/09/01 22:11:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009/09/01 22:11:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009/09/01 22:11:04 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009/09/01 22:11:04 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll

[2009/09/01 22:11:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009/09/01 22:11:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009/09/01 22:11:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009/09/01 22:11:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009/09/01 22:11:04 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009/09/01 22:11:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009/09/01 22:11:04 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009/09/01 22:11:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009/09/01 22:11:04 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009/09/01 22:11:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009/09/01 22:11:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/09/01 21:56:41 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/09/01 21:56:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/09/01 21:56:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/09/01 21:56:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/09/01 21:56:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/09/01 21:56:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/09/01 21:56:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/09/01 21:56:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/09/01 21:56:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/09/01 21:56:38 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/09/01 21:31:20 | 03,189,342 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2009/09/01 21:31:10 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/08/31 17:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/08/24 21:37:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2009/08/24 21:31:16 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/24 21:28:17 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/24 21:09:36 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/24 21:09:35 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/20 23:45:41 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2009/08/20 23:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/08/20 23:05:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/20 23:03:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2009/08/20 21:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\A-PDF

[2009/08/20 21:33:45 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\A-PDF Image to PDF.lnk

[2009/08/20 21:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\A-PDF Image to PDF

[2009/08/20 21:19:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Aprils Real estate

[2009/08/20 20:58:26 | 00,001,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brava! Reader.lnk

[2009/08/20 20:58:26 | 00,000,000 | ---D | C] -- C:\Program Files\IGC

[2009/08/20 20:38:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\efax

[2009/03/20 16:45:54 | 00,293,584 | ---- | C] () -- C:\WINDOWS\System32\ICF.dll

[2008/12/31 00:12:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI

[2008/08/16 22:22:17 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2008/06/25 01:55:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2008/04/04 22:14:43 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/04/04 22:14:43 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2007/12/19 17:01:11 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2007/12/19 13:44:39 | 00,001,696 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2007/12/03 21:06:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/10/04 18:14:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/10/04 18:14:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/10/04 18:14:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/10/04 18:14:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/10/04 18:14:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2004/08/04 08:00:00 | 00,000,532 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[1 C:\Documents and Settings\Owner\Desktop\*.tmp files]

[2009/09/16 21:03:03 | 00,000,558 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job

[2009/09/16 10:55:16 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009/09/16 10:54:55 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/16 03:02:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/16 03:02:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/16 03:02:07 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/11 23:24:42 | 00,001,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CyberLink PowerDirector.lnk

[2009/09/11 23:20:33 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/09/11 23:20:04 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/11 21:48:33 | 00,089,836 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\football.pds

[2009/09/11 16:13:10 | 00,007,446 | ---- | M] () -- C:\CES.xml

[2009/09/11 08:19:25 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2009/09/11 08:19:02 | 00,001,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk

[2009/09/10 03:00:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/09/07 20:18:25 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/09/07 20:18:25 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/09/07 20:18:25 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/09/07 20:18:25 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/09/07 20:18:25 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/09/07 20:14:08 | 16,824,096 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u16-windows-i586-s.exe

[2009/09/04 09:09:06 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2009/09/04 09:09:06 | 00,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[2009/09/02 13:21:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/01 22:05:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/09/01 22:04:56 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/01 21:24:56 | 03,189,342 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2009/08/29 10:23:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/08/21 16:37:09 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/08/20 21:33:45 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\A-PDF Image to PDF.lnk

[2009/08/20 20:59:44 | 02,645,770 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2009/08/20 20:58:26 | 00,001,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brava! Reader.lnk

[2009/08/20 19:16:09 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/08/19 13:06:22 | 00,000,752 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MLS.url

< End of report >

Thank you

And the second one:

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

That looks good. We can wrap up.

Please follow/read the steps below to remove the tools we used and for some more information. :)

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    CF_Cleanup.png
  • You will then recieve a message letting you know that Combofix was uninstalled Successfully.

This will remove files/folders assoicated with combofix and uninstall it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

[*]Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.