Erratic mouse, can't shut down, help

[DLGolfs]

I had to repost this from 4/2/2010 b/c no one replyed to it....

Every 3 months or so, I get sometihing that makes my mouse erratic and highlights everything, etc. and I can't shut down b/c the mouse doesnot work.

I have had malware running in the background and not had it running and it still happens. I know you are not suppose to run or post these files unless asked, but I have had this 4 times already and felt it was a waste of my time and yours, agreed?

Here are the files:

Combo fix

DDS

Attach

Highjack this

MBAM

thanks

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dorlaie Cleva at 6:56:56.81 on Fri 04/02/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1464 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Dorlaie Cleva\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.my.yahoo.com/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PCTVOICE] pctspk.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\dorlai~1\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher free\MailWasher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: ameritrade.com\research

Trusted Zone: ameritrade.com\wwws

Trusted Zone: craigslist.org\accounts

Trusted Zone: tdameritrade.com\www

Trusted Zone: tdameritrade.com\www.research

Trusted Zone: verisign.com\seal

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {05317530-B882-449D-9421-18D94FA3ED34} - hxxp://www.sis.com/ocis/OSInfo.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {16095503-786F-4097-AED6-5D567A26D760} - hxxp://www.sis.com/ocis/SiSAutodetectNT.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168723556050

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168723534669

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.omnitrader.com/omnitrader/cs/updaters/ot2008/installer/setup.ocx

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.omnitrader.com/omnitrader/cs/updaters/ot2008/installer/setup.exe

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nirvsys.webex.com/client/T26L/support/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sslportal.itxm.org/dana-cached/setup/JuniperSetupSP1.cab

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-29 11608]

R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2009-12-29 102912]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-4 93360]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-29 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-29 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-29 56816]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S0 ptapfpdo;ptapfpdo;c:\windows\system32\drivers\njrjxt.sys --> c:\windows\system32\drivers\njrjxt.sys [?]

S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\web download\microsoft windows\iso tool\vcdrom.sys --> c:\web download\microsoft windows\iso tool\VCdRom.sys [?]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2009-12-26 26112]

S3 netflx3;Compaq NetFlex-3/Netelligent Adapter Driver;c:\windows\system32\drivers\NetFlx3.sys [2007-1-13 65278]

=============== Created Last 30 ================

2010-04-02 10:34:23 98816 ----a-w- c:\windows\sed.exe

2010-04-02 10:34:23 77312 ----a-w- c:\windows\MBR.exe

2010-04-02 10:34:23 261632 ----a-w- c:\windows\PEV.exe

2010-04-02 10:34:23 161792 ----a-w- c:\windows\SWREG.exe

2010-03-17 23:52:35 0 d-----w- c:\program files\FireTrust

==================== Find3M ====================

2010-04-02 10:45:49 1536 ----a-w- c:\windows\system32\TrueSoft.dat

2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2002-06-24 19:46:58 3360 -c--a-r- c:\windows\inf\i386\cmiainfo.sys

2002-05-29 08:16:22 412623 -c--a-w- c:\windows\inf\i386\CMUDA.SYS

2002-05-14 07:30:42 28672 -c--a-w- c:\windows\inf\i386\UDAPROP.DLL

2001-11-23 04:08:20 712704 -c--a-w- c:\windows\inf\i386\AUDIO3D.DLL

2001-11-05 14:30:50 165376 ----a-w- c:\program files\UNWISE.EXE

2000-10-20 10:28:00 765952 -c--a-w- c:\windows\inf\i386\CRLDS3D.DLL

2008-06-19 22:37:36 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061920080620\index.dat

============= FINISH: 6:57:30.04 ===============

HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:13:14 AM, on 4/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Kerio\Personal Firewall\PERSFW.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: MailWasherFree.lnk = C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab

O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168723556050

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168723534669

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} (InstallShield Setup Player V14) - http://www.omnitrader.com/omnitrader/cs/up...aller/setup.ocx

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.omnitrader.com/omnitrader/cs/up...aller/setup.exe

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nirvsys.webex.com/client/T26L/support/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://sslportal.itxm.org/dana-cached/setu...perSetupSP1.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 7544 bytes

MBAM log

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/2/2010 7:11:31 AM

mbam-log-2010-04-02 (07-11-31).txt

Scan type: Quick scan

Objects scanned: 109122

Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach_4_2_2010.txt

Combo_Fix_4_2_2010.txt

Edited May 1, 2010 by Maurice Naggar
placed some logs In-Line

[Maurice Naggar]

Hello DLGolfs,

First, please STOP creating any more new topics (threads) about this issue. You have had about 3 threads about this same issue. This sub-forum is already very busy and your adding new ones does not help us nor you.

Second, STOP running Combofix on your own. That is a serious tool and should only be used with expert guided help.

Third, you have a long history of this problem going back a year.

I am asking for you to make a summary of all the things you've tried to fix the problem, including harware checks, and if you have tried re-installing the mouse driver.

As a sidenote, the likely reason you have not had a reply would be that your issue is a tough one to diagnose and is likely not caused by a malware infection. This sub-forum is for help on removing malware infections.

Question: Has MBAM shown that it found an infection? NO, it did not.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At -this time- of posting, the current definitions are # 4056 and the latest program version is 1.46

You will most likely be prompted to allow an update to version 1.46 Do answer positive and allow the update.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Question: Is your antivirus program up-to-date? and have you run a full scan with it?

There's a newer version of HijackThis. De-install (delete) the one you have now.

Download and SAVE >> HijackThis from here <<

Save the Hijackthis to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Reply with copy of the latest MBAM scan log

the new HijackThis log

and answer about antivirus.

Do NOT put any log as an attachment. Always Copy and Paste contents into the main body of reply box.

Edited May 1, 2010 by Maurice Naggar
added MBAM update

[DLGolfs]

Thank your for responding.

First, I posted on 4/2, then no response, had I not run combofix, I would be sitting here on 5/2 with an UNUSABLE machine. What was I to do? So I posted the 98 views post, still no response, so I posted another question and asked about my post and the person told me to repost. In the 98 views, there was not one person who said "complicated, get back to you, or I'll ask someone else" IN my estimation, it was missed. I posted on 4/28 in the 98 views, still no response, so I posted this one. Sorry, but I am not a mind reader and don't know that it is being worked on unless someone replies. I am sorry that this clogs up the forum , but someone should answer , then I would not respost.

Secondly, if I did not run combofix when I did, I would have an unusable machine AND I would not have been able to access the forum. So it is a double edge sword. If I don't run combo fix then I can't access the forum and if I do then you ........ONce I have the problem, I am toast.

Thirdly, if this is not malware, then what is it? It acts like malware... Here is what happens, I start machine, open outlook, all is fine, I go to the Internet, it start jumping around in about 90 seconds, then I can't click anything, I have to hard boot. After hard booting, as long as I stay off the Internet, problem never returns, go back on the Internet, then it comes back, I can do this over and over. AS soon as I see it jump one time, I download combofix to my desktop and DDS. I have combofix sitting on my desktop now waiting. I tried to find DDS software, but was unable to find it. If you have the link I would like to download it and just keep it for the future. LIke I said, my machine is useless once I have the problem and can't access these, so I have to be proactive. I have contacted Logitech and Microsoft and both say it is malware, hence why I post it here.

As for hardware, it is ok, I tried updating the mouse driver, but that does not get rid of the probem. Anyway, once I have the problem I can't get on the Internet at all.

This time is the first time that combofix fouond somthing in the 4 times I ran it.

I don't like running it wihtout help, but had to .

OK, I updateed malware bytes and attached file, installed new hijack this and attached file. SHould I delete all the BHO files? I see them on hijack this.

All is checked in malwarebytes

Antivirus is updated automatically daily. Avira

I run disc cleanup 2 times a week, sometimes dailly if I am on the internet a lot; have Avira and Kerio running. I no longer have Lavasoft running inthe background (it was the only malware that found a trojan horse, once when I had a problem) . I would like to have malwarebytes in the background, but it never finds anything, not even cookies...at least lavasoft found cookies and let me delete them. I have spyblaster running per this forum. I have SD helper of Spybot running (tea timer takes up too much RAM and really slows my computer down, so I quit using that.

Here are the files:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/2/2010 9:12:37 AM

mbam-log-2010-05-02 (09-12-37).txt

Scan type: Quick scan

Objects scanned: 135543

Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:48:49 AM, on 5/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Web Download\Spyware\HiJack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Tool Icon.lnk = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://www.reci-education.com

O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} -

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab

O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} -

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} -

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168723556050

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168723534669

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} -

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} (InstallShield Setup Player V14) - http://www.omnitrader.com/omnitrader/cs/up...aller/setup.ocx

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} -

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.omnitrader.com/omnitrader/cs/up...aller/setup.exe

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nirvsys.webex.com/client/T26L/support/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://sslportal.itxm.org/dana-cached/setu...perSetupSP1.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} -

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 9839 bytes

[Maurice Naggar]

First, know that if we can't get to the source of your recurring problem, I'll urge you to flatten (wipe clean) the HD and re-install Windows as a new install, followed by fresh install of your firewall, antivirus and all application programs.

It appears you have a recurring set of issues that are extremely hard to diagnose and fix.

Second, tools like Combofix are constantly being updated, so one should only get when it is needed.

Third and most important, while I'm helping you here, do NOT make changes or additions to software or hardware, nor run programs or tools without first checking with me here.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not DLGolfs and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

Step 4

You do not need INCD & Java update checker & the Adobe Reader speed launcher auto-started at each Windows startup.

I'm going to have you run this next to do that, but mainly only to cleanup after the other entries.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Click on Fix Checked when finished and exit HijackThis.

Close all browsers and all other programs that you have started.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Step 5

Please download >> DrWeb-CureIt << and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

• Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  
• After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  
• In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  
• Please be patient as this scan could take a long time to complete.
  
• When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  
• Click Select All, then choose Cure > Move incurable.
  
• In the top menu, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

Step 6

You need to make very sure your Nero and INCD software has all the latest patches/updates !!!

Step 7

Do this online scan while system is in Normal mode of Windows.

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad or Wordpad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://www.eset.com/onlinescan/cac4.php?page=faq

  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    

Step 8

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.
  

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of Dr Web Cure-it report
  
• the contents of OTL.txt
  
• the contents of Extras.txt
  
• the contents of checkup.txt
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[DLGolfs]

ON step 5, I let it run and it started to slow down on C:/windows/system32/advofnt5.dll and took 10 hours to go to C:/windows/system32/mspqm.sys. I let it run all night. I stopped the scan b /c I felt I should tellyou first before letting it scan for 24 hours. I can' imagine how long the second scan would take!

Do you want me to go forward with step 6 or what?

Edited May 3, 2010 by Maurice Naggar
removed quote section

[DLGolfs]

ON step 5, I let it run and it started to slow down on C:/windows/system32/advofnt5.dll and took 10 hours to go to C:/windows/system32/mspqm.sys. I let it run all night. I stopped the scan b /c I felt I should tellyou first before letting it scan for 24 hours. I can' imagine how long the second scan would take!

Do you want me to go forward with step 6 or what?

I tried twice and the same thing happened....

[Maurice Naggar]

You should have let DrWeb scan run as long as it took. On some systems, especially those with large numbers of files, it can take several hours. Proceed with the next steps I outlined.

[DLGolfs]

OK, I went back and let it run again. It has been 24 hours and it is on C:\.....rivers\etc\hosts.20090819-063427.backup. It is about 2/5 of the way done. Should I let it run? I think it will take about 3 more days at this rate. Is there something wrong? My HD is only 80MB and only 25 % full. so I don't have a lot of files.

What is your advise?

I see that this can be run from the Internet without going through safe mode....also, I don't see this process in task manager at all. I do see CPU being used "occasionally" but it is not constant.

I will wait for your advise.

I am using my work computer to leave this reply.

You should have let DrWeb scan run as long as it took. On some systems, especially those with large numbers of files, it can take several hours. Proceed with the next steps I outlined.

[Maurice Naggar]

Cancel the DrWeb scan altogether. At worst case, it should not be taking over 24 hrs.

I need for you to do steps 6,7, 8 from my prior reply.

and post the OTL logs + Checkup.txt

Give me an idea of how old this particular system is.

[DLGolfs]

Got up this AM and it is at 90% and is scanning the same file it did 10 hours ago. I think it may be "looping" . It scanned this particular file when the total was 5729 and now the total is 12644 and it is scanning it again.

I am letting it go and see if I can do the next step in the complete scan. If I see that it is going to take "days" then I will go to the next step.

JUst wanted to keep you infomed of my progress.

Good day!

[DLGolfs]

Sorry, since I have to use my work computer to access this forum, the scan went to the end without any problems. It did say that the "hosts" were changed probably due to some malicious item and to put them back to "default" which I opted to say yes. I hope that was OK.

I am running the complete scan now and a trojan horse was found. I will let it finish. I really think it was looping. It does not seam to be looping wtih the complete scan. Since it did find something, I would like to let it finish.

The MB is very old, Pent 4 and the HD is about 4 years old. I plan to buy a new MB (barebones machine, I built this one and others) and use the same HD in a month or so. I was going to do an XP repair and see if that went OK with the new MB but now I may just wipe it clean UGH, a lot of work. I have to contact microsoft b/c I have used all of my licenses for office and with the new installation, it probably will detect it and not let me. I will have to take a day off to do this.

I will let the complete scan finish and finish the rest of the steps and post all to this forum. I am off tomorrow and will have time to do this.

ty

[DLGolfs]

All done, here are the files:

RegUBP2b-Dorlaie Cleva.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

A0176589.reg;C:\System Volume Information\_restore{F04108B1-BDC4-45D4-8B41-E25EAB13A00F}\RP1276;Trojan.StartPage.1505;Deleted.;

A0176805.ocx;C:\System Volume Information\_restore{F04108B1-BDC4-45D4-8B41-E25EAB13A00F}\RP1280;Adware.Coupons.34;Incurable.Moved.;

A0180592.ocx;C:\System Volume Information\_restore{F04108B1-BDC4-45D4-8B41-E25EAB13A00F}\RP1315;Adware.Coupons.34;Incurable.Moved.;

A0182154.ocx;C:\System Volume Information\_restore{F04108B1-BDC4-45D4-8B41-E25EAB13A00F}\RP1324;Adware.Coupons.34;Incurable.Moved.;

A0184270.ocx;C:\System Volume Information\_restore{F04108B1-BDC4-45D4-8B41-E25EAB13A00F}\RP1348;Adware.Coupons.34;Incurable.Moved.;

A0185422.reg;C:\System Volume Information\_restore{F04108B1-BDC4-45D4-8B41-E25EAB13A00F}\RP1350;Trojan.StartPage.1505;Deleted.;

OTL logfile created on: 5/6/2010 11:22:42 AM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Dorlaie Cleva\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.15 Gb Total Space | 55.85 Gb Free Space | 59.96% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEAGATE

Current User Name: Dorlaie Cleva

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/06 11:22:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorlaie Cleva\Desktop\OTL.exe

PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/01/07 18:45:20 | 001,496,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe

PRC - [2009/01/07 18:45:16 | 000,440,200 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

PRC - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/06/26 05:52:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2003/10/30 08:12:42 | 000,180,224 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe

PRC - [2003/04/30 17:43:32 | 000,389,120 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall\PERSFW.exe

========== Modules (SafeList) ==========

MOD - [2010/05/06 11:22:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorlaie Cleva\Desktop\OTL.exe

MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LexBceS)

SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)

SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/03/23 18:06:38 | 000,880,128 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)

SRV - [2003/04/30 17:43:32 | 000,389,120 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio\Personal Firewall\persfw.exe -- (PersFw)

========== Driver Services (SafeList) ==========

DRV - [2010/01/06 19:29:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2009/12/30 07:39:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/11/04 22:12:25 | 000,093,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/04/13 15:41:22 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MemStPCI.SYS -- (MemStPCI) Sony Memory Stick controller (PCI)

DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/02/12 12:14:50 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)

DRV - [2007/09/11 15:40:30 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)

DRV - [2007/09/11 15:40:30 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)

DRV - [2007/08/01 23:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2006/09/20 16:25:00 | 004,107,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/05/19 15:44:52 | 003,965,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006/04/10 18:10:34 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2006/03/23 18:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs)

DRV - [2006/03/23 18:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)

DRV - [2006/03/23 18:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)

DRV - [2006/02/14 16:02:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)

DRV - [2004/08/04 01:31:34 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2003/11/25 11:04:44 | 000,356,159 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)

DRV - [2003/11/25 10:58:04 | 000,801,778 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)

DRV - [2003/10/30 15:08:14 | 000,070,320 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)

DRV - [2003/10/30 15:07:40 | 000,703,673 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)

DRV - [2002/04/15 13:28:32 | 000,102,912 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FWDRV.SYS -- (fwdrv)

DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/17 12:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)

DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001/08/17 08:11:36 | 000,065,278 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NetFlx3.sys -- (netflx3)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2008/07/26 07:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Mozilla\Extensions

[2008/07/26 07:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/05/05 15:29:39 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()

O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\Dorlaie Cleva\Start Menu\Programs\Startup\Tool Icon.lnk = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found

O15 - HKCU\..Trusted Domains: ameritrade.com ([research] https in Trusted sites)

O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)

O15 - HKCU\..Trusted Domains: auctiva.com ([www] http in Local intranet)

O15 - HKCU\..Trusted Domains: craigslist.org ([accounts] https in Trusted sites)

O15 - HKCU\..Trusted Domains: reci-education.com ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: tdameritrade.com ([www.research] https in Trusted sites)

O15 - HKCU\..Trusted Domains: verisign.com ([seal] https in Trusted sites)

O15 - HKCU\..Trusted Domains: wowpapers.com ([]http in Local intranet)

O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/ocis/SiSAutodetectNT.cab (SiS_OCX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} https://www.webiqonline.com/WebIQ/bin/WebIQ.cab (WebIQ Technology Client)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1168723556050 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1168723534669 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} http://www.omnitrader.com/omnitrader/cs/up...aller/setup.ocx (InstallShield Setup Player V14)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://www.omnitrader.com/omnitrader/cs/up...aller/setup.exe (Reg Error: Key error.)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nirvsys.webex.com/client/T26L/support/ieatgpc.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://sslportal.itxm.org/dana-cached/setu...perSetupSP1.cab (JuniperSetupControlXP Class)

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} Reg Error: Value error. (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Dorlaie Cleva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dorlaie Cleva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/01/13 16:47:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 11:21:58 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dorlaie Cleva\Desktop\OTL.exe

[2010/05/06 08:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/05/02 17:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorlaie Cleva\DoctorWeb

[2010/05/02 17:08:09 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dorlaie Cleva\Desktop\TFC.exe

[2010/05/02 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2 C:\Documents and Settings\Dorlaie Cleva\My Documents\*.tmp files -> C:\Documents and Settings\Dorlaie Cleva\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/06 11:22:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorlaie Cleva\Desktop\OTL.exe

[2010/05/06 06:28:17 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/05/06 06:27:47 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2EA152F1-FE3A-4F0C-A4A1-3C96D2EB2724}.job

[2010/05/06 06:25:01 | 000,013,714 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/06 06:24:58 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat

[2010/05/06 06:23:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/06 06:23:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/06 06:23:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/06 06:23:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dorlaie Cleva\ntuser.ini

[2010/05/06 06:23:06 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\ntuser.dat

[2010/05/06 06:23:00 | 000,816,016 | -H-- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Local Settings\Application Data\IconCache.db

[2010/05/06 06:21:40 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\DrWeb.csv

[2010/05/05 15:29:39 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/02 17:49:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/05/02 17:25:04 | 038,885,840 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\drweb-cureit.exe

[2010/05/02 17:14:06 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\HiJackThis.lnk

[2010/05/02 17:08:23 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorlaie Cleva\Desktop\TFC.exe

[2010/05/02 17:03:35 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\NTREGOPT.lnk

[2010/05/02 17:03:35 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\ERUNT.lnk

[2010/04/30 20:01:22 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/18 07:33:48 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\SpywareBlaster.lnk

[2010/04/14 20:07:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/04/08 08:30:30 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dorlaie Cleva\Start Menu\Programs\Startup\Tool Icon.lnk

[2 C:\Documents and Settings\Dorlaie Cleva\My Documents\*.tmp files -> C:\Documents and Settings\Dorlaie Cleva\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/06 06:21:40 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\DrWeb.csv

[2010/05/02 17:49:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/05/02 17:25:03 | 038,885,840 | ---- | C] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\drweb-cureit.exe

[2010/05/02 17:03:35 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\NTREGOPT.lnk

[2010/05/02 17:03:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\ERUNT.lnk

[2010/05/02 09:53:34 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Dorlaie Cleva\Desktop\HiJackThis.lnk

[2010/04/11 09:14:02 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dorlaie Cleva\Start Menu\Programs\Startup\Tool Icon.lnk

[2009/12/29 07:09:19 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FWDRV.SYS

[2009/12/20 08:55:38 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/06/15 06:28:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009/03/07 09:14:44 | 000,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini

[2009/02/13 08:25:53 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2009/01/28 07:37:10 | 000,000,622 | ---- | C] () -- C:\WINDOWS\RegGenie.ini

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/03/23 18:27:27 | 000,000,239 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI

[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2007/05/12 07:17:12 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2007/04/28 17:59:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/03/31 13:48:19 | 000,001,335 | ---- | C] () -- C:\WINDOWS\stock.INI

[2007/03/22 18:01:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2007/03/22 18:01:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2007/03/22 18:01:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

[2007/03/22 18:01:48 | 000,001,852 | ---- | C] () -- C:\WINDOWS\CMUDA.INI

[2007/03/21 21:59:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/03/21 21:30:27 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SiSAudioRack.ini

[2007/03/21 20:25:50 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007/03/18 22:11:59 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Nirvana.Ini

[2007/03/18 21:43:07 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\usaccess.dll

[2007/03/18 21:43:04 | 000,716,849 | ---- | C] () -- C:\WINDOWS\System32\Olapdbmg.dll

[2007/03/18 21:43:04 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\QP.dll

[2007/03/18 21:43:03 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll

[2007/03/18 21:43:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DTNHistoryLookup.dll

[2007/03/18 21:43:03 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

[2007/03/18 21:43:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DTNOptionChainLookup.dll

[2007/03/18 21:43:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DTNSymbolLookup.dll

[2007/03/18 21:43:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\IQ_API.dll

[2007/03/18 21:42:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll

[2007/03/18 21:42:48 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2007/03/18 21:04:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\powercd.ini

[2007/01/14 11:06:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll

[2007/01/13 19:47:37 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL

[2007/01/13 19:47:37 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL

[2007/01/13 19:47:37 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL

[2007/01/13 19:46:06 | 001,265,664 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll

[2007/01/13 19:46:06 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll

[2007/01/13 19:46:06 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll

[2007/01/13 19:46:06 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll

[2007/01/13 19:46:06 | 001,028,096 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll

[2007/01/13 19:46:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini

[2007/01/13 19:45:49 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll

[2007/01/13 19:45:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll

[2007/01/13 19:45:48 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL

[2007/01/13 19:45:48 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL

[2007/01/13 19:45:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL

[2007/01/13 19:41:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL

[2007/01/13 19:41:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL

[2007/01/13 19:41:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL

[2007/01/13 19:41:35 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL

[2007/01/13 19:39:44 | 000,000,845 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2007/01/13 19:12:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/09/20 16:25:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/09/20 16:25:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/09/20 16:25:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/09/20 16:25:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/09/20 16:25:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/09/20 16:25:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/09/20 16:25:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/08/11 06:00:52 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\VBSETUP.DLL

[2004/06/29 14:47:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys

[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/12/28 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery

[2009/12/23 09:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2009/12/20 08:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2009/02/14 10:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaLife

[2007/12/25 14:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nirvana Systems

[2010/04/06 07:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2010/04/06 08:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2010/04/25 08:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/03/18 22:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/12/24 08:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/11/02 19:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\GetRightToGo

[2008/02/25 08:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\ieSpell

[2007/01/14 10:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Interact Commerce

[2009/11/19 07:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Juniper Networks

[2009/12/16 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Leadertech

[2008/08/05 17:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\LinkedIn

[2008/11/15 08:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\LinkManager 4.0

[2010/04/17 08:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\MailWasherFree

[2009/02/13 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\MediaLife

[2009/01/18 15:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\OfficeUpdate12

[2008/12/06 10:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Safer Networking

[2008/10/08 18:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\SaffronOne

[2008/11/02 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Serif

[2009/02/21 08:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Stamps.com Internet Postage

[2007/12/18 07:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\TomTom

[2009/12/20 08:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\WholeSecurity

[2009/01/18 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorlaie Cleva\Application Data\Windows Search

[2010/05/06 06:28:17 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/05/06 06:27:47 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2EA152F1-FE3A-4F0C-A4A1-3C96D2EB2724}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 5/6/2010 11:22:42 AM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Dorlaie Cleva\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.15 Gb Total Space | 55.85 Gb Free Space | 59.96% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SEAGATE

Current User Name: Dorlaie Cleva

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = ComFile] -- Reg Error: Key error. File not found

.exe [@ = exefile] -- Reg Error: Key error. File not found

.hta [@ = htafile] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"427:UDP" = 427:UDP:*:Enabled:UDP427IN

"161:UDP" = 161:UDP:*:Enabled:UDP161OUT

"139:UDP" = 139:UDP:*:Enabled:UDP139OUT

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SBAAccountantHost.exe" = C:\Program Files\Microsoft Small Business\Office Accounting 2008\SBAAccountantHost.exe:*:Disabled:Accountant View -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0EE1CCB7-AA08-4320-A837-874CAB4CA186}" = OT2007

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D39530B-A75F-46E1-89E5-44D96DA79542}" = OT2008

"{1E335914-2010-47EE-ABD3-78AD2CF85623}" = OT2008

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25E85965-98A7-4ED8-89BE-AA85AF045934}" = OT2007

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 19

"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AA0A0C7-BAC1-4C60-B053-D8B9DE6A9114}" = OT2008

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2D09F836-0B68-4540-BF14-79C6AEDB909F}" = OT2007

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C76CF89-2097-4FBB-B02A-2DAC614477CC}" = OT2008

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{499A704A-5E04-4CAD-B220-55BC1C7A85B4}" = OT2007

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BB547CB-5043-4115-8A2B-FC4B60D035D9}" = OT2007

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{507A3444-6DBB-42A5-B5E4-CC8B424ED37C}" = OT2007

"{51C8741C-4A91-42A6-B6A2-CB891F7398A1}" = Kerio Personal Firewall 2.1.5

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin

"{657999D9-08DF-40EC-AF13-0B3896A54E55}" = OT2007

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8884C2A0-E106-43C9-B786-D47A8A17A0EF}" = OT2008

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AF397F20-24BB-11D7-AC6F-0050DA09345C}" = Advanced Analyzer

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BC26EB00-DB82-410A-A54B-92AB4933E413}" = OmniScan

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB83C61C-573E-4CC7-98A1-3D9AB71C2B20}" = OT2007

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FA5C04A0-5F77-4FA6-A47B-B9DE62254857}" = OT2007

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FFA2B2B6-3BDE-4728-B404-A16E0F853F6A}" = Microsoft Office Live Meeting 2005

"ActiveTouchMeetingClient" = WebEx

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"C-Media Audio" = C-Media Audio

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InCD!UninstallKey" = InCD

"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers

"MailWasher Free_is1" = MailWasher Free 6.5.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MGI_PRISM_V1_0" = MGI PhotoSuite II SE (Remove Only)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroVision!UninstallKey" = Nero Digital

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NMIX!UninstallKey" = NeroMIX

"NMPUninstallKey" = Nero Media Player

"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control

"PROR" = Microsoft Office Professional 2007

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"SpeedFan" = SpeedFan (remove only)

"SpywareBlaster_is1" = SpywareBlaster 4.3

"TomTom HOME" = TomTom HOME 2.7.3.1894

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WebIQ" = WebIQ Client Software

"Webster's New World Dictionary" = Webster's New World Dictionary

"WIC" = Windows Imaging Component

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ACT!" = ACT!

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/3/2010 5:57:02 AM | Computer Name = SEAGATE | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 5/3/2010 6:18:02 AM | Computer Name = SEAGATE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2010 6:24:13 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1508

Description = Windows was unable to load the registry. This is often caused by insufficient

memory or insufficient security rights. DETAIL - The process cannot access the

file because it is being used by another process. for C:\Documents and Settings\Administrator\ntuser.dat

Error - 5/3/2010 6:24:44 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1502

Description = Windows cannot load the locally stored profile. Possible causes of

this error include insufficient security rights or a corrupt local profile. If

this problem persists, contact your network administrator. DETAIL - The process

cannot access the file because it is being used by another process.

Error - 5/3/2010 6:24:44 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1515

Description = Windows has backed up this user's profile. Windows will automatically

try to use the backed up profile the next time this user logs on.

Error - 5/3/2010 6:25:15 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1511

Description = Windows cannot find the local profile and is logging you on with a

temporary profile. Changes you make to this profile will be lost when you log off.

Error - 5/3/2010 6:38:02 AM | Computer Name = SEAGATE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2010 6:38:09 AM | Computer Name = SEAGATE | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 5/3/2010 5:47:04 PM | Computer Name = SEAGATE | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

Error - 5/6/2010 6:24:10 AM | Computer Name = SEAGATE | Source = MSSQLServerADHelper | ID = 100

Description = '0' is an invalid number of start up parameters. This service takes

two start up parameters.

[ OSession Events ]

Error - 2/24/2009 7:10:54 AM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43707

seconds with 1980 seconds of active time. This session ended with a crash.

Error - 2/24/2009 9:06:36 PM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6403

seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/1/2009 12:28:42 PM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11865

seconds with 360 seconds of active time. This session ended with a crash.

Error - 3/3/2009 7:18:06 AM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42491

seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/10/2009 6:35:10 AM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 45324

seconds with 660 seconds of active time. This session ended with a crash.

Error - 3/14/2009 8:19:48 AM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 50828

seconds with 840 seconds of active time. This session ended with a crash.

Error - 3/14/2009 5:54:14 PM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 210

seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/30/2009 6:04:04 AM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 81171

seconds with 1200 seconds of active time. This session ended with a crash.

Error - 3/23/2010 7:00:33 AM | Computer Name = SEAGATE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4161

seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 5/6/2010 6:01:16 AM | Computer Name = SEAGATE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 5/6/2010 6:04:38 AM | Computer Name = SEAGATE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 5/6/2010 6:08:00 AM | Computer Name = SEAGATE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 5/6/2010 6:11:21 AM | Computer Name = SEAGATE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 5/6/2010 6:14:43 AM | Computer Name = SEAGATE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 5/6/2010 6:23:05 AM | Computer Name = SEAGATE | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/6/2010 6:24:24 AM | Computer Name = SEAGATE | Source = Service Control Manager | ID = 7024

Description = The SQL Server Active Directory Helper service terminated with service-specific

error 3221225572 (0xC0000064).

Error - 5/6/2010 6:24:24 AM | Computer Name = SEAGATE | Source = Service Control Manager | ID = 7023

Description = The Net Driver HPZ12 service terminated with the following error:

%%126

Error - 5/6/2010 6:24:24 AM | Computer Name = SEAGATE | Source = Service Control Manager | ID = 7023

Description = The Pml Driver HPZ12 service terminated with the following error:

%%126

Error - 5/6/2010 6:24:41 AM | Computer Name = SEAGATE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

< End of report >

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

Kerio Personal Firewall 2.1.5

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 19

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.3.2

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Kerio Personal Firewall persfw.exe

Windows Defender MsMpEng.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

AFter viewing theing files, pleasse advise. Also, I have to pay for a n update on Nero and i really should delete it b/c I don't use it anymore. the same for INCd, so I did not update them also, should I run TFC routinely AND disk cleanup or only disk cleanup or just TFC?

Thank you in advance foryou help.

[Maurice Naggar]

If you do not use Nero or INCD, then de-install them. I hazard a wild guess that having an out-of-date (un-updated) INCD may have caused issues at shutdown in the past.

You may keep and use TFC on a regular basis to empty out temporary files. You may in addition use Disk Cleanup.

See this topic in the AumHa Security forum and get the latest Java run-time

http://aumha.net/viewtopic.php?f=26&t=43792

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 20 from Sun Microsystems Inc.

Recalling what you stated way earlier

Thirdly, if this is not malware, then what is it? It acts like malware... Here is what happens, I start machine, open outlook, all is fine, I go to the Internet, it start jumping around in about 90 seconds, then I can't click anything, I have to hard boot. After hard booting, as long as I stay off the Internet, problem never returns, go back on the Internet, then it comes back, I can do this over and over. AS soon as I see it jump one time, I download combofix to my desktop and DDS. I have combofix sitting on my desktop now waiting. I tried to find DDS software, but was unable to find it. If you have the link I would like to download it and just keep it for the future. LIke I said, my machine is useless once I have the problem and can't access these, so I have to be proactive. I have contacted Logitech and Microsoft and both say it is malware, hence why I post it here.

I'm going to have you run Combofix with my guidance. and see what that shows.

But I really think you have some stability issues in your Windows that tends to indicate you need to save your personal files and other data, and then do a new build of Windows followed by installing your antivirus and then application programs.

Here's why: The snippets shown by OTL from the Windows event log should be of concern.

Error - 5/3/2010 6:18:02 AM | Computer Name = SEAGATE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2010 6:24:13 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1508

Description = Windows was unable to load the registry. This is often caused by insufficient

memory or insufficient security rights. DETAIL - The process cannot access the

file because it is being used by another process. for C:\Documents and Settings\Administrator\ntuser.dat

Error - 5/3/2010 6:24:44 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1502

Description = Windows cannot load the locally stored profile. Possible causes of

this error include insufficient security rights or a corrupt local profile. If

this problem persists, contact your network administrator. DETAIL - The process

cannot access the file because it is being used by another process.

Error - 5/3/2010 6:24:44 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1515

Description = Windows has backed up this user's profile. Windows will automatically

try to use the backed up profile the next time this user logs on.

Error - 5/3/2010 6:25:15 AM | Computer Name = SEAGATE | Source = Userenv | ID = 1511

Description = Windows cannot find the local profile and is logging you on with a

temporary profile. Changes you make to this profile will be lost when you log off.

Error - 5/3/2010 6:38:02 AM | Computer Name = SEAGATE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Copy and Paste into a reply the contents of C:\Combofix.txt

[DLGolfs]

OK, will do as you say.

YOu wrote:

But I really think you have some stability issues in your Windows that tends to indicate you need to save your personal files and other data, and then do a new build of Windows followed by installing your antivirus and then application programs.

Here's why: The snippets shown by OTL from the Windows event log should be of concern.

WHat does OTL stand for? What is a snippets, the results?

Are you thinking of a OS repair or new installation?

[Maurice Naggar]

When starting a reply, please only use the ADDReply button at bottom of forum screen. (bottom right side)

In your situation, I am more thinking a fresh (new) install of Windows, but first, make sure to backup all your personal files and documents to offline media before doing that.

OTL is the OTListit tool you have been using to report back here. The OTL log.

I put a part of it in my quote in the last reply. Snippets is a term I use to mean, a "portion" of it which I copied and quoted.

[DLGolfs]

Yes, but what does OTL stand for?

combofix run:

ComboFix 10-05-06.05 - Dorlaie Cleva 05/09/2010 7:23.9.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1528 [GMT -4:00]

Running from: c:\documents and settings\Dorlaie Cleva\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))

.

2010-05-07 18:34 . 2010-05-07 18:33 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-07 18:32 . 2010-05-07 18:32 79488 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll

2010-05-07 18:32 . 2010-05-07 18:32 152576 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\jre1.6.0_20\lzma.dll

2010-05-06 12:02 . 2010-05-06 12:02 -------- d-----w- c:\program files\ESET

2010-05-03 11:11 . 2010-05-03 11:11 -------- d-----w- c:\documents and settings\TEMP

2010-05-02 21:49 . 2010-05-02 21:49 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-05-02 21:34 . 2010-05-05 19:26 -------- d-----w- c:\documents and settings\Dorlaie Cleva\DoctorWeb

2010-05-02 21:03 . 2010-05-02 21:03 -------- d-----w- c:\program files\ERUNT

2010-05-02 13:53 . 2010-05-02 13:53 388096 ----a-r- c:\documents and settings\Dorlaie Cleva\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-09 11:19 . 2008-12-01 12:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-05-09 10:22 . 2007-03-22 00:06 1536 ----a-w- c:\windows\system32\TrueSoft.dat

2010-05-07 18:48 . 2007-03-19 11:32 -------- d-----w- c:\program files\Java

2010-05-07 18:41 . 2007-01-14 13:09 -------- d-----w- c:\program files\Ahead

2010-05-07 18:41 . 2007-01-14 13:09 -------- d-----w- c:\program files\Common Files\Ahead

2010-05-02 13:53 . 2007-07-27 11:14 -------- d-----w- c:\program files\Trend Micro

2010-05-02 13:01 . 2009-12-01 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-02 13:01 . 2009-12-18 00:51 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-04-29 19:39 . 2009-12-01 01:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2009-12-01 01:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-25 12:53 . 2009-12-29 11:22 -------- d-----w- c:\program files\SpywareBlaster

2010-04-17 12:51 . 2010-02-28 21:55 -------- d-----w- c:\documents and settings\Dorlaie Cleva\Application Data\MailWasherFree

2010-04-15 00:08 . 2008-11-02 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-06 12:23 . 2010-04-06 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-04-06 11:34 . 2010-04-06 11:32 912 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-04-06 11:18 . 2010-04-06 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-04-06 11:16 . 2010-04-06 11:16 -------- d-----w- c:\program files\Common Files\iS3

2010-03-30 22:18 . 2010-03-30 22:18 503808 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-17d049ac-n\msvcp71.dll

2010-03-30 22:18 . 2010-03-30 22:18 499712 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-17d049ac-n\jmc.dll

2010-03-30 22:18 . 2010-03-30 22:18 348160 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-17d049ac-n\msvcr71.dll

2010-03-30 22:18 . 2010-03-30 22:18 -------- d-----w- c:\program files\Common Files\Java

2010-03-30 22:18 . 2010-03-30 22:18 61440 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77993924-n\decora-sse.dll

2010-03-30 22:18 . 2010-03-30 22:18 12800 ----a-w- c:\documents and settings\Dorlaie Cleva\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77993924-n\decora-d3d.dll

2010-03-19 01:00 . 2009-07-04 12:42 -------- d-----w- c:\program files\SpeedFan

2010-03-17 23:52 . 2010-03-17 23:52 -------- d-----w- c:\program files\FireTrust

2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2006-06-23 16:33 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 14:16 . 2009-10-02 21:34 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 13:10 . 2003-03-31 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2002-08-29 01:04 2066816 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33 . 2006-08-16 12:14 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2001-11-05 14:30 . 2008-11-15 12:37 165376 ----a-w- c:\program files\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"PCTVOICE"="pctspk.exe" [2003-10-30 180224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Dorlaie Cleva\Start Menu\Programs\Startup\

Tool Icon.lnk - c:\program files\Avira\AntiVir Desktop\avgnt.exe [2009-12-29 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-3 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2006-03-02 11:22 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"usnjsvc"=2 (0x2)

"SQLWriter"=2 (0x2)

"SQLBrowser"=2 (0x2)

"ose"=2 (0x2)

"NVSvc"=2 (0x2)

"NetTcpPortSharing"=2 (0x2)

"MSSQL$MSSMLBIZ"=2 (0x2)

"LBTServ"=2 (0x2)

"InCDsrv"=2 (0x2)

"idsvc"=2 (0x2)

"OneTouch 4.0 Monitor"=2 (0x2)

"LexBceS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PCTVOICE"=pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\windows\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Small Business\\Office Accounting 2008\\SBAAccountantHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"427:UDP"= 427:UDP:UDP427IN

"161:UDP"= 161:UDP:UDP161OUT

"139:UDP"= 139:UDP:UDP139OUT

R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [12/29/2009 7:09 AM 102912]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/4/2009 10:12 PM 93360]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/29/2009 7:35 AM 108289]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

R3 netflx3;Compaq NetFlex-3/Netelligent Adapter Driver;c:\windows\system32\drivers\NetFlx3.sys [1/13/2007 11:29 AM 65278]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 ptapfpdo;ptapfpdo;c:\windows\system32\drivers\njrjxt.sys --> c:\windows\system32\drivers\njrjxt.sys [?]

S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\web download\Microsoft Windows\ISO Tool\VCdRom.sys --> c:\web download\Microsoft Windows\ISO Tool\VCdRom.sys [?]

S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [12/26/2009 3:21 PM 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:18]

2010-05-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-04-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-03 18:45]

2010-05-01 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-07-03 17:39]

2010-05-08 c:\windows\Tasks\User_Feed_Synchronization-{2EA152F1-FE3A-4F0C-A4A1-3C96D2EB2724}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ca.my.yahoo.com/

Trusted Zone: ameritrade.com\research

Trusted Zone: ameritrade.com\wwws

Trusted Zone: craigslist.org\accounts

Trusted Zone: reci-education.com\www

Trusted Zone: tdameritrade.com\www

Trusted Zone: tdameritrade.com\www.research

Trusted Zone: verisign.com\seal

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.omnitrader.com/omnitrader/cs/updaters/ot2008/installer/setup.ocx

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.omnitrader.com/omnitrader/cs/updaters/ot2008/installer/setup.exe

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe

MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe

MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-09 07:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-1677128483-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1512)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-05-09 07:34:39

ComboFix-quarantined-files.txt 2010-05-09 11:34

ComboFix2.txt 2009-12-20 17:33

Pre-Run: 59,767,779,328 bytes free

Post-Run: 59,732,025,344 bytes free

- - End Of File - - E24FD2919592F831807DEDF627083943

[Maurice Naggar]

OTL stands for OTList by OldTimer.

As I tried to mention before, there's no apparent malware laying about. And Combofix did not find anything.

But I urge you to save your documents & files & rebuild Windows system from scratch as a new install.

I suggest a clean (new) Windows XP Install:

Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

The following few steps will remove tools we used; followed by advice on staying safer.

If you have a problem with these steps, or something does not quite work here, do let me know.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix ), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Click Start, then click Run.
  In the run text box that opens, type or copy/paste ComboFix.exe /uninstall and then click OK.
  

• Please double-click OTL.exe to run it.
  
• Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.
  

• Run Disk Cleanup with the System Restore Cleanup as outlined here by Bert Kinney, MS MVP
  http://bertk.mvps.org/html/diskclean.html
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in WinXP:
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  Kaspersky Webscan Online Virus Scanner
  ESET Online Scanner
  Panda ActiveScan
  Trend Micro Housecall
  F-Secure Online Scanner
  
• Read Tony Klein's article How Did I Get Infected In The First Place
  
• Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.