Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help!! hjt log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: please help!! hjt log

Unread postby Sydney » November 9th, 2009, 7:18 pm

OTL txt logfiles-

OTL logfile created on: 11/9/2009 3:41:25 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\ruthie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 160.55 Mb Available Physical Memory | 17.96% Memory free
2.00 Gb Paging File | 0.75 Gb Available in Paging File | 37.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.21 Gb Total Space | 156.92 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RUTHIE-PC
Current User Name: ruthie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\ruthie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
PRC - C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
PRC - C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
PRC - C:\WINDOWS\System32\lxdkcoms.exe ( )
PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdkserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\LexBceS.exe (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\Lexpps.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\ruthie\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (nvsvc) -- C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (XAudioService) -- C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (lxdk_device) -- C:\Windows\System32\lxdkcoms.exe ( )
SRV - (lxdkCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe ()
SRV - (LightScribeService) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\WINDOWS\ehome\ehstart.dll (Microsoft Corporation)
SRV - (RoxMediaDB9) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (stllssvr) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LexBceS) -- C:\WINDOWS\System32\LexBceS.exe (Lexmark International, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\WINDOWS\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (mdmxsdk) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\S-1-5-21-3106860121-1881496160-2963117849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\S-1-5-21-3106860121-1881496160-2963117849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 20:11:54 | 00,000,000 | ---D | M]


O1 HOSTS File: (303907 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10470 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BhoMisc Class) - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (TrendProtect) - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll (Trend Micro Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Lexmark 5300 Series Fax Server] C:\Program Files\Lexmark 5300 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdkamon] C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
O4 - HKLM..\Run: [lxdkmon.exe] C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe ()
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [Washer] C:\Program Files\Washer\washer.exe File not found
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - HKLM..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3106860121-1881496160-2963117849-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resour ... cctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/securityadvisor/pestscan/pestscan.cab (PSFormX Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} http://riteaid.storefront.com/images/gl ... oad1_8.CAB (SFImageUpload1_8.ImageUpload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.144.187.101 204.186.0.203 207.44.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\trendprotect {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll (Trend Micro Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/26 07:06:55 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/09 15:39:38 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\ruthie\Desktop\OTL.exe
[2009/11/06 10:02:47 | 00,000,000 | ---D | C] -- C:\Users\ruthie\AppData\Roaming\Malwarebytes
[2009/11/06 10:02:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/06 10:02:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/06 10:02:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/06 10:02:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/06 10:02:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/06 10:00:55 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ruthie\Desktop\mbam-setup.exe
[2009/11/05 15:06:21 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/05 14:58:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\ErrorLogs
[2009/11/05 09:26:35 | 00,000,000 | ---D | C] -- C:\Users\ruthie\AppData\Roaming\uniblue
[2009/11/05 09:25:24 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/11/05 09:25:16 | 00,000,000 | -H-D | C] -- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2009/11/05 09:25:16 | 00,000,000 | -H-D | C] -- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2009/11/04 09:59:52 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 09:33:00 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/11/03 09:32:59 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/11/03 09:32:57 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/11/03 09:32:52 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/11/03 09:32:50 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/11/03 09:32:48 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/11/03 09:32:47 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/11/03 09:32:45 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/11/03 09:32:43 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/11/03 09:32:42 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/11/03 09:32:41 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/11/03 09:32:40 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/11/03 09:32:38 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/11/03 09:32:35 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/28 09:22:56 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 09:22:53 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 09:22:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/19 09:32:50 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/19 09:32:41 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/19 09:32:40 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/19 09:32:12 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/19 09:32:11 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/19 09:32:08 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/19 09:32:07 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/19 09:32:07 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/19 09:31:56 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/19 09:31:53 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/19 09:31:49 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/17 16:30:52 | 00,000,000 | ---D | C] -- C:\Users\ruthie\AppData\Roaming\WildTangent
[2009/10/17 14:46:09 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/12/28 14:27:57 | 01,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdkserv.dll
[2008/12/28 14:27:57 | 00,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdkusb1.dll
[2008/12/28 14:27:57 | 00,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdkhcp.dll
[2008/12/28 14:27:57 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdkinpa.dll
[2008/12/28 14:27:57 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdkiesc.dll
[2008/12/28 14:27:56 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdkpmui.dll
[2008/12/28 14:27:56 | 00,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdklmpm.dll
[2008/12/28 14:27:56 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdkprox.dll
[2008/12/28 14:27:55 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdkhbn3.dll
[2008/12/28 14:27:54 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdkcomc.dll
[2008/12/28 14:27:54 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdkcomm.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/09 15:40:07 | 05,767,168 | -HS- | M] () -- C:\Users\ruthie\ntuser.dat
[2009/11/09 15:39:49 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\ruthie\Desktop\OTL.exe
[2009/11/09 15:19:22 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBAF8C04-6106-431F-BC4D-5F308404B079}.job
[2009/11/09 15:18:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/09 15:18:01 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 15:18:01 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 15:17:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/09 15:17:20 | 93,800,8576 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 10:40:19 | 00,524,288 | -HS- | M] () -- C:\Users\ruthie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/09 10:40:19 | 00,065,536 | -HS- | M] () -- C:\Users\ruthie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/07 12:19:09 | 02,228,404 | -H-- | M] () -- C:\Users\ruthie\AppData\Local\IconCache.db
[2009/11/06 19:07:07 | 00,011,232 | ---- | M] () -- C:\Users\ruthie\Desktop\hijackthis11062
[2009/11/06 10:02:43 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 10:01:48 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ruthie\Desktop\mbam-setup.exe
[2009/11/05 21:23:10 | 00,140,727 | -H-- | M] () -- C:\Users\ruthie\Desktop\ZbThumbnail.info
[2009/11/05 19:50:23 | 00,024,576 | ---- | M] () -- C:\Users\ruthie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 15:25:21 | 00,000,490 | ---- | M] () -- C:\Users\ruthie\Desktop\log115 - Shortcut.lnk
[2009/11/05 15:22:35 | 00,000,519 | ---- | M] () -- C:\Users\ruthie\Desktop\info115 - Shortcut.lnk
[2009/11/05 15:00:16 | 00,000,709 | ---- | M] () -- C:\Windows\System32\CommandDispatchers.xml
[2009/11/05 15:00:04 | 00,001,349 | ---- | M] () -- C:\Windows\System32\cleaner-config.xml
[2009/11/05 09:25:25 | 00,001,007 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC 2009.lnk
[2009/11/04 09:48:31 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/04 09:48:31 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/04 09:48:31 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/30 20:26:04 | 00,001,874 | ---- | M] () -- C:\Users\ruthie\Desktop\HijackThis.lnk
[2009/10/30 08:53:27 | 01,769,000 | ---- | M] () -- C:\Users\ruthie\Desktop\FW_WRT54GSv7_7.50.7.013_EN_20090727.bin
[2009/10/29 14:52:46 | 00,000,680 | ---- | M] () -- C:\Users\ruthie\AppData\Local\d3d9caps.dat
[2009/10/29 14:37:20 | 14,415,4472 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/29 10:32:50 | 01,769,000 | ---- | M] () -- C:\Users\ruthie\Desktop\firmwareupdate.bin
[2009/10/19 09:25:09 | 03,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/17 15:50:22 | 05,767,168 | -HS- | M] () -- C:\Users\ruthie\ntuser.dat_previous
[2009/10/15 18:24:13 | 00,000,133 | ---- | M] () -- C:\Users\ruthie\Desktop\Schuylkill Parcel Locator.url
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/06 19:07:07 | 00,011,232 | ---- | C] () -- C:\Users\ruthie\Desktop\hijackthis11062
[2009/11/06 10:02:43 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 15:25:21 | 00,000,490 | ---- | C] () -- C:\Users\ruthie\Desktop\log115 - Shortcut.lnk
[2009/11/05 15:22:35 | 00,000,519 | ---- | C] () -- C:\Users\ruthie\Desktop\info115 - Shortcut.lnk
[2009/11/05 15:00:11 | 00,000,709 | ---- | C] () -- C:\Windows\System32\CommandDispatchers.xml
[2009/11/05 15:00:03 | 00,001,349 | ---- | C] () -- C:\Windows\System32\cleaner-config.xml
[2009/11/05 09:25:25 | 00,001,007 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC 2009.lnk
[2009/10/30 20:26:04 | 00,001,874 | ---- | C] () -- C:\Users\ruthie\Desktop\HijackThis.lnk
[2009/10/30 09:11:28 | 02,228,404 | -H-- | C] () -- C:\Users\ruthie\AppData\Local\IconCache.db
[2009/10/30 08:53:15 | 01,769,000 | ---- | C] () -- C:\Users\ruthie\Desktop\FW_WRT54GSv7_7.50.7.013_EN_20090727.bin
[2009/10/30 08:39:39 | 93,800,8576 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/29 10:31:46 | 01,769,000 | ---- | C] () -- C:\Users\ruthie\Desktop\firmwareupdate.bin
[2009/10/15 18:24:12 | 00,000,133 | ---- | C] () -- C:\Users\ruthie\Desktop\Schuylkill Parcel Locator.url
[2009/09/28 09:11:48 | 00,000,105 | ---- | C] () -- C:\ProgramData\lxdk
[2009/03/09 19:24:48 | 00,000,680 | ---- | C] () -- C:\Users\ruthie\AppData\Local\d3d9caps.dat
[2009/02/21 10:09:51 | 00,000,276 | ---- | C] () -- C:\Users\ruthie\AppData\Roaming\wklnhst.dat
[2008/12/28 14:33:46 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdkcoin.dll
[2008/12/28 14:30:57 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXDKPMON.DLL
[2008/12/28 14:30:57 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXDKFXPU.DLL
[2008/12/28 14:30:36 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdkoem.dll
[2008/12/28 14:28:12 | 00,000,060 | ---- | C] () -- C:\Windows\System32\lxdkrwrd.ini
[2008/12/28 14:27:58 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdkinst.dll
[2008/12/28 14:27:55 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdkgrd.dll
[2008/10/09 13:44:04 | 00,000,643 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/09/08 14:53:09 | 00,024,576 | ---- | C] () -- C:\Users\ruthie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 14:51:05 | 00,092,016 | ---- | C] () -- C:\Users\ruthie\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/05/22 12:22:21 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdkdrs.dll
[2007/05/22 05:10:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdkcaps.dll
[2007/02/26 06:43:57 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/02/26 06:43:57 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/02/14 09:35:07 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdkcnv4.dll
[2007/01/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 02:00:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 02:00:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/07/31 20:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdkvs.dll
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll
[2004/09/16 15:24:26 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


extras logfile -

OTL Extras logfile created on: 11/9/2009 3:41:25 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\ruthie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 160.55 Mb Available Physical Memory | 17.96% Memory free
2.00 Gb Paging File | 0.75 Gb Available in Paging File | 37.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.21 Gb Total Space | 156.92 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RUTHIE-PC
Current User Name: ruthie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1B5C0D-D143-44E3-BCDC-A00E85313301}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"{0E597EF2-FBD0-41A2-8FA2-D54AF3AE33BF}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"{1506AAA7-B3F6-4FD2-A068-E71AFE91FB22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29A943D8-111A-4828-BE46-52CDE466F5C7}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"{2C52C4A1-8AD3-46C2-8D0A-BB298F29B22B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
"{313AB2DC-2862-4463-B698-0567713CC168}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3B790114-8FDD-4F7D-80E5-71A8EE52A682}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4146A4DF-B531-491C-B824-28E934C62A4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{51A086B9-E7FC-48C0-8BA1-DF9A4F3BF7B2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6021082D-64B4-4F03-B8C4-6BF12EF206CA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe |
"{62FC72A2-772F-49FC-BC25-0058E3A02F7B}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{668BFB96-0523-40E6-9910-84491F3E2F83}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe |
"{68A7E305-8F20-4510-83EF-437B483125B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{697C44FF-6ED1-489D-9273-61FD1F8B0F89}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7DEF628A-FBE2-4001-B959-A663958A76EC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8E3E8733-0D67-48E0-8D7A-09B45A88C07D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{93BDD062-B3B4-4411-8636-664F54563295}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"{990300E6-7E5B-4438-92AE-3D784E40F07F}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{9D043C26-B92F-4DBA-BF37-CFA0404FBC05}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{9DA63294-17E5-4D81-83DA-DB416E7FF69B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A35808B9-16AF-4D44-9363-6011A6EC7318}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"{AAD673D0-65F5-40E2-9CAB-D1F542231B80}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe |
"{BD9ADFD6-62E0-422A-BA35-0EE099D8446F}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkfax.exe |
"{C3BDB26F-1717-43F7-9AEA-4E87575DF170}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkfax.exe |
"{CBCCD568-9AA3-48C9-B6BC-1CC8B5F8B352}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe |
"{DA6042A8-2413-4A03-9106-CDD68D15C7BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkwbgw.exe |
"{E15C6B48-2B47-4912-9531-CEEB005803D3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkwbgw.exe |
"{E20D7F4A-62AF-4335-9917-1567067C56A1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E2311E62-23E7-4E4E-8B47-3FF4CD227658}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe |
"{E7394016-D505-4368-B585-3529F8096ECA}" = protocol=6 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
"{F16F0912-B06F-4323-B979-8BCE7F1C6259}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe |
"{F51ED739-A5F4-4B2D-BD5D-123DB12C16D0}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"{F69070C0-00B2-4BA3-9FA9-4C2136CC39E8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FB3443AE-F7CD-419B-AB72-71B4AD8C72B4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{4545D1D6-93AA-49D4-BDFF-B1C99EB5E06D}C:\program files\lexmark 5300 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"TCP Query User{573F2771-F7FE-4582-980C-75BC464DA572}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"TCP Query User{91397331-72C4-4CEE-9677-8269EE89EBD7}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"TCP Query User{AC11657F-3C32-4C01-951E-D7363AE22CC5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AD5088CF-524F-450E-BF5C-52CD5B728B36}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2DC574E2-51A6-42D2-BE6A-F950E918720F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2F0EC382-F1C1-4B76-A2AE-F3229581DE04}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{857B75B7-6D06-40DC-B16E-DD524D81D45E}C:\program files\lexmark 5300 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"UDP Query User{B2FDEECF-F886-4161-8C56-C9EDEBAEF63E}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"UDP Query User{BA79E65D-A203-4714-AC3D-5C44520BAA5D}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}" = HP Total Care Advisor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5462C8A-D08C-4163-8293-82F2E11A2760}" = Trend Micro TrendProtect for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"avast!" = avast! Antivirus
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EsetOnlineScanner" = ESET Online Scanner
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 5300 Series" = Lexmark 5300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Window Washer" = Window Washer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/19/2009 7:50:32 PM | Computer Name = ruthie-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 4/17/2009 12:17:29 PM | Computer Name = ruthie-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\System32\spool\PRINTERS\FP00000.SHD failed, 00000005.

Error - 8/3/2009 10:15:49 PM | Computer Name = ruthie-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\ruthie\AppData\Roaming\Real\Rhapsody\1.sqlite\local.seb failed, 00000005.


Error - 8/15/2009 12:41:38 PM | Computer Name = ruthie-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\ruthie\AppData\Local\Temp\Cddb\11054336\cddb.db failed, 00000005.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm
Advertisement
Register to Remove

Re: please help!! hjt log

Unread postby Sydney » November 9th, 2009, 9:29 pm

ignore this
Last edited by Sydney on November 9th, 2009, 11:27 pm, edited 1 time in total.
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby Sydney » November 9th, 2009, 9:39 pm

ignore this
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby Sydney » November 10th, 2009, 10:59 pm

do you have info you needed from me?
let me know....
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby peku006 » November 11th, 2009, 10:07 am

Hi Sydney

Double click on OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: Select all
:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop	

:Commands
[emptytemp]
[Reboot]


Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log and a new HJT log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: please help!! hjt log

Unread postby Sydney » November 11th, 2009, 11:24 pm

OTL LOG -

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ruthie
->Temp folder emptied: 32041 bytes
->Temporary Internet Files folder emptied: 2168400 bytes
->Java cache emptied: 24150930 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 714729857 bytes
%systemroot%\System32 .tmp files removed: 3297280 bytes
Windows Temp folder emptied: 1672 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 709.93 mb


OTL by OldTimer - Version 3.1.4.0 log created on 11112009_221234

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


HJT LOG -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:50 PM, on 11/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
C:\Program Files\Lexmark 5300 Series\lxdkamon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\WerCon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SUMP.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Users\ruthie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKI34JIT\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\ruthie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdkmon.exe] "C:\Program Files\Lexmark 5300 Series\lxdkmon.exe"
O4 - HKLM\..\Run: [lxdkamon] "C:\Program Files\Lexmark 5300 Series\lxdkamon.exe"
O4 - HKLM\..\Run: [Lexmark 5300 Series Fax Server] "C:\Program Files\Lexmark 5300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "ruthie"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "ruthie"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} (SFImageUpload1_8.ImageUpload) - http://riteaid.storefront.com/images/gl ... oad1_8.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
O23 - Service: lxdk_device - - C:\Windows\system32\lxdkcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12039 bytes


thanks...
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby peku006 » November 13th, 2009, 11:45 am

Hi Sydney

1 - Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender

2- Remove bad HijackThis entries
  • Run HijackThis
  • right click on the HijackThis icon, choose "Run as Administrator"
  • Put a check beside all of the items listed below (if present):

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

After that, Reboot.

Please reply with

a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: please help!! hjt log

Unread postby Sydney » November 13th, 2009, 2:48 pm

Removed only 02, no r1 or r0 noted. Turned windows defeneder back on, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:41 PM, on 11/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Lexmark 5300 Series\lxdkamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdkmon.exe] "C:\Program Files\Lexmark 5300 Series\lxdkmon.exe"
O4 - HKLM\..\Run: [lxdkamon] "C:\Program Files\Lexmark 5300 Series\lxdkamon.exe"
O4 - HKLM\..\Run: [Lexmark 5300 Series Fax Server] "C:\Program Files\Lexmark 5300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "ruthie"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "ruthie"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} (SFImageUpload1_8.ImageUpload) - http://riteaid.storefront.com/images/gl ... oad1_8.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
O23 - Service: lxdk_device - - C:\Windows\system32\lxdkcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11201 bytes
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby peku006 » November 13th, 2009, 3:18 pm

Hi Sydney

1 - Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 16
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

2- Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: please help!! hjt log

Unread postby Sydney » November 14th, 2009, 8:25 pm

I had to choose java 6 update 17, could not locate a 6. There is no icon on desktop for this though. add/remove programs java 6 update 17 only java found so no program removed.
attemped to do kaspersky online virus scan but was directed to choose a file to check. unsure of how to proceed with this.

fyi- i returned to my computer to find a blue screen indictating a physical memory (?) dump was in process but it restarted again and returned to this blue screen where I saw - display driver .. recover from timeout has failed... ? upon a hard shut down it restarted at this point without blue screen .

thanks again for the help...
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby peku006 » November 15th, 2009, 5:22 am

Hi Sydney


:oops: I made a mistake, the newest version of java is "update 17".....

we can use the Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: please help!! hjt log

Unread postby Sydney » November 15th, 2009, 3:19 pm

prior to running eset disable defender and avast protection - ran eset, no log file found in search or opened upon completion of scan.
ESET reads: Scanned Files 146246
Infected Files 0
Cleaned files 0
Total Scan time 1:49:45
Scan Status Finished

I have not run an updated HJT log please let me know if I should look elsewhere for the eset log.

thanks.....
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby peku006 » November 15th, 2009, 4:00 pm

Hi Sydney


eset did not find anything "bad"

Infected Files 0
Cleaned files 0

Send a fresh HjT log

How's the computer running now? Any problems?

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: please help!! hjt log

Unread postby Sydney » November 15th, 2009, 6:42 pm

new hjt log -
when I log on homepage still reads m.www.yahoo.com
not www.yahoo.com.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:50 PM, on 11/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
C:\Program Files\Lexmark 5300 Series\lxdkamon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdkmon.exe] "C:\Program Files\Lexmark 5300 Series\lxdkmon.exe"
O4 - HKLM\..\Run: [lxdkamon] "C:\Program Files\Lexmark 5300 Series\lxdkamon.exe"
O4 - HKLM\..\Run: [Lexmark 5300 Series Fax Server] "C:\Program Files\Lexmark 5300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "ruthie"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "ruthie"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} (SFImageUpload1_8.ImageUpload) - http://riteaid.storefront.com/images/gl ... oad1_8.CAB
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
O23 - Service: lxdk_device - - C:\Windows\system32\lxdkcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11194 bytes
Sydney
Regular Member
 
Posts: 22
Joined: October 13th, 2009, 12:29 pm

Re: please help!! hjt log

Unread postby peku006 » November 16th, 2009, 4:06 am

Hi Sydney

all the logs look good.......

your "m.www.yahoo.com" problem not due to malware......

m.www.yahoo.com is the new beta site for Yahoo! This site is a temporary site whcih allows you to enjoy the new features implemented by yahoo! Some of the new features you will notice is the flight out "what you see is what you get" menu bars which allow you to do everything on one page, which is the Yahoo! page..

Read this page

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware