Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Several Issues on Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Several Issues on Computer

Unread postby Spain1492 » November 13th, 2009, 3:16 am

I have several issues on my computer.

1. My Google has been hijacked. When I enter a search, it redirects me to other sites. I have run AVG, Vipre, AdAware, Spybot, etc. and it is still there.

2. I had Norton Utilities (Symantec) on my computer a few years back. I uninstalled it, but it appears that there are some components still installed. I need assistance in removing all traces of Norton Utilities off my computer.

3. I tried installing McAffee antivirus software a few years back to replace Norton Utilities. It conflicted with the Norton's leftover (item 2) and never worked on my computer. There are traces of McAffee antivirus software left on my computer that I need assistance to remove.

Attached below it the HijackThis log from my computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:02 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\SealedMedia\SoftSEAL\sealmon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Juno DSL\ConnectionCenter.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?action=mini ... search_dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?action=mini ... search_dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?action=mini ... n=54436872
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?action=mini ... n=54436872
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\Juno DSL\SearchEnh1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pop-up Blocker - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\Juno DSL\PopupBlocker.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Juno DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\Juno DSL\Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\SoftSEAL\sealmon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JunoDSL] "C:\Program Files\Juno DSL\ConnectionCenter.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spdf: C:\Program Files\Internet Explorer\PLUGINS\npLoader.dll
O15 - Trusted Zone: http://*.turbotax.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11952 bytes

Thank you for your assistance.
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am
Advertisement
Register to Remove

Re: Several Issues on Computer

Unread postby shinybeast » November 16th, 2009, 1:56 am

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


Installed Program List

I would be helpful to see a list of programs installed on your computer.

  • Please start Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby Spain1492 » November 16th, 2009, 3:39 am

Thank you shinybeast. Here is the info from Hijack This.

32 Bit HP CIO Components Installer
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Adobe Reader 9.2
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ASUS Display Drivers
ASUS SmartDoctor
Atari: The 80 Classic Games
AVG 9.0
Axis & Allies
Broadxent V.92 PCI DI3631-1
Call of Duty - United Offensive
Call of Duty Game of the Year Edition
ccCommon
Civilization III Complete Edition
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD@ccess 2.0.3
FaxTalk Communicator 4.5
File Shredder 2.0
Free Internet Eraser 2.30
FriendFinder Messenger v4.1
Galactic Civilizations Ultimate Edition
Garmin Communicator Plugin
Garmin USB Drivers
Handmark® MobileDB(TM) for Palm OS
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
InterActual Player
InterVideo WinDVD 4
InterVideo WinDVD Creator
InterVideo WinRip
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Juno
Juno DSL (remove only)
Juno SpeedBand (remove only)
Logitech MouseWare 9.76
Logitech Resource Center
Malwarebytes' Anti-Malware
Match-Up!
Mavis Beacon Teaches Access 2003
Mavis Beacon Teaches Excel 2003
Mavis Beacon Teaches Office 2003 Menu
Mavis Beacon Teaches PowerPoint 2003
Medi@Show
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
NetWaiting
Norton AntiSpam
Norton AntiVirus
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Personal Firewall
Norton SystemWorks 2004
NSW_DRM_COLLECTION
NVIDIA Drivers
Palm
Quicken 2005
Quicken Will Writer 2001
QuickTime
QWW2001 Registration
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SimCity 4 Deluxe
SoftSEAL Viewer 1.2
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
Sudoku Puzzle Addict
Symantec Script Blocking Installer
Terminal Services Web Client
TurboTax 2005
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Premier 2007
TurboTax Premier Investments 2006
TValue Network Version 5
TweakNow RegCleaner
Typing Quick & Easy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB896727)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WexTech AnswerWorks
WillWriter Companion
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB890923
Windows XP Service Pack 3
WinZip 14.0
WNW Dictionary v2.0
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am

Re: Several Issues on Computer

Unread postby shinybeast » November 17th, 2009, 11:27 am

Hi Spain1492,

We will take care of the McAfee and Norton remnants in due time but first we need a deeper look than HijackThis provides.


DDS Scan

  • Please download DDS by sUBS from one of these links and save it to your desktop
    Link1 | Link 2
  • Double-click the file to start the scan
  • A black window will open and run the scan
  • When it finishes, two logs will automatically open with Notepad (DDS.txt and Attach.txt)
  • Save the logs to the desktop using Save As... and post the contents of both in your next reply
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby Spain1492 » November 18th, 2009, 12:31 am

Thanks Shinybeast. Here are the results:

DDS.txt

DDS (Ver_09-10-26.01) - NTFSx86
Run by XXXXXXXXX at 20:08:30.29 on Tue 11/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.154 [GMT -8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\SealedMedia\SoftSEAL\sealmon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Juno DSL\ConnectionCenter.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\XXXXXXXXX\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.juno.com/
uSearch Page = hxxp://my.juno.com/s/search?action=mini ... search_dsl
uSearch Bar = hxxp://my.juno.com/s/search?action=mini ... search_dsl
uSearchURL,(Default) = hxxp://my.juno.com/s/search?action=mini ... n=54436872
mSearchAssistant = hxxp://my.juno.com/s/search?action=mini ... n=54436872
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\juno dsl\SearchEnh1.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Pop-up Blocker: {4224ff33-c2eb-4039-b8c8-6eed565b9d96} - c:\program files\juno dsl\PopupBlocker.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\juno\qsacc\X1IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Juno DSL: {8e613eaf-e16e-415c-bd39-f71d6a3b5518} - c:\program files\juno dsl\Toolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 4\imc.exe
mRun: [Anvshell] anvshell.exe
mRun: [LiveNote] livenote.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [sealmon] c:\program files\sealedmedia\softseal\sealmon.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [JunoDSL] "c:\program files\juno dsl\ConnectionCenter.exe"
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\XXXXXX~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\XXXXXX~1\applic~1\mozilla\firefox\profiles\t8qa403o.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\XXXXXXXXX\application data\mozilla\firefox\profiles\t8qa403o.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
c:\documents and settings\XXXXXXXXX\local settings\temp\15.tmp\tempB4

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-10 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-10 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-21 64288]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2004-3-9 233280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-10 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-10 360584]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-11 93360]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-10 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-10 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-10 5832712]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-2-28 29156]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-10 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-10 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-10 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-10 25736]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2005-8-21 56576]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-10 30104]
S3 nenum13E;nenum13E;\??\c:\docume~1\XXXXXX~1\locals~1\temp\nenum13e.sys --> c:\docume~1\XXXXXX~1\locals~1\temp\nenum13E.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2004-12-31 167424]

=============== Created Last 30 ================

2009-11-18 04:02:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 04:02:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 04:02:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 08:19:41 0 d-----w- c:\program files\FriendFinder
2009-11-12 03:49:11 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-11 13:36:55 0 d-----w- c:\docume~1\XXXXXX~1\applic~1\Malwarebytes
2009-11-11 13:36:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-11 06:00:53 0 d--h--w- C:\$AVG
2009-11-11 06:00:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 06:00:08 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-11 06:00:03 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-11 05:59:13 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-11 05:59:13 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-11 05:59:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-11 05:59:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 05:58:35 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-11 05:58:35 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-11 05:58:22 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-10 08:16:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-11-07 18:26:03 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-07 18:26:03 1409 ----a-w- c:\windows\QTFont.for
2009-11-07 08:46:34 472064 ----a-w- C:\RootRepeal.exe
2009-11-04 14:07:15 792 ----a-w- C:\Windows Media Player.lnk
2009-11-04 14:07:15 206 --sha-w- C:\desktop.ini
2009-11-04 14:07:15 1599 ----a-w- C:\Remote Assistance.lnk
2009-10-26 07:14:57 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-26 07:14:23 0 d-----w- c:\docume~1\XXXXXX~1\applic~1\SUPERAntiSpyware.com
2009-10-24 09:34:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-19 08:32:01 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 06:24:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-19 06:00:14 58 ----a-w- c:\windows\wp4.dat
2009-10-19 06:00:14 2 ----a-w- c:\windows\wp3.dat
2009-10-19 05:59:54 36 ----a-w- c:\windows\system32\skynet.dat
2009-10-19 05:59:31 92 ----a-w- c:\windows\system32\wwp.htm

==================== Find3M ====================

2009-11-03 05:33:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-23 12:55:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-08-06 08:25:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 20:11:39.10 ===============



Attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2007 10:18:54 PM
System Uptime: 11/17/2009 7:42:03 PM (1 hours ago)

Motherboard: | |
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2124/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 78.508 GiB free.
D: is CDROM (UDF)
E: is FIXED (FAT32) - 1 GiB total, 0.922 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP93: 8/20/2009 1:36:47 AM - Avg8 Update
RP94: 8/20/2009 1:36:49 AM - Avg8 Update
RP95: 8/20/2009 1:36:51 AM - Software Distribution Service 3.0
RP96: 8/20/2009 1:36:53 AM - Software Distribution Service 3.0
RP97: 8/20/2009 1:36:55 AM - System Checkpoint
RP98: 8/20/2009 1:36:57 AM - Software Distribution Service 3.0
RP99: 8/20/2009 1:36:59 AM - Avg8 Update
RP100: 8/20/2009 1:37:02 AM - System Checkpoint
RP101: 8/20/2009 1:37:04 AM - Software Distribution Service 3.0
RP102: 8/20/2009 1:37:07 AM - Software Distribution Service 3.0
RP103: 8/20/2009 1:37:10 AM - System Checkpoint
RP104: 8/20/2009 1:37:12 AM - Software Distribution Service 3.0
RP105: 8/20/2009 1:37:15 AM - System Checkpoint
RP106: 8/20/2009 1:37:19 AM - Software Distribution Service 3.0
RP107: 8/20/2009 1:37:24 AM - System Checkpoint
RP108: 8/20/2009 1:37:26 AM - Removed ooVoo
RP109: 8/20/2009 1:37:29 AM - Removed Windows Live Messenger
RP110: 8/20/2009 1:37:30 AM - Software Distribution Service 3.0
RP111: 8/20/2009 1:37:32 AM - Removed BOINC
RP112: 8/20/2009 1:37:33 AM - System Checkpoint
RP113: 8/20/2009 1:37:34 AM - Software Distribution Service 3.0
RP114: 8/20/2009 1:37:35 AM - System Checkpoint
RP115: 8/20/2009 1:37:36 AM - Software Distribution Service 3.0
RP116: 8/20/2009 1:37:37 AM - System Checkpoint
RP117: 8/20/2009 1:37:38 AM - Software Distribution Service 3.0
RP118: 8/20/2009 1:37:40 AM - Software Distribution Service 3.0
RP119: 8/20/2009 1:37:42 AM - Software Distribution Service 3.0
RP120: 8/20/2009 1:37:44 AM - Printer Driver Microsoft XPS Document Writer Installed
RP121: 8/20/2009 1:37:45 AM - Software Distribution Service 3.0
RP122: 8/20/2009 1:37:46 AM - Software Distribution Service 3.0
RP123: 8/20/2009 1:37:48 AM - Software Distribution Service 3.0
RP124: 8/20/2009 1:37:50 AM - Avg8 Update
RP125: 8/21/2009 11:32:24 AM - System Checkpoint
RP126: 8/22/2009 2:11:06 PM - System Checkpoint
RP127: 8/24/2009 3:18:29 PM - System Checkpoint
RP128: 8/24/2009 9:31:06 PM - Software Distribution Service 3.0
RP129: 8/26/2009 3:00:25 AM - Software Distribution Service 3.0
RP130: 8/27/2009 3:08:11 AM - System Checkpoint
RP131: 8/27/2009 9:12:38 PM - Software Distribution Service 3.0
RP132: 8/28/2009 11:46:40 PM - Removed HP Update
RP133: 8/28/2009 11:46:55 PM - Installed HP Update.
RP134: 8/29/2009 7:54:05 PM - Software Distribution Service 3.0
RP135: 8/31/2009 1:18:42 AM - System Checkpoint
RP136: 8/31/2009 7:51:16 PM - Software Distribution Service 3.0
RP137: 9/1/2009 11:09:23 PM - Software Distribution Service 3.0
RP138: 9/2/2009 11:56:04 PM - System Checkpoint
RP139: 9/4/2009 1:17:59 AM - Software Distribution Service 3.0
RP140: 9/5/2009 9:46:47 AM - System Checkpoint
RP141: 9/7/2009 12:48:22 PM - System Checkpoint
RP142: 9/7/2009 9:40:42 PM - Software Distribution Service 3.0
RP143: 9/8/2009 10:04:00 PM - System Checkpoint
RP144: 9/9/2009 3:00:43 AM - Software Distribution Service 3.0
RP145: 9/10/2009 7:29:23 PM - Software Distribution Service 3.0
RP146: 9/12/2009 3:15:42 AM - System Checkpoint
RP147: 9/13/2009 11:57:12 PM - System Checkpoint
RP148: 9/14/2009 8:02:51 PM - Software Distribution Service 3.0
RP149: 9/15/2009 10:36:55 PM - System Checkpoint
RP150: 9/16/2009 9:55:56 PM - Installed Battle of Europe
RP151: 9/16/2009 10:06:29 PM - Removed Battle of Europe
RP152: 9/16/2009 10:07:10 PM - Installed Battle of Europe
RP153: 9/16/2009 10:31:10 PM - Removed Battle of Europe
RP154: 9/16/2009 10:32:17 PM - Installed Battle of Europe
RP155: 9/16/2009 10:34:44 PM - Installed DirectX
RP156: 9/17/2009 9:11:40 PM - Software Distribution Service 3.0
RP157: 9/19/2009 1:45:30 AM - System Checkpoint
RP158: 9/20/2009 8:28:14 PM - System Checkpoint
RP159: 9/21/2009 8:14:23 PM - Software Distribution Service 3.0
RP160: 9/23/2009 2:42:55 AM - System Checkpoint
RP161: 9/24/2009 8:31:32 AM - System Checkpoint
RP162: 9/25/2009 12:31:28 AM - Software Distribution Service 3.0
RP163: 9/26/2009 3:02:51 AM - System Checkpoint
RP164: 9/28/2009 1:03:16 AM - System Checkpoint
RP165: 9/28/2009 6:50:54 PM - Software Distribution Service 3.0
RP166: 9/30/2009 12:13:10 AM - System Checkpoint
RP167: 10/1/2009 1:18:48 AM - System Checkpoint
RP168: 10/2/2009 8:29:15 PM - Software Distribution Service 3.0
RP169: 10/5/2009 12:31:47 AM - System Checkpoint
RP170: 10/5/2009 10:11:42 PM - Software Distribution Service 3.0
RP171: 10/7/2009 12:41:05 AM - System Checkpoint
RP172: 10/8/2009 3:30:31 AM - System Checkpoint
RP173: 10/9/2009 12:29:02 AM - Software Distribution Service 3.0
RP174: 10/10/2009 1:51:40 PM - System Checkpoint
RP175: 10/11/2009 2:44:03 PM - System Checkpoint
RP176: 10/12/2009 2:26:53 PM - Software Distribution Service 3.0
RP177: 10/13/2009 11:41:37 PM - Installed TurboTax 2008 wrapper
RP178: 10/13/2009 11:42:05 PM - Installed TurboTax 2008 WinPerReleaseEngine
RP179: 10/13/2009 11:45:18 PM - Installed TurboTax 2008 WinPerFedFormset
RP180: 10/13/2009 11:46:23 PM - Installed TurboTax 2008 WinPerTaxSupport
RP181: 10/13/2009 11:46:50 PM - Installed TurboTax 2008 WinPerProgramHelp
RP182: 10/13/2009 11:47:24 PM - Installed TurboTax 2008 WinPerUserEducation
RP183: 10/13/2009 11:47:34 PM - Installed AnswerWorks 5.0 English Runtime
RP184: 10/14/2009 3:01:09 AM - Software Distribution Service 3.0
RP185: 10/15/2009 3:32:00 AM - System Checkpoint
RP186: 10/15/2009 4:51:50 PM - Software Distribution Service 3.0
RP187: 10/16/2009 8:26:10 PM - System Checkpoint
RP188: 10/18/2009 11:23:02 PM - Restore Operation
RP189: 10/20/2009 12:29:58 AM - Software Distribution Service 3.0
RP190: 10/21/2009 8:05:45 AM - System Checkpoint
RP191: 10/22/2009 8:24:13 AM - System Checkpoint
RP192: 10/22/2009 10:15:39 PM - Software Distribution Service 3.0
RP193: 10/24/2009 12:07:57 AM - System Checkpoint
RP194: 10/26/2009 12:14:21 AM - Installed SUPERAntiSpyware Free Edition
RP195: 10/26/2009 8:41:46 PM - Software Distribution Service 3.0
RP196: 10/28/2009 12:55:23 AM - System Checkpoint
RP197: 10/29/2009 4:11:11 AM - System Checkpoint
RP198: 10/29/2009 9:51:17 PM - Software Distribution Service 3.0
RP199: 11/1/2009 5:00:12 PM - System Checkpoint
RP200: 11/2/2009 9:31:46 PM - Software Distribution Service 3.0
RP201: 11/4/2009 2:28:35 AM - System Checkpoint
RP202: 11/5/2009 8:07:23 PM - Software Distribution Service 3.0
RP203: 11/6/2009 10:03:01 PM - System Checkpoint
RP204: 11/7/2009 1:40:42 AM - Installed WinZip 14.0
RP205: 11/7/2009 10:13:23 AM - Software Distribution Service 3.0
RP206: 11/8/2009 11:47:11 PM - System Checkpoint
RP207: 11/9/2009 9:26:06 PM - Software Distribution Service 3.0
RP208: 11/9/2009 11:22:03 PM - Removed Battle of Europe
RP209: 11/9/2009 11:27:15 PM - Configured Leisure Suit Larry - Magna Cum Laude
RP210: 11/9/2009 11:29:11 PM - Removed ItsDeductible Express
RP211: 11/9/2009 11:38:03 PM - Removed Battlecruiser Millennium Gold
RP212: 11/9/2009 11:42:52 PM - Removed Dangerous Waters
RP213: 11/9/2009 11:44:49 PM - Removed SUPERAntiSpyware Free Edition
RP214: 11/9/2009 11:46:07 PM - Removed TurboTax ItsDeductible 2005
RP215: 11/9/2009 11:46:56 PM - Removed TurboTax ItsDeductible 2006
RP216: 11/10/2009 12:12:21 AM - Installed VIPRE Antivirus + Antispyware.
RP217: 11/10/2009 12:33:05 AM - Removed VIPRE Antivirus + Antispyware.
RP218: 11/10/2009 12:33:50 AM - Installed VIPRE Antivirus + Antispyware.
RP219: 11/10/2009 6:53:12 AM - Removed VIPRE Antivirus + Antispyware.
RP220: 11/10/2009 9:30:41 PM - Software Distribution Service 3.0
RP221: 11/10/2009 9:58:21 PM - Installed AVG 9.0
RP222: 11/10/2009 10:41:38 PM - Avg8 Update
RP223: 11/12/2009 12:22:10 AM - System Checkpoint
RP224: 11/12/2009 9:20:55 PM - Avg8 Update
RP225: 11/13/2009 7:06:52 PM - Avg8 Update
RP226: 11/14/2009 12:19:38 AM - Installed FriendFinder Messenger v4.1
RP227: 11/16/2009 2:55:29 AM - System Checkpoint
RP228: 11/17/2009 3:24:06 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
AAC Decoder
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Adobe Reader 9.2
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ASUS Display Drivers
ASUS SmartDoctor
Atari: The 80 Classic Games
AutoUpdate
AVG 9.0
Axis & Allies
Broadxent V.92 PCI DI3631-1
BufferChm
Call of Duty - United Offensive
Call of Duty Game of the Year Edition
ccCommon
Civilization III Complete Edition
Confidence Online(tm) for Web Applications
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Data Lifeguard
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD@ccess 2.0.3
eSupportQFolder
F2100
F2100_doccd
F2100_Help
FaxTalk Communicator 4.5
File Shredder 2.0
Free Internet Eraser 2.30
FriendFinder Messenger v4.1
Galactic Civilizations Ultimate Edition
Garmin Communicator Plugin
Garmin USB Drivers
H.264 Decoder
Handmark® MobileDB(TM) for Palm OS
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
InterActual Player
InterVideo WinDVD 4
InterVideo WinDVD Creator
InterVideo WinRip
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Juno
Juno DSL (remove only)
Juno SpeedBand (remove only)
Logitech MouseWare 9.76
Logitech Resource Center
Malwarebytes' Anti-Malware
MarketResearch
Match-Up!
Mavis Beacon Teaches Access 2003
Mavis Beacon Teaches Excel 2003
Mavis Beacon Teaches Office 2003 Menu
Mavis Beacon Teaches PowerPoint 2003
Medi@Show
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.5.5)
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
NetWaiting
Norton AntiSpam
Norton AntiVirus
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Personal Firewall
Norton SystemWorks 2004
NSW_DRM_COLLECTION
NVIDIA Drivers
Palm
Platform
PSSWCORE
Quicken 2005
Quicken Will Writer 2001
QuickTime
QWW2001 Registration
Realtek AC'97 Audio
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SimCity 4 Deluxe
SoftSEAL Viewer 1.2
SolutionCenter
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
Status
Sudoku Puzzle Addict
Symantec Network Drivers Update
Symantec Script Blocking Installer
Terminal Services Web Client
Toolbox
TrayApp
TurboTax 2005
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Premier 2007
TurboTax Premier Investments 2006
TValue Network Version 5
TweakNow RegCleaner
Typing Quick & Easy
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB896727)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VideoToolkit01
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
WexTech AnswerWorks
WillWriter Companion
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB890923
Windows XP Service Pack 3
WinZip 14.0
WNW Dictionary v2.0

==== Event Viewer Messages From Past Week ========

11/17/2009 7:20:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/16/2009 7:23:39 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/15/2009 11:02:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/15/2009 11:02:57 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2009 9:22:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
11/12/2009 9:21:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
11/11/2009 6:52:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.
11/11/2009 6:52:35 PM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2009 6:58:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
11/10/2009 6:57:20 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/10/2009 4:59:35 AM, error: HPZipr12 [43] -
11/10/2009 12:39:40 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/10/2009 12:38:11 AM, error: Service Control Manager [7000] - The ScriptBlocking Service service failed to start due to the following error: The system cannot find the path specified.
11/10/2009 12:38:11 AM, error: Service Control Manager [7000] - The McAfee WSC Integration service failed to start due to the following error: The system cannot find the file specified.
11/10/2009 12:38:11 AM, error: Service Control Manager [7000] - The McAfee Task Scheduler service failed to start due to the following error: The system cannot find the path specified.
11/10/2009 10:28:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am

Re: Several Issues on Computer

Unread postby shinybeast » November 18th, 2009, 3:59 pm

Hello spain1492,


Backup Registry With ERUNT

Modifying the Windows Registry can occasionally create problems, so it is imperative we back it up first.

  • Please download ERUNT (Emergency Recovery Utility NT) by Lars Hederer from one of the links below and save it to a convenient location
    Link 1 | Link 2
  • Double-click the file erunt-setup.exe that you downloaded to start the install
  • After the language selection, click Next three times to choose the default location, folder name and start menu folder.
  • You may choose to uncheck the desktop icons at the Select Additional Options window.
  • IMPORTANT: After clicking Install, you will get a popup asking if you want to run ERUNT at each startup. Click No (Once we are finished, you may choose to enable this option).
  • Keep the option to run ERUNT checked and click Finish
  • Click OK at the Welcome dialog box
  • Ensure the System Registry and Current User Registry boxes are checked and click OK to backup the registry to the default location and filename. You will be asked if you want to create the folder, click Yes
  • A window should appear that says "Registry backup is complete!." Click OK in that window.


Uninstall Programs

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove


AutoUpdate
FriendFinder Messenger v4.1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Spybot - Search & Destroy 1.5.2.20


The two programs listed below, while decent security programs, can interfere with the removal process. Please uninstall them as well. You may re-install after we are finished if you wish.
Ad-Aware
Spybot - Search & Destroy


Once finished, close Add or Remove Programs window


McAfee Cleanup

  • Click here to download the McAfee Removal Tool and save to a convenient location.
  • Close all McAfee windows and double-click MCPR.exe to run the tool.
  • Reboot the computer when "CleanUp Successful" appears to complete removal.
  • After reboot, delete the removal tool.


Norton Cleanup

  • Click Here to download the Norton Removal Tool and save it to your desktop.
  • Double click on Norton_Removal_Tool.exe to start the process.
  • Follow program prompts, to remove the Norton product.
  • Reboot your computer

ComboFix

Please visit this webpage for download links, and a guide for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read the guide carefully and install the Recovery Console first.

NOTE: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. This is important in order for Combofix to function properly!
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.
These need to be disabled.
AVG 9.0
Windows Defender


Please include the C:\ComboFix.txt in your next reply for further review.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log (C:combofix.txt)
New DDS logs
Update on how the computer is running
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby shinybeast » November 21st, 2009, 10:44 am

Hello Spain1492,

It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Please let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby Spain1492 » November 23rd, 2009, 4:19 am

Sorry, I was out of town for a wedding. Just logged in and executing your instructions.
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am

Re: Several Issues on Computer

Unread postby Spain1492 » November 23rd, 2009, 5:29 am

Okay, I executed everything up to ComboFix with the exception of removing the AutoUpdate. It does not show up as an option on the Remove Program Window. In addition, I did a search for "AutoUpdate". The only item that comes close is Spyware Blaster autoupdate. In addition, DivX has an autoupdate folder, but it was empty.

1. Is AutoUpdate the windows autoupdate? Should I just turn that function off?
2. Can I proceed to ComboFix without removing the autoupdate?

Thanks again.
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am

Re: Several Issues on Computer

Unread postby shinybeast » November 23rd, 2009, 11:50 am

Hi Spain1492,

AutoUpdate could be a couple of things. It might be undesirable, or it might have been put there by MS Office. I don't think it has anything to do with your issue, so let's ignore it and go ahead with Combofix. Remember to follow the instructions carefully and disable your security software or Combofix will not function properly.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby Spain1492 » November 25th, 2009, 10:41 pm

Hi Shinybeast,

Sorry for the delay. I can't find my original XP disk to add the Microsoft Windows recovery console. I know I have it, I need to look through a few more boxes. Once I find it, I can proceed with the steps.

I saw the link to get this through the Microsoft website, but it requires floppy disks.

Thanks for your patience. I'm going to be offline until Friday.
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am

Re: Several Issues on Computer

Unread postby shinybeast » November 26th, 2009, 12:12 am

Hi Spain1492,

Should be no need to go searching. (Although it is good to know where your OS disc is should you ever need it.)

In the instructions here you will see that ComboFix should offer to download and install it for you.

Just follow those linked instructions and my advice in this previous post and things should go smoothly.

I'll be looking for your response in a couple of days. If you're in the U.S., have a happy Thanksgiving.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby Spain1492 » November 28th, 2009, 8:36 am

Hi Shinybeast,

Thanksgiving was wonderful. Here is the result from the ComboFix:

ComboFix 09-11-27.05 - XXXXXXXXX 11/28/2009 3:46.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.149 [GMT -8:00]
Running from: c:\documents and settings\XXXXXXXXX\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\VDM1C.tmp
C:\VDM1D.tmp
C:\VDMB7.tmp
C:\VDMB8.tmp
c:\windows\run.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\skynet.dat
c:\windows\system32\tdlcmd.dll

Infected copy of c:\windows\System32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 11:46 . 2009-11-28 11:46 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2009-11-28 11:40 . 2004-03-29 05:45 73600 ----a-r- c:\windows\system32\drivers\viamraid_2.sys
2009-11-23 09:22 . 2009-10-16 20:13 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-23 08:12 . 2009-11-23 08:13 -------- d-----w- c:\program files\ERUNT
2009-11-21 19:08 . 2009-11-11 05:59 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-21 19:08 . 2009-11-11 05:59 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-18 04:02 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 04:02 . 2009-11-18 04:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 04:02 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 08:19 . 2009-11-14 08:19 -------- d-----w- c:\program files\FriendFinder
2009-11-13 05:20 . 2009-11-11 05:59 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-13 05:20 . 2009-11-11 05:59 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-13 05:20 . 2009-11-11 05:59 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-13 05:20 . 2009-11-13 05:20 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-13 05:20 . 2009-11-11 05:59 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-13 05:20 . 2009-11-13 05:20 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-12 03:49 . 2009-11-03 05:33 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-11 13:36 . 2009-11-11 13:36 -------- d-----w- c:\documents and settings\XXXXXXXXX\Application Data\Malwarebytes
2009-11-11 13:36 . 2009-11-11 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-11 06:02 . 2009-11-11 06:02 -------- d-----w- c:\documents and settings\XXXXXXXXX\Local Settings\Application Data\AVG Security Toolbar
2009-11-11 06:00 . 2009-11-11 07:06 -------- d-----w- C:\$AVG
2009-11-11 06:00 . 2009-11-11 06:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 06:00 . 2009-11-11 06:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-11 06:00 . 2009-11-28 08:28 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-11 06:00 . 2009-11-23 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-11 05:59 . 2009-11-11 05:59 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-11 05:59 . 2009-11-11 05:59 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-11 05:59 . 2009-11-11 05:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-11 05:59 . 2009-11-11 05:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 05:58 . 2009-11-11 05:58 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-11 05:58 . 2009-11-11 05:58 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-11 05:58 . 2009-11-28 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 08:16 . 2009-11-10 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-11-07 08:46 . 2009-11-07 19:17 472064 ----a-w- C:\RootRepeal.exe
2009-11-07 08:40 . 2009-11-07 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-04 14:07 . 2009-11-04 14:07 -------- d-sh--w- c:\documents and settings\Administrator.MARK\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 08:55 . 2005-05-05 06:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-23 08:38 . 2005-05-05 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-23 08:29 . 2005-09-09 03:26 -------- d-----w- c:\program files\Lavasoft
2009-11-23 08:29 . 2008-02-15 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-14 06:15 . 2004-03-10 06:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 06:13 . 2007-08-05 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Juno DSL
2009-11-12 04:26 . 2008-03-23 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-12 04:25 . 2005-08-07 19:05 -------- d-----w- c:\program files\SpywareBlaster
2009-11-12 04:19 . 2006-04-11 08:18 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-11-11 05:58 . 2009-03-12 10:42 -------- d-----w- c:\program files\AVG
2009-11-10 14:50 . 2004-04-04 18:56 -------- d-----w- c:\program files\Common Files\Real
2009-11-10 07:59 . 2004-03-13 07:29 60856 ----a-w- c:\documents and settings\XXXXXXXXX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 07:46 . 2006-03-08 02:35 -------- d-----w- c:\program files\ItsDeductible2005
2009-11-10 07:45 . 2009-10-26 07:14 -------- d-----w- c:\documents and settings\XXXXXXXXX\Application Data\SUPERAntiSpyware.com
2009-11-10 07:42 . 2004-03-10 06:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 07:29 . 2005-03-23 06:00 -------- d-----w- c:\program files\ItsDeductibleEX
2009-11-07 08:49 . 2007-12-25 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-03 04:42 . 2009-10-03 03:29 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 07:14 . 2009-10-26 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-24 09:34 . 2009-10-24 09:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-24 01:54 . 2004-03-11 16:37 -------- d-----w- c:\program files\Juno
2009-10-19 06:05 . 2009-10-19 06:00 58 ----a-w- c:\windows\wp4.dat
2009-10-19 06:05 . 2009-10-19 06:00 2 ----a-w- c:\windows\wp3.dat
2009-10-14 06:47 . 2009-10-14 06:47 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-10-14 06:44 . 2005-03-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-10-14 06:43 . 2004-03-12 08:11 -------- d-----w- c:\program files\Common Files\Intuit
2009-10-14 06:40 . 2004-03-12 08:11 -------- d-----w- c:\program files\TurboTax
2009-10-13 02:52 . 2009-10-13 02:52 -------- d-----w- c:\program files\Buka
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-12-25 19:47 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sealmon"="c:\program files\SealedMedia\SoftSEAL\sealmon.exe" [2001-04-05 65536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-28 282624]
"JunoDSL"="c:\program files\Juno DSL\ConnectionCenter.exe" [2007-09-17 1058304]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-02 7618560]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Anvshell"="anvshell.exe" - c:\windows\anvshell.exe [2003-05-29 348160]
"LiveNote"="livenote.exe" - c:\windows\livenote.exe [2002-07-11 40960]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-03-04 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-02 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-16 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\XXXXXXXXX\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-11 06:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Juno\\bin\\juno.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"20800:TCP"= 20800:TCP:BitComet 20800 TCP
"20800:UDP"= 20800:UDP:BitComet 20800 UDP

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [11/10/2009 9:59 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/10/2009 9:59 PM 161800]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [3/9/2004 11:40 PM 233280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/10/2009 9:59 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/10/2009 9:59 PM 360584]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/11/2009 7:49 PM 93360]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/10/2009 9:59 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/10/2009 9:59 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/10/2009 9:59 PM 5832712]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2/28/2007 2:18 PM 29156]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/10/2009 9:58 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [11/10/2009 9:59 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [11/10/2009 9:59 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [11/10/2009 9:59 PM 25736]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [8/21/2005 3:28 PM 56576]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/10/2009 9:58 PM 30104]
S3 nenum13E;nenum13E;\??\c:\docume~1\XXXXXX~1\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\XXXXXX~1\LOCALS~1\Temp\nenum13E.sys [?]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [12/31/2004 4:46 PM 167424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.juno.com/
uSearchURL,(Default) = hxxp://my.juno.com/s/search?action=mini ... n=54436872
IE: Display All Images with Full Quality - c:\program files\Juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\Juno\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: orionfirst.com\server
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\XXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\t8qa403o.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\XXXXXXXXX\Application Data\Mozilla\Firefox\Profiles\t8qa403o.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL
AddRemove-{9933F0EE-DFCD-4829-B979-3C56C367CB1A} - c:\program files\InstallShield Installation Information\{9933F0EE-DFCD-4829-B979-3C56C367CB1A}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 04:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-11-28 04:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 12:26

Pre-Run: 85,320,404,992 bytes free
Post-Run: 85,266,550,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - C246C3929B84E4DFF65CE51A109CC2C6
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am

Re: Several Issues on Computer

Unread postby shinybeast » November 29th, 2009, 2:09 am

Hello Spain1492,

Still getting redirects?


Update and Scan with MalwareBytes'

  • Start MalwareBytes' Anti-Malware (MBAM)
  • Click the Update tab, then click Check for Updates button
  • Allow MBAM to check for and download updates, then click OK
  • Click the Scanner tab and select (tick) Perform full scan
  • Click Scan to start then scan.
  • When it finishes, click OK in the window that pops up and then click Show Results in the main window
  • Ensure that all items are checked and click Remove Selected.
  • When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
  • If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


DDS Scan

Please run DDS again and generate new logs.
Save the logs to the desktop using Save As... and post the contents of both in your next reply.


In your next post please include MalwareBytes' log, new dds.txt and attach.txt, and info on how computer is behaving.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Several Issues on Computer

Unread postby Spain1492 » November 29th, 2009, 9:18 pm

Hi Shinybeast,

The Google hijacking disappeared after the ComboFix run. The computer appears to be starting and running faster. I've attached the requested logs below.

MalwareBytes' log:


Malwarebytes' Anti-Malware 1.41
Database version: 3259
Windows 5.1.2600 Service Pack 3

11/29/2009 4:49:51 PM
mbam-log-2009-11-29 (16-49-51).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 230911
Time elapsed: 1 hour(s), 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\tdlcmd.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E38E4FCB-E58A-4FC5-8353-5DD10A31DDF8}\RP241\A0048498.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E38E4FCB-E58A-4FC5-8353-5DD10A31DDF8}\RP241\A0048538.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.


New DDS.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by XXXXXXXXX at 17:04:33.71 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.222 [GMT -8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SealedMedia\SoftSEAL\sealmon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Juno DSL\ConnectionCenter.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\XXXXXXXXX\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.juno.com/
uSearch Page = hxxp://my.juno.com/s/search?action=mini ... search_dsl
uSearch Bar = hxxp://my.juno.com/s/search?action=mini ... search_dsl
uSearchURL,(Default) = hxxp://my.juno.com/s/search?action=mini ... n=54436872
mSearchAssistant = hxxp://my.juno.com/s/search?action=mini ... n=54436872
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\juno dsl\SearchEnh1.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Pop-up Blocker: {4224ff33-c2eb-4039-b8c8-6eed565b9d96} - c:\program files\juno dsl\PopupBlocker.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\juno\qsacc\X1IEBHO.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Juno DSL: {8e613eaf-e16e-415c-bd39-f71d6a3b5518} - c:\program files\juno dsl\Toolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Anvshell] anvshell.exe
mRun: [LiveNote] livenote.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [sealmon] c:\program files\sealedmedia\softseal\sealmon.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [JunoDSL] "c:\program files\juno dsl\ConnectionCenter.exe"
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\XXXXXX~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: orionfirst.com\server
Trusted Zone: turbotax.com
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\XXXXXX~1\applic~1\mozilla\firefox\profiles\t8qa403o.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\XXXXXXXXX\application data\mozilla\firefox\profiles\t8qa403o.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-10 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-10 161800]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2004-3-9 233280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-10 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-10 360584]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-11 93360]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-10 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-10 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-10 5832712]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-2-28 29156]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-10 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-10 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-10 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-10 25736]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2005-8-21 56576]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-10 30104]
S3 nenum13E;nenum13E;\??\c:\docume~1\XXXXXX~1\locals~1\temp\nenum13e.sys --> c:\docume~1\XXXXXX~1\locals~1\temp\nenum13E.sys [?]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2004-12-31 167424]

=============== Created Last 30 ================

2009-11-28 11:40:20 73600 ----a-r- c:\windows\system32\drivers\viamraid_2.sys
2009-11-28 11:37:12 0 d-sha-r- C:\cmdcons
2009-11-28 11:32:45 98816 ----a-w- c:\windows\sed.exe
2009-11-28 11:32:45 77312 ----a-w- c:\windows\MBR.exe
2009-11-28 11:32:45 260608 ----a-w- c:\windows\PEV.exe
2009-11-28 11:32:45 161792 ----a-w- c:\windows\SWREG.exe
2009-11-18 04:02:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 04:02:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 04:02:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 08:19:41 0 d-----w- c:\program files\FriendFinder
2009-11-12 03:49:11 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-11 13:36:55 0 d-----w- c:\docume~1\XXXXXX~1\applic~1\Malwarebytes
2009-11-11 13:36:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-11 06:00:53 0 d-----w- C:\$AVG
2009-11-11 06:00:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 06:00:08 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-11 06:00:03 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-11 05:59:13 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-11 05:59:13 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-11 05:59:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-11 05:59:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 05:58:35 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-11 05:58:35 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-11 05:58:22 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-10 08:16:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-11-07 18:26:03 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-07 18:26:03 1409 ----a-w- c:\windows\QTFont.for
2009-11-07 08:46:34 472064 ----a-w- C:\RootRepeal.exe
2009-11-04 14:07:15 792 ----a-w- C:\Windows Media Player.lnk
2009-11-04 14:07:15 1599 ----a-w- C:\Remote Assistance.lnk

==================== Find3M ====================

2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-08-06 08:25:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 17:06:13.62 ===============


New Attach.txt:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2007 10:18:54 PM
System Uptime: 11/29/2009 4:52:50 PM (1 hours ago)

Motherboard: | |
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2124/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 79.421 GiB free.
D: is CDROM (CDFS)
E: is FIXED (FAT32) - 1 GiB total, 0.923 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP136: 8/31/2009 7:51:16 PM - Software Distribution Service 3.0
RP137: 9/1/2009 11:09:23 PM - Software Distribution Service 3.0
RP138: 9/2/2009 11:56:04 PM - System Checkpoint
RP139: 9/4/2009 1:17:59 AM - Software Distribution Service 3.0
RP140: 9/5/2009 9:46:47 AM - System Checkpoint
RP141: 9/7/2009 12:48:22 PM - System Checkpoint
RP142: 9/7/2009 9:40:42 PM - Software Distribution Service 3.0
RP143: 9/8/2009 10:04:00 PM - System Checkpoint
RP144: 9/9/2009 3:00:43 AM - Software Distribution Service 3.0
RP145: 9/10/2009 7:29:23 PM - Software Distribution Service 3.0
RP146: 9/12/2009 3:15:42 AM - System Checkpoint
RP147: 9/13/2009 11:57:12 PM - System Checkpoint
RP148: 9/14/2009 8:02:51 PM - Software Distribution Service 3.0
RP149: 9/15/2009 10:36:55 PM - System Checkpoint
RP150: 9/16/2009 9:55:56 PM - Installed Battle of Europe
RP151: 9/16/2009 10:06:29 PM - Removed Battle of Europe
RP152: 9/16/2009 10:07:10 PM - Installed Battle of Europe
RP153: 9/16/2009 10:31:10 PM - Removed Battle of Europe
RP154: 9/16/2009 10:32:17 PM - Installed Battle of Europe
RP155: 9/16/2009 10:34:44 PM - Installed DirectX
RP156: 9/17/2009 9:11:40 PM - Software Distribution Service 3.0
RP157: 9/19/2009 1:45:30 AM - System Checkpoint
RP158: 9/20/2009 8:28:14 PM - System Checkpoint
RP159: 9/21/2009 8:14:23 PM - Software Distribution Service 3.0
RP160: 9/23/2009 2:42:55 AM - System Checkpoint
RP161: 9/24/2009 8:31:32 AM - System Checkpoint
RP162: 9/25/2009 12:31:28 AM - Software Distribution Service 3.0
RP163: 9/26/2009 3:02:51 AM - System Checkpoint
RP164: 9/28/2009 1:03:16 AM - System Checkpoint
RP165: 9/28/2009 6:50:54 PM - Software Distribution Service 3.0
RP166: 9/30/2009 12:13:10 AM - System Checkpoint
RP167: 10/1/2009 1:18:48 AM - System Checkpoint
RP168: 10/2/2009 8:29:15 PM - Software Distribution Service 3.0
RP169: 10/5/2009 12:31:47 AM - System Checkpoint
RP170: 10/5/2009 10:11:42 PM - Software Distribution Service 3.0
RP171: 10/7/2009 12:41:05 AM - System Checkpoint
RP172: 10/8/2009 3:30:31 AM - System Checkpoint
RP173: 10/9/2009 12:29:02 AM - Software Distribution Service 3.0
RP174: 10/10/2009 1:51:40 PM - System Checkpoint
RP175: 10/11/2009 2:44:03 PM - System Checkpoint
RP176: 10/12/2009 2:26:53 PM - Software Distribution Service 3.0
RP177: 10/13/2009 11:41:37 PM - Installed TurboTax 2008 wrapper
RP178: 10/13/2009 11:42:05 PM - Installed TurboTax 2008 WinPerReleaseEngine
RP179: 10/13/2009 11:45:18 PM - Installed TurboTax 2008 WinPerFedFormset
RP180: 10/13/2009 11:46:23 PM - Installed TurboTax 2008 WinPerTaxSupport
RP181: 10/13/2009 11:46:50 PM - Installed TurboTax 2008 WinPerProgramHelp
RP182: 10/13/2009 11:47:24 PM - Installed TurboTax 2008 WinPerUserEducation
RP183: 10/13/2009 11:47:34 PM - Installed AnswerWorks 5.0 English Runtime
RP184: 10/14/2009 3:01:09 AM - Software Distribution Service 3.0
RP185: 10/15/2009 3:32:00 AM - System Checkpoint
RP186: 10/15/2009 4:51:50 PM - Software Distribution Service 3.0
RP187: 10/16/2009 8:26:10 PM - System Checkpoint
RP188: 10/18/2009 11:23:02 PM - Restore Operation
RP189: 10/20/2009 12:29:58 AM - Software Distribution Service 3.0
RP190: 10/21/2009 8:05:45 AM - System Checkpoint
RP191: 10/22/2009 8:24:13 AM - System Checkpoint
RP192: 10/22/2009 10:15:39 PM - Software Distribution Service 3.0
RP193: 10/24/2009 12:07:57 AM - System Checkpoint
RP194: 10/26/2009 12:14:21 AM - Installed SUPERAntiSpyware Free Edition
RP195: 10/26/2009 8:41:46 PM - Software Distribution Service 3.0
RP196: 10/28/2009 12:55:23 AM - System Checkpoint
RP197: 10/29/2009 4:11:11 AM - System Checkpoint
RP198: 10/29/2009 9:51:17 PM - Software Distribution Service 3.0
RP199: 11/1/2009 5:00:12 PM - System Checkpoint
RP200: 11/2/2009 9:31:46 PM - Software Distribution Service 3.0
RP201: 11/4/2009 2:28:35 AM - System Checkpoint
RP202: 11/5/2009 8:07:23 PM - Software Distribution Service 3.0
RP203: 11/6/2009 10:03:01 PM - System Checkpoint
RP204: 11/7/2009 1:40:42 AM - Installed WinZip 14.0
RP205: 11/7/2009 10:13:23 AM - Software Distribution Service 3.0
RP206: 11/8/2009 11:47:11 PM - System Checkpoint
RP207: 11/9/2009 9:26:06 PM - Software Distribution Service 3.0
RP208: 11/9/2009 11:22:03 PM - Removed Battle of Europe
RP209: 11/9/2009 11:27:15 PM - Configured Leisure Suit Larry - Magna Cum Laude
RP210: 11/9/2009 11:29:11 PM - Removed ItsDeductible Express
RP211: 11/9/2009 11:38:03 PM - Removed Battlecruiser Millennium Gold
RP212: 11/9/2009 11:42:52 PM - Removed Dangerous Waters
RP213: 11/9/2009 11:44:49 PM - Removed SUPERAntiSpyware Free Edition
RP214: 11/9/2009 11:46:07 PM - Removed TurboTax ItsDeductible 2005
RP215: 11/9/2009 11:46:56 PM - Removed TurboTax ItsDeductible 2006
RP216: 11/10/2009 12:12:21 AM - Installed VIPRE Antivirus + Antispyware.
RP217: 11/10/2009 12:33:05 AM - Removed VIPRE Antivirus + Antispyware.
RP218: 11/10/2009 12:33:50 AM - Installed VIPRE Antivirus + Antispyware.
RP219: 11/10/2009 6:53:12 AM - Removed VIPRE Antivirus + Antispyware.
RP220: 11/10/2009 9:30:41 PM - Software Distribution Service 3.0
RP221: 11/10/2009 9:58:21 PM - Installed AVG 9.0
RP222: 11/10/2009 10:41:38 PM - Avg8 Update
RP223: 11/12/2009 12:22:10 AM - System Checkpoint
RP224: 11/12/2009 9:20:55 PM - Avg8 Update
RP225: 11/13/2009 7:06:52 PM - Avg8 Update
RP226: 11/14/2009 12:19:38 AM - Installed FriendFinder Messenger v4.1
RP227: 11/16/2009 2:55:29 AM - System Checkpoint
RP228: 11/17/2009 3:24:06 AM - System Checkpoint
RP229: 11/18/2009 3:49:18 AM - System Checkpoint
RP230: 11/21/2009 10:49:20 AM - Avg8 Update
RP231: 11/21/2009 11:08:52 AM - Avg8 Update
RP232: 11/21/2009 11:16:25 AM - Avg8 Update
RP233: 11/23/2009 12:21:18 AM - Removed FriendFinder Messenger v4.1
RP234: 11/23/2009 12:23:58 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP235: 11/23/2009 12:25:38 AM - Removed J2SE Runtime Environment 5.0 Update 9
RP236: 11/23/2009 12:27:10 AM - Removed J2SE Runtime Environment 5.0 Update 10
RP237: 11/23/2009 12:31:15 AM - Removed HP Update.
RP238: 11/24/2009 2:31:01 AM - System Checkpoint
RP239: 11/24/2009 6:02:17 PM - Avg8 Update
RP240: 11/24/2009 6:21:41 PM - Software Distribution Service 3.0
RP241: 11/28/2009 12:26:50 AM - Avg8 Update
RP242: 11/29/2009 1:32:58 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Adobe Reader 9.2
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ASUS Display Drivers
ASUS SmartDoctor
Atari: The 80 Classic Games
AutoUpdate
AVG 9.0
Axis & Allies
Broadxent V.92 PCI DI3631-1
BufferChm
Call of Duty - United Offensive
Call of Duty Game of the Year Edition
Civilization III Complete Edition
Confidence Online(tm) for Web Applications
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Data Lifeguard
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD@ccess 2.0.3
ERUNT 1.1j
eSupportQFolder
F2100
F2100_doccd
F2100_Help
FaxTalk Communicator 4.5
File Shredder 2.0
Free Internet Eraser 2.30
Galactic Civilizations Ultimate Edition
Garmin Communicator Plugin
Garmin USB Drivers
H.264 Decoder
Handmark® MobileDB(TM) for Palm OS
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HPProductAssistant
HPSSupply
InterActual Player
InterVideo WinRip
Juno
Juno DSL (remove only)
Juno SpeedBand (remove only)
Logitech MouseWare 9.76
Logitech Resource Center
Malwarebytes' Anti-Malware
MarketResearch
Match-Up!
Mavis Beacon Teaches Access 2003
Mavis Beacon Teaches Excel 2003
Mavis Beacon Teaches Office 2003 Menu
Mavis Beacon Teaches PowerPoint 2003
Medi@Show
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
NetWaiting
Norton Internet Security
Palm
Platform
PSSWCORE
Quicken 2005
Quicken Will Writer 2001
QuickTime
QWW2001 Registration
Realtek AC'97 Audio
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SimCity 4 Deluxe
SoftSEAL Viewer 1.2
SolutionCenter
SoundMAX
SpywareBlaster 4.2
Status
Sudoku Puzzle Addict
Terminal Services Web Client
Toolbox
TrayApp
TurboTax 2005
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Premier 2007
TurboTax Premier Investments 2006
TValue Network Version 5
TweakNow RegCleaner
Typing Quick & Easy
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB896727)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VideoToolkit01
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
WexTech AnswerWorks
WillWriter Companion
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB890923
Windows XP Service Pack 3
WinZip 14.0
WNW Dictionary v2.0

==== Event Viewer Messages From Past Week ========

11/28/2009 4:17:04 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
11/28/2009 4:08:38 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
11/28/2009 3:39:11 AM, error: Service Control Manager [7034] - The SiS WirelessLan Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2009 3:39:11 AM, error: Service Control Manager [7034] - The Adobe Active File Monitor V4 service terminated unexpectedly. It has done this 1 time(s).
11/23/2009 9:05:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/23/2009 12:58:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
11/23/2009 12:26:18 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/22/2009 11:11:14 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/22/2009 11:11:14 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/22/2009 11:09:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.
11/22/2009 11:09:47 PM, error: Service Control Manager [7000] - The ScriptBlocking Service service failed to start due to the following error: The system cannot find the path specified.
11/22/2009 11:09:47 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/22/2009 11:09:47 PM, error: Service Control Manager [7000] - The McAfee WSC Integration service failed to start due to the following error: The system cannot find the file specified.
11/22/2009 11:09:47 PM, error: Service Control Manager [7000] - The McAfee Task Scheduler service failed to start due to the following error: The system cannot find the path specified.
11/22/2009 11:09:47 PM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
Spain1492
Active Member
 
Posts: 11
Joined: November 13th, 2009, 3:02 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 466 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware