• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

rowdymom81

Full Member
  • Content count

    21
  • Joined

  • Last visited

About rowdymom81

  • Rank
    Member
  • Birthday

Contact Methods

  • ICQ
    0
  1. Tools have been cleaned up and a new restore point set. I'll get the Adobe Reader updated and work on defraging the disk. Everything appears to be working correctly. Thank you so much for your help. I am thankful for a place to go for help when this stuff shows up.
  2. AswCleaner run with no issues. Log follows: # AdwCleaner v2.104 - Logfile created 01/07/2013 at 15:27:00 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Default - OURHOME # Boot Mode : Normal # Running from : C:\Documents and Settings\Default\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\searchplugins\Web Search.xml File Deleted : C:\Documents and Settings\Default\Start Menu\eBay.lnk File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3 Folder Deleted : C:\Documents and Settings\Default\Application Data\Desktopicon Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\Conduit Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\ConduitEngine Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\CT1060933 Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\extensions\engine@conduit.com Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\FreeRIP3 Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\alot Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\719dba21aadbc5b8efd10b0ce0c290a1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=hp --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\prefs.js C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\user.js ... Deleted ! Deleted : user_pref("CT1060933..clientLogIsEnabled", true); Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Wed Nov 09 2011 14:31:41 GMT-0500 (Eastern Standard[...] Deleted : user_pref("CT1060933.CTID", "CT1060933"); Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Nov 09 2011 17:04:35 GMT-0500 (Eastern S[...] Deleted : user_pref("CT1060933.CommunityChanged", true); Deleted : user_pref("CT1060933.CurrentServerDate", "9-11-2011"); Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR"); Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri Oct 14 2011 07:36:46 GMT-0400 (Eastern Daylig[...] Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168"); Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Nov 07 2011 19:35:47 GMT-0500 (Eastern [...] Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983"); Deleted : user_pref("CT1060933.DownloadReferralCookieData", ""); Deleted : user_pref("CT1060933.EnableClickToSearchBox", false); Deleted : user_pref("CT1060933.EnableSearchHistory", false); Deleted : user_pref("CT1060933.EnableSearchSuggest", false); Deleted : user_pref("CT1060933.FirstServerDate", "23-2-2011"); Deleted : user_pref("CT1060933.FirstTime", true); Deleted : user_pref("CT1060933.FirstTimeFF3", true); Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false); Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT1060933.HasUserGlobalKeys", true); Deleted : user_pref("CT1060933.Initialize", true); Deleted : user_pref("CT1060933.InitializeCommonPrefs", true); Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT1060933.InstalledDate", "Wed Feb 23 2011 09:20:22 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT1060933.InvalidateCache", false); Deleted : user_pref("CT1060933.IsGrouping", false); Deleted : user_pref("CT1060933.IsMulticommunity", true); Deleted : user_pref("CT1060933.IsOpenThankYouPage", true); Deleted : user_pref("CT1060933.IsOpenUninstallPage", true); Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Wed Nov 09 2011 16:23:25 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT1060933.LastLogin_3.2.1.3", "Sat Mar 05 2011 07:07:40 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Sat Mar 26 2011 18:03:52 GMT-0400 (Eastern Daylight Time)"[...] Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Wed Nov 09 2011 16:23:39 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT1060933.LatestVersion", "3.8.0.8"); Deleted : user_pref("CT1060933.Locale", "en-us"); Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT1060933.MCDetectTooltipShow", false); Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT1060933.RadioIsPodcast", false); Deleted : user_pref("CT1060933.RadioLastCheckTime", "Wed Sep 07 2011 17:42:29 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0"); Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000"); Deleted : user_pref("CT1060933.RadioMediaID", "21504193"); Deleted : user_pref("CT1060933.RadioMediaType", "Media Player"); Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT1060933_RECENT21504193"); Deleted : user_pref("CT1060933.RadioStationName", "Blues%20HiFi"); Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://www.radioindy.com/jamroom/play.php?mode=radio&id=463"[...] Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT1060933.SearchBackToDefaultEngine", false); Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...] Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true); Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Wed Nov 09 2011 16:23:31 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT1060933.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Wed Nov 09 2011 16:23:37 GMT-0500 (Eastern Standard [...] Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Wed Nov 09 2011 17:04:35 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT1060933.SettingsLastUpdate", "1320839841"); Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Sun Oct 23 2011 11:31:41 GMT-0400 (Eastern Day[...] Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933"); Deleted : user_pref("CT1060933.UserID", "UN42635493654570567"); Deleted : user_pref("CT1060933.ValidationData_Search", 2); Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2); Deleted : user_pref("CT1060933.alertChannelId", "15651"); Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423"); Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F726B726E6F7275"); Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757871787475787B242F4B4947[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj3b:hj\"mbe", "247E61393F236B256F7770772A212C6E414F444[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj6bibi;cp??oc)til", "247E61393F236B256F6F74762A212C6E4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj?<da;\"mbe", "247E61393F236B25757073742A212C6E414F444[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjg9kdg<dh??'fdp", "247E61393F236B256E747229202B6D404E4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji=edi<dh??'rgj", "247E61393F236B256E7479722A212C6E414[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B307[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "3D6A3B3C723E6D437A44437274207A77794C254F52237E2A25[...] Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", ""); Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...] Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...] Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E3B683C727141707A467178457B79774B7C4B7A51"); Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F726B726E6F736F787179"); Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A"); Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E"); Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443"); Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D"); Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Deleted : user_pref("CT1060933.components.1000082", false); Deleted : user_pref("CT1060933.components.1001", true); Deleted : user_pref("CT1060933.components.1003", true); Deleted : user_pref("CT1060933.components.1004", true); Deleted : user_pref("CT1060933.components.129272674122038321", false); Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 16:23:43 GMT-0500 (Eastern [...] Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true); Deleted : user_pref("CT1060933.myStuffEnabled", true); Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...] Deleted : user_pref("CT1060933.testingCtid", ""); Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Wed Nov 09 2011 16:23:37 GMT-0500 (Eastern S[...] Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sat Aug 20 2011 23:22:10 GMT-0400 (Eastern D[...] Deleted : user_pref("CT1060933.usageEnabled", false); Deleted : user_pref("CT1060933.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT1060933"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.applian.com/freecorder-gadget/loader.[...] Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT1060933"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Nov 05 2011 21:58:19 GMT-04[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Nov 09 2011 16:23:46 GMT-0500 (Easte[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Nov 09 2011 17:04:35 GMT-0500 (Eastern S[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "2051ec53-a5c3-4e05-80c4-80f0db17c9e8"); Deleted : user_pref("CommunityToolbar.globalUserId", "64a97a98-6f93-437d-9a15-8729277a7134"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Nov 05 2011 17:23:25 GMT-0400 (Eastern Dayl[...] Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Nov 08 2011 16:23:44 GMT-0500 (Eastern St[...] Deleted : user_pref("ConduitEngine.FirstServerDate", "02/23/2011 17"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Feb 23 2011 09:20:14 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Nov 09 2011 16:23:42 GMT-0500 (Eastern Sta[...] Deleted : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Wed Feb 23 2011 09:20:12 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Sat Mar 26 2011 19:04:14 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Nov 09 2011 16:24:25 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Nov 09 2011 16:24:25 GMT-0500 (Eastern Standar[...] Deleted : user_pref("ConduitEngine.UserID", "UN48603294733998403"); Deleted : user_pref("ConduitEngine.engineLocale", "en-US"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Nov 09 2011 16:23:42 GMT-0500 (Easte[...] Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 16:23:47 GMT-0500 (East[...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true); Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&[...] Deleted : user_pref("socialfixer.696858125/typeahead_new", "for (;;{\"__ar\":1,\"payload\":{\"entries\":[{\"[...] ************************* AdwCleaner[s1].txt - [28137 octets] - [07/01/2013 15:27:00] ########## EOF - C:\AdwCleaner[s1].txt - [28198 octets] ########## I had to run EsetOnline scanner twice because I missed changing the Advanced Settings the first time. Here are thw 2 threat lists produced: C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\18\3fe0e952-5bfe5b05 a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\29\1387dbdd-380e0248 a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\56\556722b8-32cd7317 a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\8\6b4be448-3177bdde a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined C:\Documents and Settings\Default\Local Settings\Temp\plugtmp-34\plugin-ChangeLog.pdf JS/Exploit.Pdfka.NUS trojan cleaned by deleting - quarantined C:\Documents and Settings\Default\Desktop\Old icons\FCTBSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Documents and Settings\Default\Local Settings\Temp\afDGGfqp.exe.part a variant of Win32/InstallIQ application cleaned by deleting - quarantined C:\Documents and Settings\Default\My Documents\My Pictures\Threadhead Records\New MSR Website\Nine Lives Project\Nine Lives Vol 1\freeripmp3-setup.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined The search redirection appears to be gone. Is there anything else I need to do?
  3. It appears I have picked up a hijacker virus that is redirecting any address bar searches through Snap.do. I updated and ran Malware Bytes but nothing showed up. Here is that log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Default :: OURHOME [administrator] 1/6/2013 2:08:02 PM mbam-log-2013-01-06 (14-08-02).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 370437 Time elapsed: 2 hour(s), 3 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ________________________________________________________ DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Default at 11:40:54 on 2013-01-07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.951 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Documents and Settings\Default\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Logitech\Vid HD\Vid.exe C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Default\Local Settings\Application Data\Akamai\netsession_win.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\freecell.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\AOL Desktop 9.7\waol.exe C:\Program Files\AOL Desktop 9.7\shellmon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=hp uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe uRun: [AdobeBridge] <no file> mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HostManager] c:\program files\common files\aol\1243886711\ee\AOLSoftware.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [NPSStartup] <no file> mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\default\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBLauncher.exe StartupFolder: c:\docume~1\default\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{81E1311A-59B1-4827-8D0F-4912C275B04B} : DHCPNameServer = 24.25.5.60 24.25.5.61 TCP: Interfaces\{D11DAD85-9E52-4927-8C5B-CD6B223F37FF} : DHCPNameServer = 192.168.1.1 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\ FF - prefs.js: browser.startup.homepage - hxxp://lists.topica.com/my/ FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q= FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFEx6.dll FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFExt.dll FF - component: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\ToolbarFFHelper.dll FF - component: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\ToolbarFFHelper6.dll FF - component: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\ToolbarFFHelper7.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\photodex presenter\npPxPlay.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2012-12-22 11:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-10 233472] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-10 36608] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-30 845184] . =============== Created Last 30 ================ . 2013-01-07 15:01:24 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fb49b2a-fc97-4405-8719-1424b3b787d9}\mpengine.dll 2013-01-05 21:54:15 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 03:19:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 03:19:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-27 14:10:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-27 14:10:30 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-27 14:10:29 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-27 14:10:28 746984 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 11:41:26.18 =============== _____________________________________________________________________________ Security Check Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 9% ````````````````````End of Log`````````````````````` Thanks for any help you might give me to get my pc back in order.
  4. Done. Thanks, Nasdaq!
  5. Ok Everything is updated with no issues. Here's the JavaRa log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Aug 17 21:29:20 2010 Found and removed: C:\Program Files\Java\jre1.6.0 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_11 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_12 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_13 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_15 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_17 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_19 Found and removed: C:\Users\Rich Hardin\AppData\LocalLow\Sun\Java\jre1.6.0_20 Found and removed: Software\JavaSoft\Java2D\1.5.0_11 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\JavaPlugin.160 Found and removed: SOFTWARE\Classes\JavaPlugin.160_13 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_13 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_13 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: Software\Classes\JavaPlugin.160 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_13 Found and removed: Software\JavaSoft\Java2D\1.6.0 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_13 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
  6. I completed everything requested with no issues. Here are the logs. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:42:41 PM, on 8/15/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\BellSouthWCC\McciTrayApp.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wuauclt.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\Rich Hardin\Desktop\HijackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [bellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe O4 - HKLM\..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: CCC.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8438 bytes Results of screen317's Security Check version 0.99.5 Windows Vista Service Pack 2 (UAC is disabled!) Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee Security Scan Plus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner (remove only) Java 6 Update 13 Java SE Runtime Environment 6 Out of date Java installed! Adobe Flash Player 10.1.53.64 Adobe Reader 9.2 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` ComboFix 10-08-15.01 - Rich Hardin 08/15/2010 16:57:01.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1409 [GMT -4:00] Running from: c:\users\Rich Hardin\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 ))))))))))))))))))))))))))))))) . 2010-08-15 21:05 . 2010-08-15 21:05 -------- d-----w- c:\users\Rich Hardin\AppData\Local\temp 2010-08-14 23:42 . 2010-08-14 23:42 -------- d-----w- c:\users\Rich Hardin\AppData\Roaming\Malwarebytes 2010-08-14 23:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-14 23:42 . 2010-08-14 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-14 23:42 . 2010-08-14 23:42 -------- d-----w- c:\programdata\Malwarebytes 2010-08-14 23:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-15 20:39 . 2008-08-26 03:15 -------- d-----w- c:\program files\Viewpoint 2010-08-15 03:47 . 2010-07-09 03:06 -------- d-----w- c:\program files\McAfee Security Scan 2010-08-08 21:35 . 2009-08-26 02:32 -------- d-----w- c:\programdata\NOS 2010-08-05 03:07 . 2007-03-17 22:25 2378 ----a-w- c:\users\Rich Hardin\AppData\Roaming\wklnhst.dat 2010-07-09 03:06 . 2007-03-06 23:08 -------- d-----w- c:\programdata\McAfee 2010-07-09 03:06 . 2010-07-09 03:06 -------- d-----w- c:\programdata\McAfee Security Scan 2010-07-01 18:58 . 2010-07-01 18:58 -------- d-----w- c:\users\Rich Hardin\AppData\Roaming\ATI 2010-07-01 18:51 . 2010-07-01 18:48 -------- d-----w- c:\program files\ATI Technologies 2010-07-01 18:51 . 2010-07-01 18:51 10134 ----a-r- c:\users\Rich Hardin\AppData\Roaming\Microsoft\Installer\{B52CD188-A9A8-A527-FB21-98E7255CC561}\ARPPRODUCTICON.exe 2010-07-01 18:51 . 2010-07-01 18:51 10134 ----a-r- c:\users\Rich Hardin\AppData\Roaming\Microsoft\Installer\{0E57595A-1716-772F-7D63-F3C103F1F91F}\ARPPRODUCTICON.exe 2010-07-01 18:50 . 2010-07-01 18:50 9158 ----a-r- c:\users\Rich Hardin\AppData\Roaming\Microsoft\Installer\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe 2010-07-01 18:50 . 2010-07-01 18:50 10134 ----a-r- c:\users\Rich Hardin\AppData\Roaming\Microsoft\Installer\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}\ARPPRODUCTICON.exe 2010-07-01 18:48 . 2010-07-01 18:48 -------- d-----w- c:\program files\ATI 2010-06-03 02:05 . 2007-09-07 06:00 1356 ----a-w- c:\users\Rich Hardin\AppData\Local\d3d9caps.dat 2009-06-16 22:42 . 2009-11-14 17:44 52083 ----a-w- c:\program files\EULA.eng 2007-03-07 06:42 . 2007-03-07 06:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696] "lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040] "lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2008-03-27 16040] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096] "BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2007-12-04 1474048] "ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2007-12-04 1474048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\users\Rich Hardin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):72,67,bf,02,d7,56,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4123906346-1480791555-3363948429-1002] "EnableNotificationsRef"=dword:00000001 R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2010-05-06 90296] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-02 716272] S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [2008-02-27 594600] S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [2008-02-27 98984] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070307 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab FF - ProfilePath - c:\users\Rich Hardin\AppData\Roaming\Mozilla\Firefox\Profiles\c1w0j53z.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\kSolo\npAVX.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-Songbeat - c:\program files\Songbeat\uninst.exe AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-15 17:05 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4123906346-1480791555-3363948429-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDA1B912-A95A-5396-8071-4BB09F883382}*] "bbhkfapjnbjheedimpmjkdkiiglmmmdplkbc"=hex:61,61,00,00 "abhkfapjnbjheedimpblemlgpkmbbgigbp"=hex:61,61,00,00 [HKEY_USERS\S-1-5-21-4123906346-1480791555-3363948429-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c8,53,28,10,fa,72,cd,12,3c,4c,94,c8,71,28,66,d4,d8,2d,20,77,dc,9f,4e, b6,5b,e6,b5,99,7b,f9,2d,1b,57,08,18,86,82,22,55,fb,1a,a0,6d,d4,d4,50,d9,b1,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d [HKEY_USERS\S-1-5-21-4123906346-1480791555-3363948429-1002\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:1a,43,4e,57,0e,6f,85,ab,54,ac,04,cf,23,b3,24,f1,ec,df,e3,7f,94, cf,82,1e,b0,5b,60,c9,37,ad,38,ad,09,b2,c4,44,9c,02,c0,6a,a4,14,1b,cf,ee,28,\ "rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-08-15 17:09:34 ComboFix-quarantined-files.txt 2010-08-15 21:09 Pre-Run: 25,059,188,736 bytes free Post-Run: 25,068,896,256 bytes free - - End Of File - - 10C79219F702666BBC0D660CA4DC6CB6
  7. Logs for laptop can be found here: http://www.spywareinfoforum.com/index.php?/topic/129658-trouble-with-browser-redirection/
  8. Having trouble with browser redirects. I had to work around to get Malwarebytes downloaded... it wouldn't let me go to the home site to d/l it. I got it from elsewhere. Had to get the MBAM0rules file to update it. Ran it and cleared some 22 infections. Restarted and can now get to the MB home page. Here are the MB log and HijackThis log that were run AFTER the MB cleared what it could: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:59:51 PM, on 8/14/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\BellSouthWCC\McciTrayApp.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Rich Hardin\Desktop\HijackThis\HijackThis.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [bellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe O4 - HKLM\..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: CCC.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8917 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4363 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 8/14/2010 7:54:59 PM mbam-log-2010-08-14 (19-54-59).txt Scan type: Quick scan Objects scanned: 147234 Time elapsed: 7 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mswu-6286ad9a (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mswu-f36decbb (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.14,93.188.166.235 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{093a3236-f312-49cd-ac8e-18cea6a1a3a5}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.14,93.188.166.235 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ab950f1-f8f7-4479-8e3a-fe8721569964}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.14,93.188.166.235 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e3fe670-793f-4416-93a0-0df5d0810288}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.14,93.188.166.235 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e3fe670-793f-4416-93a0-0df5d0810288}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.14,93.188.166.235 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\6286ad9a.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\f36decbb.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\179317.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\1mYW1u.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\1u9m1g.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\55s5e.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\793179q.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\793m7gM.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\7a3k7yW.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\7o3o793.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\spool\prtprocs\w32x86\sK3179c.dll (Trojan.Dropper.Gen) -> Delete on reboot. C:\Windows\System32\spool\prtprocs\w32x86\sKUO5.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\17yW1uO.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\5555sK55g.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\555k555.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\79317931a.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\7mY17oC.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\9cE793e.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\9oC79uOCE.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\e7a31eI3.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Thanks for your help!
  9. Thanks, Nasdaq. I'll update my programs today. Stay tuned for a new topic for the other computer this evening. I'll alert you here when it's up. Thanks again for your help. I always know where to turn when things go bad with malware!
  10. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:20:17 PM, on 8/13/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9501 bytes _____________________________ Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Trend Micro Internet Security ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Adobe Flash Player 10.1.53.64 Adobe Reader 9.3.3 Mozilla Firefox (3.6.8) Mozilla Thunderbird (2.0.0) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro Internet Security UfSeAgnt.exe Trend Micro Internet Security SfCtlCom.exe Trend Micro BM TMBMSRV.exe TRENDM~1 INTERN~1 TmPfw.exe Trend Micro Internet Security TmProxy.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` No issues with anything here except TrendMicro stopped Notepad++ from connecting to the internet when the security check txt was being displayed. I've had no other issues since my son changed the DNS settings and discovered the wireless router still had the default username and password which have since been change. From what I understand from him, the laptop we use on our wireless network is still having issues with page redirections. Changing the DNS settings seem to have solved it for my computer and the other desktop on our network. Can I post the laptop's logs in this thread or do I need to open another thread for it?
  11. I'm unable to update my Trend Micro anti-virus or the Malwarebyte's antispyware - supposedly "no internet connection" in both cases. I was able to figure out a way to get the file to manually update the Malwarebytes and have run it both in safe mode (1st) and regular mode (2nd) and in both cases it found and "cleared" Adware.adon. I still can't get to Trend Micro to update so I know it's not gone. I'm also getting redirects to websites that TM warns are dangerous. I'd appreciate any help on this. 8/11 - Edited to add: It appears that all 3 computers on my wireless home network are having the same issue. Also, my son reminded me that we had to go in and change the DNS settings on 2 out of the 3 computers on our network a week or so ago to solve an issue with not being able to get online. 8/12 - Edited to add: My son was able to get the antivirus and Malewarebytes to update by changing the DNS setting. I'm not sure what else he did but I no longer am being redirected to sites that TrendMicro tags as dangerous and Malwarebytes and TrendMicro are showing no infections now. Whatever he did involved his computer and not mine so I am posting a new HijackThis log and a Malwarebyes log to see if there's anything else I need to do... Here are the 8/10 HijackThis & Malwarebytes logs: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:42:07 PM, on 8/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\AOL 9.1a\waol.exe C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AOL 9.1a\shellmon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b O4 - Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9794 bytes ______________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4363 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 8/10/2010 2:18:44 PM mbam-log-2010-08-10 (14-18-44).txt Scan type: Full scan (C:\|) Objects scanned: 230018 Time elapsed: 47 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{1048F732-650B-4BBE-B926-8C429C0DE3BC}\RP457\A0026725.exe (Adware.ADON) -> Quarantined and deleted successfully. _____________________________________________ Here are the 8/12 logs: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:53:19 PM, on 8/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AOL 9.1a\waol.exe C:\Program Files\AOL 9.1a\shellmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b O4 - Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9534 bytes __________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4420 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 8/12/2010 1:45:05 PM mbam-log-2010-08-12 (13-45-05).txt Scan type: Full scan (C:\|) Objects scanned: 231727 Time elapsed: 38 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. Hello again, I ran system scan on HJT, I cleaned up both the stumbleupon items. I also uninstalled the Google Toolbar (I didn't have anything relating to Google Desktop). I took off the older Java versions and downloaded the one you recommended to me. The comp. is a little faster now. My RAM is 384 MB. The only problem I had today was this: My AVG Sheild popped up with Threat Detected File Name: c:\system volume information\_restore {F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP935\A0095826.exe Threat Name: Trojan Horse Nakgo.B Here are my logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:14 PM, on 9/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Photodex\ProShow\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\Comp. Resources\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/28.35/uploader2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe -- End of file - 8867 bytes Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! AVG Free 8.5 `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Spybot - Search & Destroy Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 16 Adobe Flash Player 10 Adobe Reader 7.1.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: GOOD! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` Thanks Again!!!
  13. Joker, I have completed: running spybot and turning off Teatimer, downloading the program and deleting the flash cookies, deleting all cookies (there was no prompt allowing me to click "delete all offline content"). I ran the cleanmgr and cleaned the temporary files, temp internet files and recycle bin. I did uninstall Stumbleupon. I ran Malwarebytes and fixed the checked entries that you provided. I did not see the two files in window\system32\vowowono.dll or windows\system32\fonoriga.dll so I assume they are no longer there. My computer is still sluggish so is that an indication that there still may be an issue or is it now that I just have too many processes running? Here are my two new logs... Malwarebytes' Anti-Malware 1.40 Database version: 2754 Windows 5.1.2600 Service Pack 3 9/7/2009 8:01:33 PM mbam-log-2009-09-07 (20-01-33).txt Scan type: Quick Scan Objects scanned: 96984 Time elapsed: 10 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:01 PM, on 9/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Photodex\ProShow\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Owner\Desktop\Comp. Resources\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/28.35/uploader2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe -- End of file - 9585 bytes Thank you so much for all your help with these issues! Rowdymom81
  14. My computer is running slowly and I get warnings from AVG that I have an infection found. It tells me that it is a Trojanhorse generic in the system 32 files. I have run my AVG free edition (healed when asked), Spybot, Adware, Malware Bytes, Kaspersky Online Scan and Hijack This. I thought it had removed everything but when I rebooted it came back. I did read the FAQs. Log from Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:25:59 PM, on 9/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Photodex\ProShow\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\HPZipm12.exe C:\Documents and Settings\Owner\Desktop\Comp. Resources\HijackThisInstaller.exe C:\Documents and Settings\Owner\Desktop\Comp. Resources\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - ?p=ZK O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/28.35/uploader2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/insaniq...aploader_v6.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: c:\windows\system32\,C:\WINDOWS\system32\vowowono.dll c:\windows\system32\fonoriga.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: gohebazun - {a33107e2-c758-4c22-b64c-caa7da5f5fd8} - c:\windows\system32\fonoriga.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {a33107e2-c758-4c22-b64c-caa7da5f5fd8} - c:\windows\system32\fonoriga.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- End of file - 10760 bytes Log from Malware Bytes (todays and yesterday's) Malwarebytes' Anti-Malware 1.40 Database version: 2745 Windows 5.1.2600 Service Pack 3 9/5/2009 1:54:42 PM mbam-log-2009-09-05 (13-54-42).txt Scan type: Quick Scan Objects scanned: 96486 Time elapsed: 10 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malware Log from 2 days ago: Malwarebytes' Anti-Malware 1.40 Database version: 2738 Windows 5.1.2600 Service Pack 3 9/3/2009 7:35:27 PM mbam-log-2009-09-03 (19-35-27).txt Scan type: Quick Scan Objects scanned: 96072 Time elapsed: 10 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 15 Registry Values Infected: 3 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{feeec070-35eb-40c1-bc5b-90acc512d870} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{feeec070-35eb-40c1-bc5b-90acc512d870} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rebuninat (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hppwrsav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\SCANJET\PrecisionScanLT\hppwrsav.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\fyblb.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\pirep.exe (Trojan.Agent) -> Quarantined and deleted successfully. Kasperskey Log Saturday, September 5, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, September 05, 2009 20:10:01 Records in database: 2750142 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics Objects scanned 80113 Threats found 3 Infected objects found 5 Suspicious objects found 0 Scan duration 04:27:17 File name Threat Threats count C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine\01ff8fa6-2785-40ae-b8df-bfa3651d347e.pre Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine\b73227f5-22d5-45a7-a5b3-24e36d06a3ad.pre Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine\ca9ab1e8-c957-4892-99b6-24f75772bc93.pre Infected: Trojan.Win32.Monder.bzea 1 C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine\de2171d8-389f-4124-b413-84f2bc98898c.pre Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Documents and Settings\Owner\My Documents\My Music\All Music\Twilight Soundtrack robert pattinson -never think.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1 Thank you in advance for any help you are able to give! Jennifer
  15. Here ya go: Logfile of HijackThis v1.99.1 Scan saved at 7:01:21 PM, on 3/28/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE C:\Program Files\Common Files\AOL\1138083249\ee\AOLHostManager.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\1138083249\ee\AOLServiceHost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Photodex\ProShow\ScsiAccess.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\freecell.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\America Online 9.0a\waol.exe C:\Program Files\America Online 9.0a\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\PROGRA~1\WINZIP\wzqkpick.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Susan Hardin\Desktop\Computer Protection\HijackThis!\HijackThis.exe R3 - URLSearchHook: (no name) - {9298FAA9-9EB5-44DC-F106-A27732C11CD8} - sysmon12.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C84" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138083249\ee\AOLHostManager.exe O4 - HKLM\..\Run: [prcmon] ABCXYZ.exe O4 - HKLM\..\Run: [userSp1] mozilla-text.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKCU\..\Run: [forces_elite] TorontoMail.exe O4 - HKCU\..\Run: [teqq32] slamm.exe O4 - HKCU\..\Run: [dePloy] WhatsNewBot.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol.pogo.com/game/deluxe/insaniquar...aploader_v6.cab O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{590FB618-FD19-4EA6-B696-CB8C3042E90E}: NameServer = 205.188.146.145 O17 - HKLM\System\CCS\Services\Tcpip\..\{95DC1BEA-B6CE-4105-93C6-3C1786D9DF38}: NameServer = 85.255.116.37,85.255.112.85 O17 - HKLM\System\CS2\Services\Tcpip\..\{590FB618-FD19-4EA6-B696-CB8C3042E90E}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks for responding!