please help something is causing my pc to crash, not sure it just keep hangin up til i have to reboot

[Maurice Naggar]

You said

Oh I almost forgot when I was doing the comb_fix . It had a prompt that said,( would I like to update

combofix) . I stated no , I hope this was the correct way to do this ?

YES that was the right thing. Thanks.

Better, Nancy. That is much better. I need for you to do a similar set so we can remove 1 more file.

Turn off AVG antivirus as you did before

Start notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=42520

Collect::
C:\WINDOWS\System32\C28E54603C.sys
C:\Documents and Settings\All Users\Application Data\C28E54603C.sys

Save this as CFScript.txt on your Desktop. You WILL be prompted that the file already Exists, and are you sure you want to Overwrite ! Reply Yes and save and close the file. And Exit Notepad.

Refering to the picture above, drag CFScript.txt and drop into Combo-Fix.exe (the red lion icon on your Desktop)

When finished, it shall produce a log for you.

Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
  
• A browser will open.
  
• Simply follow the instructions to copy/paste/send the requested file.
  

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Reply with copy of the new C:\Combofix.txt

Turn AVG antivirus back on.

[nevadagirl]

How do i turn this off an what is this ?

It comes up saying :

Precalence reporter avgcmgr.exe is trying to connect to mmi.explabs.net [38.103.37.243] using remote port 80 [HTTP-World Wide Web]. Do you want to allow this program to access the network ?"

File Version : 9.0.0.711

File Description : Prevalence reporter (avgcmgr.exe)

File Path : C:\Program Files\AVG\AVG9\avgcmgr.exe

Process ID : 0x1D8 (Heximal) 472 (Decimal)

Connection origin : local initiated

Protocol : TCP

Local Address : 192.168.1.11

Local Port : 2019

Remote Name : mmi.explabs.net

Remote Address : 38.103.37.243

Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:

Ethernet II (Packet Length: 76)

Destination: 00-50-7f-0d-01-cf

Source: 00-0b-6a-83-bb-a4

Type: IP (0x0800)

Internet Protocol

Version: 4

Header Length: 20 bytes

Flags:

.1.. = Don't fragment: Set

..0. = More fragments: Not set

Fragment offset:0

Time to live: 128

Protocol: 0x6 (TCP - Transmission Control Protocol)

Header checksum: 0xff2e (Correct)

Source: 192.168.1.11

Destination: 38.103.37.243

Transmission Control Protocol (TCP)

Source port: 2019

Destination port: 80

Sequence number: 3403913266

Acknowledgment number: 0

Header length: 28

Flags:

0... .... = Congestion Window Reduce (CWR): Not set

.0.. .... = ECN-Echo: Not set

..0. .... = Urgent: Not set

...0 .... = Acknowledgment: Not set

.... 0... = Push: Not set

.... .0.. = Reset: Not set

.... ..1. = Syn: Set

.... ...0 = Fin: Not set

Checksum: 0xc909 (Correct)

Data (0 Bytes)

Binary dump of the packet:

0000: 00 50 7F 0D 01 CF 00 0B : 6A 83 BB A4 08 00 45 00 | .P......j.....E.

0010: 00 30 BD BB 40 00 80 06 : 2E FF C0 A8 01 0B 26 67 | .0..@.........&g

0020: 25 F3 07 E3 00 50 CA E3 : 98 32 00 00 00 00 70 02 | %....P...2....p.

0030: FF FF 09 C9 00 00 02 04 : 05 B4 01 01 04 02 44 46 | ..............DF

0040: 4A 43 4E 44 4A 44 42 44 : 47 44 42 44 | JCNDJDBDGDBD

[nevadagirl]

Here the next one for you an whats concerning me is I still have two iexplores in my windows taskmanger .

Again thanks for all your help youve been awesome

ComboFix 10-03-10.08 - Nancy 03/12/2010 1:17.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.965 [GMT -6:00]

Running from: c:\documents and settings\Nancy\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Nancy\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

file zipped: c:\documents and settings\All Users\Application Data\C28E54603C.sys

file zipped: c:\windows\System32\C28E54603C.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\C28E54603C.sys

c:\windows\System32\C28E54603C.sys

.

((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))

.

2010-03-09 06:03 . 2010-03-09 10:25 -------- d-----w- c:\program files\Fiona Finch and the Finest Flowers

2010-03-09 06:00 . 2010-03-09 06:01 -------- d-----w- c:\program files\Shaman Odyssey Tropic Adventure

2010-03-08 08:20 . 2010-03-08 08:20 -------- d-----w- c:\documents and settings\Nancy\Application Data\AVG9

2010-03-06 14:45 . 2010-03-06 15:04 -------- d-----w- c:\program files\ERUNT

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes

2010-03-05 22:03 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-05 22:03 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-05 05:35 . 2010-03-05 05:35 -------- d-----w- c:\program files\Security Task Manager

2010-03-05 02:44 . 2010-03-05 02:44 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll

2010-03-05 02:44 . 2010-03-05 02:44 2054 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F8F8F82872CA4545970643B44AA1D88.dll

2010-03-05 02:44 . 2010-03-05 02:44 146 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CAED145D3F56E547BBC49CE3F9B7684.dll

2010-03-05 02:44 . 2010-03-05 02:44 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll

2010-02-27 16:52 . 2010-03-04 04:59 -------- d-----w- c:\documents and settings\Nancy\Application Data\Faerie Solitaire

2010-02-27 13:32 . 2010-02-27 13:46 -------- d-----w- c:\program files\Faerie Solitaire

2010-02-27 13:03 . 2010-02-27 13:45 -------- d-----w- c:\program files\Alices Tea Cup Madness

2010-02-25 11:23 . 2010-02-25 11:24 -------- d-----w- c:\program files\Cake Mania 3

2010-02-21 06:45 . 2010-02-21 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2010-02-19 23:18 . 2010-02-20 00:29 -------- d-----w- C:\Downloads

2010-02-19 04:12 . 2010-03-07 00:27 -------- d-----w- c:\program files\IEPro

2010-02-19 04:11 . 2010-02-19 05:51 -------- d-----w- c:\documents and settings\Nancy\Application Data\IEPro

2010-02-18 06:29 . 2010-03-09 14:21 -------- d-----w- c:\documents and settings\Nancy\Application Data\4shared Desktop

2010-02-18 06:22 . 2010-02-18 06:22 -------- d-----w- c:\program files\4shared Desktop

2010-02-14 05:57 . 2010-03-11 04:50 -------- d-----w- c:\program files\Farm Mania 2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-07 00:25 . 2009-10-03 17:59 -------- d-----w- c:\program files\Airport Mania

2010-03-05 09:40 . 2007-12-24 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-03-05 08:55 . 2006-09-25 02:47 -------- d-----w- c:\program files\Trend Micro

2010-03-03 14:20 . 2006-08-18 10:40 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-27 13:46 . 2006-12-16 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2010-02-27 13:46 . 2006-08-28 16:47 -------- d-----w- c:\documents and settings\Nancy\Application Data\PlayFirst

2010-02-22 06:10 . 2009-12-28 02:13 -------- d-----w- c:\program files\Build It! Miami Beach Resort

2010-02-21 09:25 . 2009-09-03 02:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-21 06:35 . 2009-06-21 00:51 -------- d-----w- c:\program files\Alawar

2010-02-21 06:32 . 2009-11-21 01:47 -------- d-----w- c:\documents and settings\Nancy\Application Data\Skype

2010-02-21 06:03 . 2009-11-21 01:50 -------- d-----w- c:\documents and settings\Nancy\Application Data\skypePM

2010-02-19 19:15 . 2008-12-22 17:20 -------- d-----w- c:\documents and settings\Nancy\Application Data\dvdcss

2010-02-14 05:23 . 2006-07-29 02:36 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-11 04:21 . 2009-06-21 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-02-10 09:56 . 2009-02-26 13:53 -------- d-----w- c:\documents and settings\Nancy\Application Data\EleFun Games

2010-02-08 07:55 . 2006-07-29 21:59 -------- d-----w- c:\program files\QuickTime

2010-02-08 07:54 . 2010-02-05 05:46 -------- d-----w- c:\program files\Apple Software Update

2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-02-08 07:54 . 2010-02-04 20:38 -------- d-----w- c:\program files\Passport to Paradise

2010-02-08 07:53 . 2007-02-23 23:30 -------- d-----w- c:\program files\IncrediMail

2010-02-08 07:53 . 2006-07-30 04:56 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-02-08 07:53 . 2009-01-24 13:13 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-08 05:54 . 2007-06-23 05:11 -------- d-----w- c:\program files\Winter Wonderland

2010-02-07 12:54 . 2009-11-02 06:10 -------- d-----w- c:\program files\Sallys Quick Clips

2010-02-07 12:54 . 2009-04-03 19:28 -------- d-----w- c:\program files\Success Story

2010-02-07 12:54 . 2009-09-20 04:49 -------- d-----w- c:\program files\Tradewinds Classic

2010-02-07 12:54 . 2009-02-26 02:03 -------- d-----w- c:\program files\Turtix Rescue Adventure

2010-02-07 12:54 . 2009-03-06 05:01 -------- d-----w- c:\program files\Vanilla and Chocolate

2010-02-07 12:54 . 2009-09-27 04:37 -------- d-----w- c:\program files\Tradewinds Caravans

2010-02-05 06:04 . 2010-02-05 06:04 68064 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-05 06:00 . 2006-08-15 01:21 -------- d-----w- c:\documents and settings\Nancy\Application Data\Apple Computer

2010-02-05 05:48 . 2010-02-05 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-05 05:48 . 2010-02-05 05:45 -------- d-----w- c:\program files\Common Files\Apple

2010-02-04 20:48 . 2010-02-04 20:48 -------- d-----w- c:\documents and settings\Nancy\Application Data\Boomzap

2010-02-03 10:51 . 2006-08-03 18:47 10 ----a-w- c:\windows\popcinfo.dat

2010-02-03 03:43 . 2010-02-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IM

2010-02-03 03:32 . 2010-02-03 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail

2010-01-29 04:35 . 2006-07-11 15:06 -------- d-----w- c:\program files\Common Files\Java

2010-01-29 04:35 . 2010-01-29 04:35 503808 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\msvcp71.dll

2010-01-29 04:35 . 2010-01-29 04:35 499712 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\jmc.dll

2010-01-29 04:35 . 2010-01-29 04:35 348160 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\msvcr71.dll

2010-01-29 04:35 . 2010-01-29 04:35 61440 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66f90d48-n\decora-sse.dll

2010-01-29 04:35 . 2010-01-29 04:35 12800 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66f90d48-n\decora-d3d.dll

2010-01-29 04:35 . 2006-07-11 15:07 -------- d-----w- c:\program files\Java

2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cake-shop-2_s1_l1_gF5309T1L1_d796566250.exe

2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll

2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-21 19:14 . 2004-08-04 12:00 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll

2009-12-21 19:14 . 2006-10-17 18:57 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll

2009-12-21 19:14 . 2006-11-08 04:03 11070464 ----a-w- c:\windows\system32\ieframe(3)(2).dll

2009-12-17 23:14 . 2009-02-27 02:43 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-15 18:14 . 2009-12-15 18:14 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-15 18:14 . 2009-12-15 18:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-15 18:14 . 2009-12-15 18:14 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-15 18:14 . 2009-12-15 18:14 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-02-02 11:34 . 2008-11-12 02:18 13824 --sha-w- c:\program files\Thumbs.db

2007-01-27 10:59 . 2007-01-27 10:59 6144 --sha-w- c:\program files\Common Files\Thumbs.db

.

((((((((((((((((((((((((((((( SnapShot@2010-03-10_11.53.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-12 00:02 . 2010-03-12 00:02 16384 c:\windows\Temp\Perflib_Perfdata_228.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"4shared Desktop"="c:\program files\4shared Desktop\desktop.exe" [2009-12-07 3632640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]

"JMAP5289"="c:\program files\ULI5289\JMAP5289.exe" [2004-07-19 28672]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-09-29 1337344]

c:\documents and settings\Nancy\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-15 18:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2006-08-01 22:35 67112 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]

2004-07-24 09:13 405504 ------w- c:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]

2007-10-31 01:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

2002-12-11 00:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

2002-12-11 00:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-07-23 08:27 68096 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-02-06 20:44 3572984 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EapHost"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SiteAdvisor"=c:\program files\SiteAdvisor\5020\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre1.5.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [7/10/2006 4:06 PM 7040]

R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [7/10/2006 4:06 PM 7168]

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [1/11/2005 9:50 AM 49101]

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [9/4/2006 5:16 PM 19478]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [7/10/2006 3:53 PM 44928]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/15/2009 12:14 PM 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/15/2009 12:14 PM 360584]

R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [9/4/2006 5:16 PM 635017]

R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [9/4/2006 5:16 PM 431236]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/15/2009 12:13 PM 285392]

R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/23/2009 8:01 AM 30152]

R3 JM5289;JM5289;\??\c:\documents and settings\Nancy\JM5289.sys --> c:\documents and settings\Nancy\JM5289.sys [?]

R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [3/1/2009 11:04 PM 220079]

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [7/10/2006 3:55 PM 29696]

S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [9/4/2006 5:16 PM 64093]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm

IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm

IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm

Trusted Zone: ebay.com\search

Trusted Zone: liveops.com\callcenter

Trusted Zone: liveops.com\www

Trusted Zone: liveops.com \callcenter

Trusted Zone: proflowers.com\homeadmin

Trusted Zone: proflowers.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} - hxxps://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-12 01:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1897051121-725345543-1004\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Param2"=""

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-1897051121-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:89,61,5a,b1,c4,a6,35,3a,a1,af,96,14,de,12,56,6e,c7,e1,9e,68,35,97,25,

7b,1e,17,b9,20,62,61,49,15,ac,c2,d7,e1,64,ba,60,c7,bd,04,17,74,ce,ba,c8,fe,\

"??"=hex:e5,85,7e,b7,90,ab,d1,ac,28,b9,66,ef,9b,f4,3e,0d

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-03-12 01:24:43

ComboFix-quarantined-files.txt 2010-03-12 07:24

ComboFix2.txt 2010-03-12 00:24

ComboFix3.txt 2010-03-10 11:56

Pre-Run: 33,028,739,072 bytes free

Post-Run: 33,089,900,544 bytes free

- - End Of File - - D97C7F66AA13BA2A2798C2A3627A345E

Upload was successful

[Maurice Naggar]

Hello Nancy,

You've done well with the Combofix runs. It removed the files as I intended.

How do i turn this off an what is this ?

It comes up saying :

Precalence reporter avgcmgr.exe is trying to connect to mmi.explabs.net [38.103.37.243] using remote port 80 [HTTP-World Wide Web]. Do you want to allow this program to access the network ?"

That is a component of the AVG 9 antivirus program. That is OK to allow it.

You'll need to set the Sygate Personal Firewall such that it gives permissions to AVG 9 without prompting you all the time.

Here the next one for you an whats concerning me is I still have two iexplores in my windows taskmanger .

Humh... we'll need to do more digging around.

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not nevadagirl and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs that you started while you run these tools.

Step 1

Your system has the latest Java runtime, Java 6 Update 18; but it also has several older ones which need removal.

This is just maintenance & cleanup of older Java runtimes.

• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove the older versions of Java. Remove these:
  J2SE Runtime Environment 5.0 Update 7
  J2SE Runtime Environment 5.0 Update 11
  Java 6 Update 3
  Java 6 Update 4
  Java 6 Update 5
  Java 6 Update 6
  Java 6 Update 7
  
• Check (highlight) each of them, in turn &
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove these Java versions.
  

Step 2

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At -this time- of posting, the current definitions are # 3858 and the latest program version is 1.44

When done, click the Scanner tab.

Select & Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Depending on how many files your system has, it may take an hour or possibly a bit more to finish.

Have plenty of patience. It is well worth the effort and time.

Step 3

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:

• Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  
• Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the "Scan tab" and UNcheck "Heuristic analysis"
  
• Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  
• Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  
• When done, a message will be displayed at the bottom advising if any viruses were found.
  
• Click "Yes to all" if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

Step 4

Close all non-essential programs & windows that you have open. And there should be none, since you would have restarted the system fresh in Normal mode.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it.

It generates a log too {name will start with "Startup Programs". It takes a few minutes and it will notify you with a popup when your log is ready (it will be in the new folder you created).

Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Reply with copy of the latest MBAM scan log

the DrWeb Cure-It report

the SilentRunners log

[nevadagirl]

Hi Maurice

Well I scan for the malware an everything is fine there . My problem is my pc will not let me boot up in safe mode . I have tired every different way I can , an it will not start up in safe mode is there another way to go into safe mode ? Also does it make any different that I have my hard drives set to rad o so they write at the same time . Just wondering if that might be why. You know Ive never put my pc in safe mode never had a problem till now .Well that about it so please any help with this would be truly appericate any help ..

Thanks Nancy

[Maurice Naggar]

Nancy,

Did you run the DrWeb Cure-it? If so, the results were all clean?

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

• Double-click FixPolicies.exe.
  
• Click the "Install" button on the bottom toolbar of the box that will open.
  
• The program will create a new Folder called FixPolicies.
  
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  
• A black box will briefly appear and then close.
  
• This fix may prove temporary. You can safely run the utility again.
  

If you did not run DrWeb Cure-it, Turn off AVG antivirus as you did before , and then run DrWeb Cure-it in Normal mode.

Also, I'd like for you to post the latest MBAM scan log and certainly the Silent Runners log too.

As to Safe mode, did you restart & tap & re-tap F8 key & get an Advanced Boot menu, with a list of startup options, including "Safe Mode" and "Safe mode with Networking" ??

btw, the fact that the system is set for RAID makes no difference, one way or another, regarding Safe mode.

[nevadagirl]

Hi Maurice

Sorry it taken so long but my computer is acting crazy . Ive been trying to work an fix this problem it has all at the same time an it not been easy .

Ok here is the Mbam you ask for

Objects scanned: 384494

Time elapsed: 2 hour(s), 35 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Nancy\Desktop\keeps\Ref\Ref1\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nancy\My Documents\my GAMES\fff_reflex4.0\Reflexive_Game_2009\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nancy\My Documents\my GAMES\reflexive 5\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nancy\My Documents\my GAMES\reflexive 5\Ref\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nancy\My Documents\my GAMES\reflexive 5\Ref\Ref1\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I got those files with the trojans from 4 shared files online an havent even open them up so I dont think they hurt my pc ,

Also after today I dont no whats going on with it . I tired one more time to put in safe mode ,well actually

about 5 more times with no success.

So I tired to run the dr web it was just about finished an I had fell asleep waiting on it ,

It takes almost 2 hrs to run a scan on my pc cause i do alot of art work an stationery which I saved alot of tubes pictures plugins ex ecx ...

I have a quite alot of space an have only 30 gigs left .

Well anyhow then I tried to scan with dr web but it did not open as you said . It first ask if I would like to update. Which I did not, Wasnt sure because it was saying something about buying it an if I wanted to view the contract it either yes are no so I had to pick yes for it to continue.

Also you said that it would only do an express scan which it said express on the little thing that was tick but ran all of my documents just about everything which took sometimes like i said anyhow

after about two hr i feel asleep an it was almost finished an had not come up with any virus at that time . When I woke up this was waiting on my desk top. There was no file in the folder to tell of what had been done with the virus scan ..............

Your system has recovered from a serious error

c:\DOUCUME~1\Nancy\LOCALS~1\Temp\WERd1b6.dir00\Mini031510-01.dmp

c:\DOUCUME~1\Nancy\LOCALS~1\Temp\WERd1b6.dir00\sysdata.xml

Also right after this happen I had a window open up saying

NT Kerenel System has changed since the last time you used it .This could happen if you have updated it

recently .click detail if you want to see more . Do you want to allow it to access the network ?

Sygate Personal Fiewall 3/15/2010

<The only problem is I havent updated the fire wall at all ..>

<This is the information on my firewall if this helps at all >

the executable has changed since the last time you used:

C:\WINDOWS\system32\ntoskrnl.exe

File Version : 5.1.2600.5913

File Description : NT Kernel & System

File Path : C:\WINDOWS\system32\ntoskrnl.exe

Process ID : 0x4 (Heximal) 4 (Decimal)

Connection origin : remote initiated

Protocol : UDP

Local Address : 192.168.1.255

Local Port : 138 (NETBIOS-DGM - Browsing datagram responses of NetBIOS over TCP/IP)

Remote Name :

Remote Address : 192.168.1.10

Remote Port : 138

Ethernet packet details:

Ethernet II (Packet Length: 216)

Destination: ff-ff-ff-ff-ff-ff

Source: 00-e0-b8-7c-4b-41

Type: IP (0x0800)

Internet Protocol

Version: 4

Header Length: 20 bytes

Flags:

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset:0

Time to live: 128

Protocol: 0x11 (UDP - User Datagram Protocol)

Header checksum: 0x5e19 (Correct)

Source: 192.168.1.10

Destination: 192.168.1.255

User Datagram Protocol

Source port: 138

Destination port: 138

Length: 8

Checksum: 0x3569 (Correct)

Data (182 Bytes)

Binary dump of the packet:

0000: FF FF FF FF FF FF 00 E0 : B8 7C 4B 41 08 00 45 00 | .........|KA..E.

0010: 00 CA 9C 6B 00 00 80 11 : 19 5E C0 A8 01 0A C0 A8 | ...k.....^......

0020: 01 FF 00 8A 00 8A 00 B6 : 69 35 11 02 82 04 C0 A8 | ........i5......

0030: 01 0A 00 8A 00 A0 00 00 : 20 45 45 45 42 46 47 45 | ........ EEEBFGE

0040: 4A 45 45 43 4E 44 42 45 : 42 44 4A 44 46 44 4A 44 | JEECNDBEBDJDFDJD

0050: 42 44 48 44 47 45 42 41 : 41 00 20 45 4E 46 44 45 | BDHDGEBAA. ENFDE

0060: 49 45 50 45 4E 45 46 43 : 41 43 41 43 41 43 41 43 | IEPENEFCACACACAC

0070: 41 43 41 43 41 43 41 43 : 41 42 4E 00 FF 53 4D 42 | ACACACACABN..SMB

0080: 25 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | %...............

0090: 00 00 00 00 00 00 00 00 : 00 00 00 00 11 00 00 06 | ................

00A0: 00 00 00 00 00 00 00 00 : 00 E8 03 00 00 00 00 00 | ................

00B0: 00 00 00 06 00 56 00 03 : 00 01 00 01 00 02 00 17 | .....V..........

00C0: 00 5C 4D 41 49 4C 53 4C : 4F 54 5C 42 52 4F 57 53 | .\MAILSLOT\BROWS

<<< this also came up. I was wanting to know why this happen to be there as well ? With all the other information,

<<<<<<<<Should I except this change >>>>>>>

Application has changed since the last time you opened it, process id: 4

Filename: C:\WINDOWS\system32\ntoskrnl.exe

The change was allowed by user

---- Modules changed: 1 ----

C:\WINDOWS\system32\ntoskrnl.exe

---- New modules: 0 ----

00D0: 45 00 09 04 AA 00 00 00 : | E.......

Well thats the update as of now do you want me to try an rescan with dr web ?

[Maurice Naggar]

Hi Nancy,

No, do NOT run DrWeb Cure-It.

I need for you to get and run SilentRunners utility.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it.

It generates a log too {name will start with "Startup Programs". It takes a few minutes and it will notify you with a popup when your log is ready (it will be in the new folder you created).

Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Reply with copy of the DrWeb Cure-It report

Next, delete the copy of OTL.exe on your Desktop. I'd like for you to get the latest.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.com

Double-click OTL to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt

[nevadagirl]

heres the startup program for silent runner

Maurice as far as the dr web , it did not make a file are anything like said it left me with a completely rebooted system an a box sitting there saying my system had recovered from a serious problem, not sure why it did not make a file .

I looked in the folder an there was nothing in it .

So do you want me to try an re run dr web , before i run another otl ?

Please let me know which one you would like me to run first

again thanks for all your time I can not say it enough

"Silent Runners.vbs", revision 60, http://www.silentrunners.org/

Operating System: Windows XP SP3

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]

"JMAP5289" = "C:\Program Files\ULI5289\JMAP5289.exe" [null data]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]

"4shared Update" = ""C:\Program Files\4shared Desktop\checkUpdate.exe"" ["New IT Solutions"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" [file not found]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"

\StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"

-> {HKLM...CLSID} = "Skype add-on (mastermind)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"

-> {HKLM...CLSID} = "AVG Safe Search"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgssie.dll" ["AVG Technologies CZ, s.r.o."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"

-> {HKLM...CLSID} = "Mobile Device"

\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\rpshell.dll" ["RealNetworks, Inc."]

"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"

-> {HKLM...CLSID} = "Logitech Gallery"

\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]

"{1B2B8872-CBC3-4d18-9DFC-ADF855549994}" = "Riff icon extension"

-> {HKLM...CLSID} = "RiffIconHandler Class"

\InProcServer32\(Default) = "c:\Program Files\Common Files\Corel\Shared\Icon Handler\RiffSE.dll" ["Corel Corporation"]

"{9E209F16-C917-4DAC-8540-F9BC5E0F98CF}" = "Sketchpad icon extension"

-> {HKLM...CLSID} = "SketchpadIconHandler Class"

\InProcServer32\(Default) = "c:\Program Files\Common Files\Corel\Shared\Icon Handler\SketchpadSE.dll" ["Corel Corp"]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG Shell Extension"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" ["AVG Technologies CZ, s.r.o."]

"{EBDF1F20-C829-11D1-8233-0020AF3E97A9}" = "4shsared_Desktop"

-> {HKLM...CLSID} = "4shared_Desktop"

\InProcServer32\(Default) = "C:\PROGRA~1\4SHARE~1\CMenu.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<<!>> avgrsstarter\DLLName = "avgrsstx.dll" ["AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}"

-> {HKLM...CLSID} = "XPLPPFilter Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgpp.dll" ["AVG Technologies CZ, s.r.o."]

<<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}"

-> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

4shared_Desktop\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"

-> {HKLM...CLSID} = "4shared_Desktop"

\InProcServer32\(Default) = "C:\PROGRA~1\4SHARE~1\CMenu.dll" [null data]

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" ["AVG Technologies CZ, s.r.o."]

IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

-> {HKLM...CLSID} = "IMMenuShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\IncrediMail\bin\ImShExtU.dll" ["IncrediMail, Ltd."]

________________________________________________________________________________

________

ALSO I DECIDED TO RUN IT WITH IE open cause thats when alot of my stuff goes on so this is a second run

with the ie open looks diffent to .

Also it said to run a second one saying no an then yes at the second window box so I went a head an did that

.

________________________________________________________________________________

_____________

(heres the last scan of SILENT RUNNER IN all the different types of run it said could be run did not which one you wanted so did then all )

"Operating System: Windows XP SP3

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]

"JMAP5289" = "C:\Program Files\ULI5289\JMAP5289.exe" [null data]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]

"4shared Update" = ""C:\Program Files\4shared Desktop\checkUpdate.exe"" ["New IT Solutions"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" [file not found]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"

\StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"

-> {HKLM...CLSID} = "Skype add-on (mastermind)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"

-> {HKLM...CLSID} = "AVG Safe Search"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgssie.dll" ["AVG Technologies CZ, s.r.o."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"

-> {HKLM...CLSID} = "Mobile Device"

\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\rpshell.dll" ["RealNetworks, Inc."]

"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"

-> {HKLM...CLSID} = "Logitech Gallery"

\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]

"{1B2B8872-CBC3-4d18-9DFC-ADF855549994}" = "Riff icon extension"

-> {HKLM...CLSID} = "RiffIconHandler Class"

\InProcServer32\(Default) = "c:\Program Files\Common Files\Corel\Shared\Icon Handler\RiffSE.dll" ["Corel Corporation"]

"{9E209F16-C917-4DAC-8540-F9BC5E0F98CF}" = "Sketchpad icon extension"

-> {HKLM...CLSID} = "SketchpadIconHandler Class"

\InProcServer32\(Default) = "c:\Program Files\Common Files\Corel\Shared\Icon Handler\SketchpadSE.dll" ["Corel Corp"]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG Shell Extension"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" ["AVG Technologies CZ, s.r.o."]

"{EBDF1F20-C829-11D1-8233-0020AF3E97A9}" = "4shsared_Desktop"

-> {HKLM...CLSID} = "4shared_Desktop"

\InProcServer32\(Default) = "C:\PROGRA~1\4SHARE~1\CMenu.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<<!>> avgrsstarter\DLLName = "avgrsstx.dll" ["AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}"

-> {HKLM...CLSID} = "XPLPPFilter Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgpp.dll" ["AVG Technologies CZ, s.r.o."]

<<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}"

-> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

4shared_Desktop\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"

-> {HKLM...CLSID} = "4shared_Desktop"

\InProcServer32\(Default) = "C:\PROGRA~1\4SHARE~1\CMenu.dll" [null data]

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" ["AVG Technologies CZ, s.r.o."]

IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

-> {HKLM...CLSID} = "IMMenuShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\IncrediMail\bin\ImShExtU.dll" ["IncrediMail, Ltd."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

4shared_Desktop\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"

-> {HKLM...CLSID} = "4shared_Desktop"

\InProcServer32\(Default) = "C:\PROGRA~1\4SHARE~1\CMenu.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG9 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\AVG\AVG9\avgse.dll" ["AVG Technologies CZ, s.r.o."]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP11.0\WZSHLSTB.DLL" ["WinZip Computing LP"]

Default executables:

--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ASHAshampoo_Burning_Studio_6BURNONARRIVAL\

"Provider" = "Ashampoo Burning Studio 6"

"InvokeProgID" = "Ashampoo.BurningStudio6"

"InvokeVerb" = "autoplay-burn"

HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio6\shell\autoplay-burn\Command\(Default) = ""C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l"" ["ashampoo Technology GmbH & Co. KG"]

ASHAshampoo_Burning_Studio_6COPYONARRIVAL\

"Provider" = "Ashampoo Burning Studio 6"

"InvokeProgID" = "Ashampoo.BurningStudio6"

"InvokeVerb" = "autoplay-copy"

HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio6\shell\autoplay-copy\Command\(Default) = ""C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l" -copy" ["ashampoo Technology GmbH & Co. KG"]

ASHAshampoo_Burning_Studio_6RIPONARRIVAL\

"Provider" = "Ashampoo Burning Studio 6"

"InvokeProgID" = "Ashampoo.BurningStudio6"

"InvokeVerb" = "autoplay-rip"

HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio6\shell\autoplay-rip\Command\(Default) = ""C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l" -rip" ["ashampoo Technology GmbH & Co. KG"]

Corel Paint Shop Pro Photo X2ShowPicturesOnArrivalHandler\

"Provider" = "Corel Paint Shop Pro Photo X2"

"InvokeProgID" = "PaintShopProPhotoX2.Image"

"InvokeVerb" = "Review"

HKLM\SOFTWARE\Classes\PaintShopProPhotoX2.Image\shell\Review\command\(Default) = ""C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /Review "%1"" ["Corel, Inc."]

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

Paint Shop Pro 9ShowPicturesOnArrivalHandler\

"Provider" = "Paint Shop Pro 9"

"InvokeProgID" = "PaintShopPro9.BrowserCacheFile"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\PaintShopPro9.BrowserCacheFile\shell\open\command\(Default) = "C:\PROGRA~1\JASCSO~1\PAINTS~1\PAINTS~1.EXE "/Browse" "%1" ["Jasc Software, Inc."]

Paint Shop Pro XShowPicturesOnArrivalHandler\

"Provider" = "Corel Paint Shop Pro X"

"InvokeProgID" = "PaintShopProX.Image"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\PaintShopProX.Image\shell\open\command\(Default) = "C:\PROGRA~1\Corel\CORELP~2\PAINTS~1.EXE "%1" ["Corel, Inc."]

PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe %1" ["CyberLink Corp."]

PSASE30ImportPicturesOnArrival\

"Provider" = "Adobe Photoshop Album Starter Edition"

"InvokeProgID" = "PSASE30.autoplay"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"]

RPCDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.CDBurn.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\

"Provider" = "RealPlayer"

"ProgID" = "RealPlayer.HWEventHandler"

HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"

-> {HKLM...CLSID} = "RealNetworks Scheduler"

\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AudioCD.6"

"InvokeVerb" = "play"

HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVD.6"

"InvokeVerb" = "play"

HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AutoPlay.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

VLCPlayCDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.CDAudio"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.DVDMovie"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

Startup items in "Nancy" & "All Users" startup folders:

-------------------------------------------------------

C:\Documents and Settings\Nancy\Start Menu\Programs\Startup

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

-> {HKLM...CLSID} = "&Links"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{0FBB9689-D3D7-4F7A-A2E2-585B10099BFC}" = "Veoh Web Player Video Finder"

-> {HKLM...CLSID} = "Veoh Web Player Video Finder"

\InProcServer32\(Default) = "C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll" ["Veoh Networks Inc"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_18"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2iexp.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_18"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\npjpi160_18.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Create Mobile Favorite"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Create Mobile Favorite..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{5067A26B-1337-4436-8AFE-EE169C2DA79F}\

"MenuText" = "Skype add-on for Internet Explorer"

"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"

-> {HKLM...CLSID} = "Skype add-on (button)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\

"ButtonText" = "Skype"

"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"

-> {HKLM...CLSID} = "Skype add-on (button)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\

"ButtonText" = "AIM"

"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG Free WatchDog, avg9wd, ""C:\Program Files\AVG\AVG9\avgwdsvc.exe"" ["AVG Technologies CZ, s.r.o."]

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

Juniper Network Connect Service, dsNcService, "C:\Program Files\Juniper Networks\Common Files\dsNcService.exe" ["Juniper Networks"]

LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

Protexis Licensing V2, PSI_SVC_2, ""c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"" ["Protexis Inc."]

ProtexisLicensing, ProtexisLicensing, "C:\WINDOWS\system32\PSIService.exe" [null data]

SmartLinkService, SLService, "slserv.exe" [" "]

Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]

Viewpoint Service, Viewpoint Service, ""C:\Program Files\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Fax Lexmark 4200 Series Port\Driver = "LXBRPMON.DLL" [null data]

Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

TCI Port\Driver = "ftprmn45.dll" ["Thought Communications, Inc."]

---------- (launch time: 2010-03-16 06:03:10)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 300 seconds.

---------- (total run time: 382 seconds)

[Maurice Naggar]

I only needed 1 SilentRunners report.

"recovered from a serious error" is a message from Windows.

So do you want me to try an re run dr web , before i run another otl ?

No, do not need any further run of DrWeb Cure-It

~ Edited to add resetting of pagefile ~ Maurice

When you can get some "free time" when you are not needing the pc for a few minutes today, I'd like for you to reset the Windows' pagefile (don't worry if you are not technically familiar).

Save any open files/documents you have opened, and Close any programs started on your own.

Do the steps below outlined in the quote box, and then Logoff and restart the system.

I'm going to quote the steps to do from a Microsoft article

http://support.microsoft.com/kb/317277

To re-create the pagefile, follow these steps:

Click Start.

Right-click My Computer (on your Desktop).

Click Properties.

On the Advanced tab, in the Performance section, click Settings.

In the Virtual Memory section, click Change.

For Paging file size for selected drive, click No Paging File, and then click Set.

Click Yes after the following warning appears:

If the paging file on volume X: has an initial size of less than xx megabytes, then the system may not be able to create a debugging information file if a STOP error occurs. Continue anyway?

(X is the drive letter and xx is the amount of RAM installed on your computer minus 1 megabyte.)

Click System Managed Size.

Click OK four times, and then restart the computer when you are prompted.

Let me know when that is done. I am hoping this will help to clear the Windows "serious error" issue, which is NOT related to malwares.

Proceed and do the OTL steps.

I won't be able to get back to this until very late this evening.

Edited March 16, 2010 by Maurice Naggar
Edited to add resetting of pagefile

[nevadagirl]

Boy changing the page file scared me alittle any how it was done hope I did it right .

Have a couple of question also :

1st one is when I go to start all programs ,an then to the start up why is the only thing in there the adobe

gammer an adobe gammer loader ? the files look wierd like the system does not no what file they are there in a

dos looking box .

my 2nd question is my page file usage runs at about 416 mb. Is that alot

my physical memory has a total of 1572080

I have available 901288 with a system cache of 918360 and my kernel total is 104648 paged is 67652 an

no paged is 36968

I was just wondering if maybe i have to much on my computer an maybe need to take off some the files an redo so not so much mb is taken on my system .

I dont no that much about how it runs , so If any help on that would come in handy as well

My last question have we found out what is making my system runs much CPU

_______________________________________________________________________________

LIke right now Im trying to write here an im looking at my errror blinking like really fast as i type so

I opened up my task manger to see if it was running high it say 416 of pf usage an when i type the cpu usage

keeps going up like here if i draw a line an i hold down the key to make the line_______ my arrow blinks really

fast . I can see my cpu usage go from about 4 percent to 100 in like two seconds , but it staying at about 46

cpu when typing an when i hold the key down it goes all the way up to 100 an trys to lock up really wierd .

Sorry for all the question just really confused as why its acting like this

Thanks for all you help an time

Heres your OTL file

OTL logfile created on: 3/16/2010 4:10:51 PM - Run 2

OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Nancy\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 31.59 Gb Free Space | 21.19% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NANCY-9161434C0

Current User Name: Nancy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/16 15:34:21 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.com

PRC - [2009/12/15 13:14:28 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/12/15 13:14:28 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/12/15 13:14:28 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/12/15 13:14:27 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/15 13:13:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2007/12/27 22:14:48 | 000,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2006/11/13 15:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/11/13 15:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

PRC - [2004/10/15 21:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe

PRC - [2004/08/24 19:12:14 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe

PRC - [2004/07/19 02:37:46 | 000,028,672 | ---- | M] () -- C:\Program Files\ULI5289\JMAP5289.exe

========== Modules (SafeList) ==========

MOD - [2010/03/16 15:34:21 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.com

MOD - [2004/10/15 20:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/15 13:13:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)

SRV - [2007/12/27 22:14:48 | 000,423,280 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

SRV - [2004/10/15 21:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)

SRV - [2004/08/24 19:12:14 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2008/09/19 13:08:10 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [smcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\Nancy\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm ()

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ebay.com ([search] https in Trusted sites)

O15 - HKCU\..Trusted Domains: liveops.com ([callcenter] https in Trusted sites)

O15 - HKCU\..Trusted Domains: liveops.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: liveops.com ([callcenter] https in Trusted sites)

O15 - HKCU\..Trusted Domains: proflowers.com ([homeadmin] https in Trusted sites)

O15 - HKCU\..Trusted Domains: proflowers.com ([www] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1152575217406 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1183634236703 (MUWebControl Class)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} https://calltaking2.workathomeagent.net/wal...hostexpress.cab (MicroX Persistent Mainframe Display Control)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://flowers-vpn.liveops.com/dana-cached...perSetupSP1.cab (JuniperSetupSP1 Control)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/07/10 16:05:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/16 15:32:51 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.com

[2010/03/14 23:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\DoctorWeb

[2010/03/14 02:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\ShinyTales

[2010/03/14 02:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Potion Bar

[2010/03/12 03:29:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/03/11 19:09:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/11 19:09:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/11 19:09:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/11 19:09:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/11 07:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Desktop\tutorial supplies

[2010/03/10 07:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Desktop\notes on pc

[2010/03/10 06:40:46 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/09 01:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Shaman Odyssey Tropic Adventure

[2010/03/08 04:10:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/08 03:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\AVG9

[2010/03/06 10:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/06 09:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/03/05 17:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\Malwarebytes

[2010/03/05 17:03:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/05 17:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/03/05 17:03:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/03/05 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/05 00:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2009/12/15 13:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/15 13:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/15 12:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/15 12:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/02 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2009/11/28 07:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2008/10/20 20:20:46 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll

[2008/10/20 20:20:45 | 000,692,224 | ---- | C] ( ) -- C:\Program Files\dtdr3260.dll

[2008/10/20 20:20:43 | 000,659,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll

[2008/10/20 20:20:43 | 000,339,968 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll

[2008/10/20 20:20:43 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\DUNZIP32.dll

[2008/10/20 20:20:43 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll

[2008/10/20 20:20:43 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll

[2008/10/20 20:20:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe

[2008/10/20 20:20:42 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll

[2008/10/20 20:20:42 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll

[2008/10/20 20:20:42 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll

[2008/10/20 20:20:42 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll

[2008/10/20 20:20:39 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll

[2008/10/20 20:20:38 | 000,153,152 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RecordingManager.exe

[2008/10/20 20:20:38 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll

[2008/10/20 20:20:37 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll

[2008/10/20 20:20:37 | 000,308,832 | ---- | C] (RealPlayer) -- C:\Program Files\rpbrowserrecordplugin.dll

[2008/10/20 20:20:37 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll

[2008/10/20 20:20:33 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll

[2008/10/20 20:20:28 | 000,098,304 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll

[2008/10/20 20:20:28 | 000,095,784 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll

[2008/10/20 20:20:28 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll

[2008/10/20 20:20:28 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll

[2008/10/20 20:20:25 | 000,214,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe

[2008/10/20 20:20:25 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe

[2008/10/20 20:20:25 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe

[2008/10/05 16:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2008/08/21 09:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2008/08/21 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google

[2008/08/21 09:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint

[2007/05/29 06:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM

[2007/05/29 06:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2007/05/29 06:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2007/04/29 11:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2007/02/11 05:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

[2007/01/28 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks

[2006/07/11 10:02:28 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

[2006/07/11 10:01:50 | 000,650,632 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2006/07/11 10:01:50 | 000,100,240 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2006/07/11 10:01:50 | 000,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2006/07/11 10:01:49 | 001,395,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2006/07/11 10:01:49 | 000,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2006/07/11 10:01:49 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys

========== Files - Modified Within 14 Days ==========

[2010/03/16 15:34:21 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.com

[2010/03/16 15:11:37 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/16 15:11:37 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/16 15:11:36 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/16 15:07:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/16 15:07:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/16 15:07:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/16 15:07:10 | 1609,879,552 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/16 15:05:54 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\Nancy\ntuser.dat

[2010/03/16 15:05:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nancy\ntuser.ini

[2010/03/16 12:34:59 | 000,000,465 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Sign In.url

[2010/03/15 20:39:48 | 057,179,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/03/15 06:51:57 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Governor of Poker.lnk

[2010/03/15 00:59:15 | 000,000,130 | ---- | M] () -- C:\WINDOWS\System32\tmp.files0

[2010/03/14 20:55:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/03/14 09:42:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/03/13 19:40:31 | 033,580,384 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\drweb-cureit.exe

[2010/03/12 02:22:39 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/11 10:00:23 | 003,887,257 | R--- | M] () -- C:\Documents and Settings\Nancy\Desktop\Combo-Fix.exe

[2010/03/10 06:40:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/03/06 10:03:27 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\NTREGOPT.lnk

[2010/03/06 08:44:18 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/05 17:03:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/05 03:55:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\HijackThis.lnk

[2010/03/05 00:30:30 | 000,000,785 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/03/03 09:20:33 | 000,008,404 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/03/02 21:38:46 | 006,376,086 | -H-- | M] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2010/03/15 06:51:57 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\Governor of Poker.lnk

[2010/03/15 00:28:06 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\tmp.files0

[2010/03/14 09:05:35 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\AVG Free Tray Icon.lnk

[2010/03/13 19:40:31 | 033,580,384 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\drweb-cureit.exe

[2010/03/11 19:09:42 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/11 19:09:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/11 19:09:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/11 19:09:42 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/11 19:09:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/11 10:00:20 | 003,887,257 | R--- | C] () -- C:\Documents and Settings\Nancy\Desktop\Combo-Fix.exe

[2010/03/10 06:40:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/10 06:40:48 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/03/06 10:03:27 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\NTREGOPT.lnk

[2010/03/05 17:03:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/05 03:55:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\HijackThis.lnk

[2009/12/20 19:06:11 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/12/15 04:36:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\housecall.guid.cache

[2009/10/29 19:16:17 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

[2009/08/27 15:44:10 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI

[2009/05/27 01:23:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\fusioncache.dat

[2009/04/28 03:56:32 | 000,000,265 | ---- | C] () -- C:\WINDOWS\fmachine.ini

[2009/04/27 00:16:37 | 000,004,272 | ---- | C] () -- C:\WINDOWS\IFiltSet.Ini

[2009/04/27 00:12:38 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/03/13 21:51:25 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini

[2009/03/02 00:05:48 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI

[2009/03/02 00:04:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll

[2009/03/02 00:04:50 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll

[2009/03/02 00:04:50 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll

[2009/03/02 00:04:50 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll

[2009/03/02 00:04:50 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll

[2009/03/02 00:04:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll

[2009/03/02 00:04:50 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/03/02 00:04:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2008/11/11 21:18:55 | 000,013,824 | -HS- | C] () -- C:\Program Files\Thumbs.db

[2008/10/20 20:23:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/10/20 20:20:46 | 000,000,568 | ---- | C] () -- C:\Program Files\fpsectbl

[2008/10/20 20:20:43 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg

[2008/10/20 20:20:39 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi

[2008/10/20 20:20:39 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm

[2008/10/20 20:20:39 | 000,040,154 | ---- | C] () -- C:\Program Files\realplay.chm

[2008/10/20 20:20:39 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon

[2008/10/20 20:20:39 | 000,011,444 | ---- | C] () -- C:\Program Files\frw.bmp

[2008/10/20 20:20:38 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf

[2008/10/20 20:20:38 | 000,000,685 | ---- | C] () -- C:\Program Files\RecordingManager.exe.manifest

[2008/10/20 20:20:33 | 000,053,098 | ---- | C] () -- C:\Program Files\presets.rnx

[2008/10/20 20:20:33 | 000,052,609 | ---- | C] () -- C:\Program Files\RealNetworks License.html

[2008/10/20 20:20:33 | 000,052,609 | ---- | C] () -- C:\Program Files\playrlic.html

[2008/10/20 20:20:33 | 000,050,548 | ---- | C] () -- C:\Program Files\RealNetworks License.txt

[2008/10/20 20:20:33 | 000,050,548 | ---- | C] () -- C:\Program Files\playrlic.txt

[2008/10/20 20:20:33 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat

[2008/10/20 20:20:31 | 000,638,892 | ---- | C] () -- C:\Program Files\normal.vs

[2008/10/20 20:20:31 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs

[2008/10/20 20:20:29 | 000,102,400 | ---- | C] () -- C:\Program Files\HXAudioDeviceHook.dll

[2008/10/20 20:20:27 | 000,001,030 | ---- | C] () -- C:\Program Files\autoplaylist.dat

[2008/10/20 20:20:27 | 000,000,050 | ---- | C] () -- C:\Program Files\strs23.dat

[2008/10/20 20:20:27 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat

[2008/10/20 20:20:25 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm

[2008/10/20 20:20:25 | 000,000,682 | ---- | C] () -- C:\Program Files\realplay.exe.manifest

[2008/10/20 20:20:25 | 000,000,207 | ---- | C] () -- C:\Program Files\subscription.rnx

[2007/05/23 02:56:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\$_hpcst$.hpc

[2007/02/23 08:09:01 | 000,000,910 | ---- | C] () -- C:\WINDOWS\nvrbm.ini

[2007/01/28 21:53:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini

[2007/01/28 02:42:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2007/01/27 05:59:58 | 000,006,144 | -HS- | C] () -- C:\Program Files\Common Files\Thumbs.db

[2007/01/11 02:41:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini

[2006/12/06 04:32:49 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/09/24 21:47:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini

[2006/09/04 18:20:51 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL

[2006/09/04 18:20:51 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini

[2006/08/29 03:01:58 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\tcw_config.cfg

[2006/08/18 05:40:31 | 000,008,404 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2006/08/14 20:19:37 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/08/06 01:32:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL

[2006/08/06 01:32:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL

[2006/08/06 01:32:14 | 000,000,487 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2006/07/29 10:11:26 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/07/29 08:28:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/23 22:00:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/07/11 10:02:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll

[2006/07/11 10:02:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll

[2006/07/11 10:01:50 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll

[2006/07/11 10:01:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

[2006/07/11 10:01:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

[2006/07/10 17:07:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/07/10 16:52:41 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006/07/10 16:52:41 | 000,003,204 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/04/30 02:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll

[2006/04/14 01:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll

[2006/04/14 01:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll

[2006/04/14 01:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll

[2004/10/15 20:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004/01/13 18:06:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBMLCNP.DLL

[2003/06/13 06:53:38 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbmcoin.ini

[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbmvs.dll

[2001/07/13 09:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

[1997/08/28 11:54:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IDCFG32.DLL

========== LOP Check ==========

[2006/08/06 01:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series

[2007/07/24 06:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze

[2010/02/10 23:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper

[2007/01/09 02:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2008/04/29 06:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games

[2009/12/15 13:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/13 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg

[2009/08/05 02:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge

[2009/07/15 14:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CupcakeCafe

[2009/09/12 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate

[2008/02/04 15:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames

[2006/08/01 04:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA

[2009/02/23 12:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames

[2009/09/06 02:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2

[2008/07/28 08:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17

[2008/07/28 08:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames

[2009/11/05 19:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo

[2008/10/22 21:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames

[2008/07/28 07:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2006/11/29 09:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo

[2008/02/21 14:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

[2009/08/05 15:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2009/03/18 21:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii

[2008/11/25 06:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc

[2008/07/12 21:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2010/02/02 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2010/02/02 22:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2009/11/19 05:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands

[2009/02/28 03:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin

[2009/10/25 20:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin_generic

[2010/01/05 22:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games

[2008/11/25 06:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher

[2007/05/16 00:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive

[2009/09/17 04:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom

[2009/11/02 01:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2009/01/07 22:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age

[2009/10/18 04:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople

[2008/12/23 02:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games

[2008/09/18 05:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games

[2007/01/07 21:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2008/09/05 02:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/02/27 08:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2009/02/08 04:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive

[2008/12/27 21:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive Ashtons Family Resort

[2008/07/13 00:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2006/07/29 09:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2010/03/05 04:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2007/06/21 16:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC

[2008/06/28 07:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

[2009/07/07 04:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure

[2010/02/21 04:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/06/28 00:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick

[2009/04/23 09:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2006/12/02 01:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2007/08/24 08:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2010/02/05 00:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2007/08/27 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\4200Series

[2010/03/13 20:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\4shared Desktop

[2006/08/01 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Aim

[2006/08/01 20:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\AIMPro

[2009/11/25 22:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Alawar

[2009/11/11 02:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Alien Skin

[2008/08/02 15:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Amaranth Games

[2007/01/09 04:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Ashampoo

[2007/06/16 00:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Audacity

[2010/03/08 03:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\AVG9

[2008/09/11 17:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\BeachPartyCraze

[2009/08/13 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\blg

[2008/02/04 19:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Bloom

[2008/08/02 04:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Blumentals

[2009/03/12 23:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Boolat Games

[2010/02/04 15:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Boomzap

[2009/08/05 02:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\CasualForge

[2006/08/01 04:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\EA

[2009/11/18 05:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\EcoRescue

[2009/03/25 16:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\eGames

[2010/02/10 04:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\EleFun Games

[2010/03/03 23:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Faerie Solitaire

[2007/11/18 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\funkitron

[2008/08/17 07:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Gaijin Ent

[2008/12/07 06:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GameInvest

[2008/08/29 17:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Gamelab

[2009/11/02 02:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GamesCafe

[2006/11/29 08:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Genimo

[2008/08/17 00:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Go-Go Gourmet Chef of the Year

[2009/01/23 03:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Graboid Inc

[2009/08/16 17:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GraveyardShift

[2007/12/21 01:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Home Sweet Home

[2009/06/04 10:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\HuruBeachParty

[2008/02/14 12:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ICAClient

[2010/02/19 00:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\IEPro

[2009/03/21 13:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Intenium

[2009/02/26 04:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ITTNord

[2009/01/06 21:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\iWin

[2009/10/25 20:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\iWin_generic

[2007/10/07 16:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Jane s Hotel

[2008/04/08 18:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Jane s Hotel Family Hero

[2007/01/02 02:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Jasc

[2008/01/27 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Juniper Networks

[2008/08/16 21:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Ludia

[2008/05/17 15:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Magic Seeds

[2009/06/14 07:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MagicBall4

[2008/04/21 23:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Meridian93

[2009/09/17 04:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Merscom

[2009/02/04 21:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MiniDm

[2009/12/09 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\My Games

[2008/11/23 15:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MysteryStudio

[2008/09/18 05:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Oberon Games

[2008/09/04 16:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Opera

[2008/09/12 03:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Paint Shop Pro 8

[2008/01/09 02:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Pi Eye Games

[2010/02/27 08:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\PlayFirst

[2008/10/28 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Pogo Games

[2008/09/18 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Reflexive Arcade

[2009/07/17 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Reflexive JanesZOO

[2007/08/05 08:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Sandlot Games

[2009/02/27 07:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ScreenSeven

[2009/04/03 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Shape games

[2010/03/14 02:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ShinyTales

[2008/05/04 20:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\StoneLoopsRE

[2009/09/26 02:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Sudden Games LLC

[2009/03/25 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\SulusGames

[2008/03/05 01:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Total Eclipse

[2009/06/28 00:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\UClick

[2009/04/23 09:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Viewpoint

[2008/07/09 23:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ViquaSoft

[2008/04/30 23:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Wildfire

[2007/02/16 18:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\WinPatrol

[2009/08/07 10:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\YoudaGames

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6C31E03

< End of report >

[Maurice Naggar]

Hi Nancy,

I wanted you to reset the pagefile to Windows standard default as a way to rebuild the pagefile, which i believe is 1 possible root cause of the "crash" issues, the ones with "serious error" recovery.

Hopefully you are no longer seeing that. right?

1st one is when I go to start all programs ,an then to the start up why is the only thing in there the adobe

gammer an adobe gammer loader ? the files look wierd like the system does not no what file they are there in a

dos looking box .

I can't tell exactly what you looked at?

When you go to Start button, and press All Pograms, you should see all the programs for your system.

my 2nd question is my page file usage runs at about 416 mb. Is that alot

my physical memory has a total of 1572080

Here is what OTL reports.

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free

Seems to me that is very adequate. But more than that, our "main" focus here is finding and removing malware.

Other issues beyond these, I'll have to refer you to other areas of the forum, like possibly PC Help.

Do NOT delete any files or programs on your own.

Unsure what to tell you about viewing in Task Manager. Really can't say now.

Here's our major focus: To see if any malware is left. And if found remove it.

To that end, give me a day to review your last logs.

By the way, the SilentRunners report did not show malware threats; so that is quite good sign.

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

Now, a small cleanup to take out orphaned entries for some toolbars & to suppress the auto-start-loading of Adobe Reader & Sun Java update checker, to hep a bit in speeding up when Windows is first starting. The latter 2 programs do not need to be started with Windows.

• Please double-click OTL.com to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  O4 - HKLM..\Run: [Adobe Reader Speed Launcher]
  O4 - HKLM..\Run: [sunJavaUpdateSched]
  :files
  C:\Documents and Settings\All Users\Application Data\TEMP:D6C31E03
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Q: Are the pc restart or crash issues gone?

Q: Are you still seeing 2 instances of Internet Explorer ( iexplore.exe ) ?

[nevadagirl]

Hi Maurice

OH my gosh that scared the pgeee out me it ran its scan an all ,then my desktop disappeared the otl just sat there saying complete on a blank desk top . I waited an waited nothing came up so , I had to do a manually reboot .

for the otl was frozen dead . Once I rebooted thou there was a run box sittin in the window for me . when i click on run it generated the file we needed sheeez scary for me lol

Now as far as the errors, I havent seen the one come up . Im still getting the one that says not enough memory every time i turn off my pc I get the error sitting there saying something about could not close because of not enough memory and it there every time i reboot ???

Also the 2 IExplore are still there ?????

And what i was talking about the adobe gamma and adobe gamma loader they are in my start up when you click start an it brings up all your programs an if you go to the startup it normal has nothing in it . Ive notice I have

in there the adobe gamma an the adobe gamma loader they are in start program then start up

here is the OTL scan

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.

File not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.

File not found.

========== FILES ==========

File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:D6C31E03 not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Nancy

->Temp folder emptied: 38597832 bytes

->Temporary Internet Files folder emptied: 94894683 bytes

->Java cache emptied: 4868192 bytes

->Flash cache emptied: 7198 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33432 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 6087543 bytes

Total Files Cleaned = 138.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.37.2 log created on 03172010_020923

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Maurice Naggar]

Nancy,

You managed well with the OTL run. Very good.

On virtual memory, see that your settings to not put an unnecessarily low limit on the "maximum" pagefile size.

Enlarging the initial size of your page file will help to reduce chance of the "low virtual memory" occurring.

Here's what I suggest for now. Go to your Desktop. Right click on My Computer.

Select properties. Click on Advanced Tab. Look at the Performance section and click on Settings button.

Click on the Advanced tab. Look at the Virtual Memory section.

Click Change button. in the Virtual memory window, select the Custom size

For now, I suggest setting initial size to 800

in the Maxium size box - put a very high number like 9999

Click OK and apply the changes.

The best article on this topic is "Virtual Memory in Windows XP" by Alex Nichol.

http://aumha.org/win5/a/xpvm.htm

Suggest you focus on following sections:

Where is the page file

Where do I set the placing and size of the page file

The article I cite is at a very advanced level; I hope it helps you a bit.

I will not address the Adobe "Gamma" items and likely leave that for you to address separately in the PC Help forum.

Again, my main objective here is to look for & help you remove malware.

This system has the program HijackThis, which you ran at the beginning.

Start HijackThis. Do a Scan and save log.

Copy and Paste a copy of the HijackThis log in your next reply here.

[nevadagirl]

ok heres the high this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:48:23 AM, on 3/18/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\ULI5289\JMAP5289.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152575217406

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183634236703

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/wal...hostexpress.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://flowers-vpn.liveops.com/dana-cached...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - (no CLSID) - (no file)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 9852 bytes

[Maurice Naggar]

Nancy,

I'm going ask you to use HijackThis to remove 1 unneeded entry.

Start HijackThis. Look for this line and place a checkmark against it.

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Otherwise, reviewing the HJT log, it looks good.

How is your system now ?

[nevadagirl]

OH I didnt run the high jack this with a window open . Maybe I should have were you could see both the iexplores that are running all it takes is to open one window just thought i should ask if you needed me to do that

[nevadagirl]

Hi Maurice thanks so much for all your help yes my computer is running alot smoother the cpu has really looking alot better an the processes have also decreased thanks again for your help..!!

I do have a question for you thou .. ??

I took this last scan. After taking off the last object you told me to take off .

I open up one window to see if both of the iexplores would show up.

There they are just as pretty as you please sitting there.

Did you ever figure out why both are running an why there using so much of my system cpu ?

Is this a error in the system that cannot be fix ??? Gosh I hope not !!

Also sorry about the delay in posting I was sitting here waiting to get a reply back from you . Did not relize you had already posted which had made a new page, I did not see duh !! Sorry for missing that an taking so long to reply back.

Heres the scan after taking out what you wanted ,an leaving open a page in explorer

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:21:44 PM, on 3/19/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\ULI5289\JMAP5289.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152575217406

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183634236703

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/wal...hostexpress.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://flowers-vpn.liveops.com/dana-cached...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - (no CLSID) - (no file)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 9866 bytes

[Maurice Naggar]

Hello Nancy,

We're going to remove 4 questionable DLL files out of the way. Then have you run a scan at Microsoft.

• Please double-click OTL.com to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :files
  c:\windows\system32\wininet(2)(2).dll
  c:\windows\system32\urlmon(2)(2).dll
  c:\windows\system32\iertutil(2)(2).dll
  c:\windows\system32\ieframe(3)(2).dll
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run an online scan at Microsoft using the link : http://onecare.live.com/site/en-us/center/howsafe.htm

Only do the Protection scan.

Reply back with the results and tell me, How is your system now ?

[nevadagirl]

Hi Maurice

I did the scan with otl like you said an have the scan report will post .

The other now is a diffent story I tired to go to ( http://onecare.live.com/site/en-us/center/howsafe.htm)

an do the scan but tired twice to do still would not let me an this is the report I keep getting

( instruction at 0x06410068 referenced memory at 0x6410064 the memory could not be written click ok to terninate the

program click on cancel to debug the [program )

I tired the debug thing , the first time around an this is what i got back from that .

<dr watson postmortem debugger has encountered a problem an needs to close . we are sorry for the inconvenience

we have created an error report for to send which I pushed send hopefully that was sent by dr watson >

Here the log report for otl

========== FILES ==========

c:\windows\system32\wininet(2)(2).dll moved successfully.

c:\windows\system32\urlmon(2)(2).dll moved successfully.

c:\windows\system32\iertutil(2)(2).dll moved successfully.

c:\windows\system32\ieframe(3)(2).dll moved successfully.

OTL by OldTimer - Version 3.1.37.2 log created on 03212010_054703

an the two iexplorer are still there those oh pesky thing want go away well at least one of them i mean (smile)

[Maurice Naggar]

Hello Nancy.

There's still the mystery with the Internet Explorer. <sighh>

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not nevadagirl and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close and save any open work documents/files. Close/exit any other of your open user program windows.

Close all occurences of Internet Explorer !!

Clear out all temp files

You have TFC from before.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

Step 2

• Please double-click OTL.com to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• At Upper left of OTL screen, underneath Output block click the Minimal Output button.
  
• In the File Scans block, checkmark the boxes for LOP Check and Purity
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  c:\windows\system32\*.dll /S
  c:\windows|iexplore;true;true;true /FP
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Quick Scan button.
  
• A new set of OTL.txt and Extras.txt will be produced.
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of OTL.txt in your next reply.
  

[nevadagirl]

Hi Maurice ,

Sorry I took a little while getting back to you on this but I was under the weather the last two day

still not feeling to good . I know I need to get this done , My problem is I went an did the internet scan to clean out to the old

files .When I went to use the OTL , I was reading were you had put down

{

[nevadagirl]

Hi Maurice

Been waiting for a response back from you ,Im sure your busy so , I decided to go ahead an ask you another question

before you answer the last one I have up .

After I rebooted some time last week , I have not been prompt to asking if I would like

to save my password for faster viewing of the next time I return to that certain web sites . Were is it I go to fix this I would truly appericate any information you could give on the matter .

Awaiting your help

[Maurice Naggar]

Hello Nancy,

My apologies for the delay in getting back to you. Let's hold off on the password-saving for later on.

This pc still has a mystery as to why it shows multiple IE running.

My prior response was off a bit about the color of the button to press. It is a pink one.

• Please double-click OTL.com to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• At Upper left of OTL screen, underneath Output block click the Minimal Output button.
  
• In the File Scans block, checkmark the boxes for LOP Check and Purity
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  c:\windows\system32\*.dll /S
  c:\windows|iexplore;true;true;true /FP
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the Pink-color button Quick Scan button. At top left of screen, it is second one in from top-left.
  
• A new set of OTL.txt and Extras.txt will be produced.
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of OTL.txt in your next reply.
  

[nevadagirl]

HI Maurice

Good to see your back . I just got back myself had to go to dallas to help my son move his warehouse . So I will rest for a

little . I will get right on this as soon as I get up in the morn Thank You Nancy