Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices

Register your FREE account to unlock additional features at WindowsBBS.com
 
 
LinkBack Thread Tools
Old 30th January 2010   #1
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

[Resolved] AXWIN Frame Window: svchost.exe - Application Error


Hello,
From reading other posts I think I may have a malware problem. I have run Malware bytes, Spybot Search and Destroy and Windows Defender with no problems. I'm also getting a pop up survey in my Firefox browser. My full error reads: AXWIN Frame Window: svchost.exe - Application Error

The instruction as "0x029ff7a5" referenced memory at "0x7e41950f". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program

Clicking on cancel causes my computer to shutdown. Clicking OK does nothing and the error message doesn't go away. If I run a scan disk at start up the error doesn't return right away. I will post the DDS texts and also a Hijack this log.
Sallie
DDS.text:
DDS (Ver_09-12-01.01) - FAT32x86
Run by sallie at 0:37:57.17 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.249

[GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled*

{829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead2\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common

Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
E:\downloaded program files\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
E:\downloaded program files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.earthlink.net/
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros

oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class:

{44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink

totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: SrchHook Class:

{44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink

totalaccess\ElnIE.dll
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - HP

Print Enhancer
BHO: Adobe PDF Reader Link Helper:

{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} -

c:\program files\avg\avg9\avgssie.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} -

c:\program files\earthlink totalaccess\toolbar\ElnkPub.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6}

- c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} -

c:\program files\earthlink totalaccess\toolbar\ProtctIE.dll
BHO: Google Toolbar Notifier BHO:

{af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be}

- c:\program files\earthlink totalaccess\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}

- c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} -

c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program

files\aim toolbar\AIMBAR.DLL
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} -

c:\program files\earthlink totalaccess\toolbar\Toolbar.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe"

-winstart
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [WinPatrol] h:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe"

-hide
mRun: [LVCOMSX] "c:\program files\common

files\logishrd\lcommgr\LVComSX.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common

files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE

c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE

c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechQuickCamRibbon] c:\program

files\logitech\quickcam\Quickcam.exe /hide
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital

imaging\bin\hpqSRMon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
dRun: [DWQueuedReporting]

"c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [Printing Migration] rundll32.exe

c:\windows\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters
StartupFolder: c:\docume~1\sallie\startm~1\programs\startup\secuni~1.lnk -

d:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netsen~1.lnk -

c:\program files\fomine net send gui\NetSendGUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk -

c:\program files\msworks\calendar\Wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk -

c:\program files\logitech\desktop

messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk -

c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk -

c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk -

c:\program files\logitech\setpoint\SetPoint.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBAR.DLL/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel -

e:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink

totalaccess\toolbar\SearchUI.dll/search.html
IE: Send Image to Photo Library - file://c:\documents and settings\sallie\application

data\mgi\photosuite4\temp\MGI00000.html
IE: ShaPlus Google Translator - e:\program files\shaplus google

translator\GoogleTranslator.dll/ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

e:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

{DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com\www
Trusted Zone: earthlink.net\start
Trusted Zone: ebay.com\scgi
Trusted Zone: hotmail.com\messenger
Trusted Zone: matchmaker.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\download
Trusted Zone: microsoft.com\ntservicepack
Trusted Zone: microsoft.com\V4.Windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: msphometour.com\www
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: nwa.com\www
Trusted Zone: officemax.com
Trusted Zone: passport.com\loginnet
Trusted Zone: passport.net\login
Trusted Zone: passport.net\memberservicesnet
Trusted Zone: vanishingpointgame.com\www
Trusted Zone: verisign
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd

11b40367/wmavax.CAB
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -

hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -

hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -

hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {14578416-1111-1111-1111-111111411123}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a

72a0465/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -

hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -

hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex

/hcImpl.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -

hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} -

hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/

citrix/wficat-no-eula.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -

hxxp://www.pestscan.com/scanner/axscanner.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94

901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -

hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -

hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} -

hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -

hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} -

hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} -

hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb

_site.cab?1123999976890
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} -

hxxp://www.wsel.net/imcupdatefiles/whistlesilent615.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1123999962031
DPF: {72770C4F-967D-4517-982B-92D6B9015649} -

hxxp://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/house

call/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.ca

b
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -

hxxp://www.installengine.com/engine/isetup.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} -

hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-

C81140384044/igdtoolx.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -

hxxp://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.875787

037
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -

hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

hxxp://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} -

hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} -

hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -

hxxp://support.f-secure.com/ols/fscax.cab
DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} -

hxxp://scpwba.ops.placeware.com/etc/place/6000-zr/pws-pw01/lib/quicksilver.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -

hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-16

3549BE2704/clearadj.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -

hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -

hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -

hxxp://driveragent.com/files/driveragent.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} -

hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} -

hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program

files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -

c:\program files\logitech\desktop

messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - d:\program

files\lizardtech\express view\expressview.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

c:\program files\avg\avg9\avgpp.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - d:\program

files\lizardtech\express view\expressview.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook:

{091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} -

c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager:

{56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program

files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program

files\outlook express\setup50.exe" /appe /caller:ie50 /user /install - "c:\program

files\outlook express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program

files\outlook express\setup50.exe" /appe /caller:ie50 /user /install - "c:\program

files\outlook express\setup50.exe" /appe /caller:win9x /user /install - "c:\program

files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program

files\outlook express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program

files\outlook express\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\program

files\outlook express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program

files\outlook express\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\program

files\outlook express\setup50.exe" /app:wab /caller:win9x /user /install -

"c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:IE50 /user

/install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} -

c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sallie\applic~1\mozilla\firefox\profiles\default.95a\
FF - prefs.js: browser.startup.homepage -

hxxp://my.earthlink.net/|http://webmail.pas.earthlink.net/wam....jsp?x=-208418

8008
FF - component: c:\documents and settings\sallie\application

data\mozilla\firefox\profiles\default.95a\extensions\piclens@cooliris.com\c ompone

nts\cooliris.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\sallie\application

data\mozilla\firefox\profiles\default.95a\extensions\{e2883e8f-472f-4fb0-9522-ac9

bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sallie\application

data\mozilla\firefox\profiles\default.95a\extensions\piclens@cooliris.com\p lugins\n

pcoolirisplugin.dll
FF - plugin: c:\documents and settings\sallie\application

data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\sallie\local settings\application

data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google

updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: e:\program files\google\picasa3\npPicasa2.dll
FF - plugin: e:\program files\google\picasa3\npPicasa3.dll
FF - plugin: e:\program files\picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver

x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-1 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-1 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys

[2008-5-1 360584]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-9-20 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-2-19 394952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe

[2009-11-5 285392]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink

totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys

[2003-1-29 14416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2008-11-19 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe

-service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS

[2004-11-1 17536]
R3 TotRec7;Total Recorder WDM audio

driver;c:\windows\system32\drivers\TotRec7.sys [2009-2-3 126984]
S2 gupdate1c8ea92b33f0c3c;Google Update Service

(gupdate1c8ea92b33f0c3c);c:\program files\google\update\GoogleUpdate.exe

[2008-7-21 133104]
S2 WinDefend;Windows Defender;c:\program files\windows

defender\MsMpEng.exe [2006-11-3 13592]
S3 DCamUSBAlaris;ALARIS QuickVideo weeCam

USB;c:\windows\system32\drivers\dvc2usb.sys -->

c:\windows\system32\drivers\DVC2USB.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S4 0111741254318573mcinstcleanup;McAfee Application Installer Cleanup

(0111741254318573);c:\windows\temp\011174~1.exe

c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service -->

c:\windows\temp\011174~1.exe

c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2010-01-27 05:00:46 0 d-----w-

c:\docume~1\sallie\applic~1\JGoodies
2010-01-27 04:59:12 0 d-----w- c:\program files\JGoodies
2010-01-23 17:47:21 18432 ----a-w-

c:\windows\system32\dllcache\bdaplgin.ax
2010-01-23 17:47:21 11776 ----a-w-

c:\windows\system32\dllcache\bdasup.sys
2010-01-23 17:47:12 14208 ----a-w-

c:\windows\system32\dllcache\battc.sys
2010-01-23 17:47:01 13696 ----a-w-

c:\windows\system32\dllcache\avcstrm.sys
2010-01-23 17:46:59 38912 ----a-w-

c:\windows\system32\dllcache\avc.sys
2010-01-20 23:28:18 48128 ----a-w-

c:\windows\system32\dllcache\61883.sys
2010-01-20 23:28:17 12288 ----a-w-

c:\windows\system32\dllcache\4mmdat.sys
2010-01-20 17:01:24 0 d-----w-

c:\windows\system32\wbem\Repository
2010-01-20 17:01:11 0 d-----w- c:\program files\Microsoft Plus!

Dancer LE
2010-01-20 17:01:08 0 d-----w- c:\program files\Microsoft Plus!

Digital Media Edition
2010-01-07 02:09:54 0 d-----w-

c:\docume~1\sallie\applic~1\Malwarebytes
2010-01-07 02:09:32 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 02:09:29 0 d-----w-

c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-07 02:09:24 19160 ----a-w-

c:\windows\system32\drivers\mbam.sys
2010-01-04 16:29:27 0 d-----w-

c:\docume~1\sallie\applic~1\OverDrive

==================== Find3M ====================

2010-01-30 06:04:54 32 --sha-w-

c:\windows\system32\drivers\fidbox.idx
2010-01-30 06:04:54 32 --sha-w-

c:\windows\system32\drivers\fidbox.dat
2010-01-20 16:47:30 7588 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-14 17:12:06 181120 ------w-

c:\windows\system32\MpSigStub.exe
2009-12-28 16:33:44 73728 ----a-w-

c:\windows\system32\w30Xnol32.dll
2009-12-21 13:19:18 173056 ------w-

c:\windows\system32\dllcache\ie4uinit.exe
2009-12-04 23:32:16 69 ----a-w- c:\documents and

settings\sallie\jagex_runescape_preferences2.dat
2009-12-04 23:14:50 39 ----a-w- c:\documents and

settings\sallie\jagex_runescape_preferences.dat
2009-11-21 15:51:04 471552 ----a-w-

c:\windows\system32\dllcache\aclayers.dll
2009-11-06 03:03:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2002-01-15 00:30:34 21823560 ----a-w- c:\program files\dotnetfx.exe
2001-10-05 18:52:50 21866 ------w- c:\program files\common

files\tppupd98.dll

============= FINISH: 0:42:29.26 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED,

DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/13/2005 8:11:27 PM
System Uptime: 1/30/2010 12:05:29 AM (0

hours ago)

Motherboard: http://www.abit.com.tw/ | |

KD7A(VIA KT400A-8235)
Processor: AMD Athlon(tm) XP 1500+ | Socket

7 | 1353/135mhz

==== Disk Partitions

=========================

A: is Removable
C: is FIXED (FAT32) - 38 GiB total, 6.29 GiB

free.
D: is FIXED (FAT32) - 19 GiB total, 11.089

GiB free.
E: is FIXED (FAT32) - 19 GiB total, 9.335 GiB

free.
F: is CDROM ()
G: is CDROM (INCDFS)
H: is FIXED (FAT32) - 75 GiB total, 17.935

GiB free.

==== Disabled Device Manager Items

=============

Class GUID:

{4D36E972-E325-11CE-BFC1-08002BE10318

}
Description: Toshiba Cable Modem PCX2500
Device ID:

USB\VID_0930&PID_0307\5&45E894&0&2
Manufacturer: Toshiba
Name: Toshiba Cable Modem PCX2500 #4
PNP Device ID:

USB\VID_0930&PID_0307\5&45E894&0&2
Service: USB_RNDIS

==== System Restore Points

===================

RP160: 1/22/2010 12:01:16 PM - Software

Distribution Service 3.0
RP161: 1/22/2010 4:23:23 PM - Software

Distribution Service 3.0
RP162: 1/26/2010 3:35:59 PM - System

Checkpoint
RP163: 1/27/2010 1:12:17 AM - Avg8 Update
RP164: 1/27/2010 8:54:24 PM - Software

Distribution Service 3.0
RP165: 1/29/2010 8:42:30 AM - System

Checkpoint

==== Installed Programs

======================


32 Bit HP CIO Components Installer
ABIT SiluroDVD 4
Adobe Atmosphere Player for Acrobat and

Adobe Reader
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.6
Agere Systems PCI Soft Modem
AIM 6
AIM Toolbar
AIO_Scan
Alt-Tab Task Switcher Powertoy for Windows

XP
AnalogX MaxMem
AOL Uninstaller (Choose which Products to

Remove)
Apple Mobile Device Support
Apple Software Update
Arcade Lines 1.11
AtomTime Pro 3.1a
Audacity 1.2.4
Avery Wizard 3.1
AVG Free 9.0
Bayden SlickRun (remove only)
Belarc Advisor 7.2
Belles Beauty Boutique
BitPim 1.0.6.20080630
Bonjour
Bounce Out Blitz(TM)
BufferChm
C5200
C5200_Help
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera TWAIN Driver
Canon Camera TWAIN Driver 6.5
Canon Camera Window DS for ZoomBrowser

EX
Canon Camera Window DVC for

ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser

EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
CDDRV_Installer
CDex extraction audio
Choice Guard
Chuzzle Deluxe 1.01
Classic PhoneTools
Copy
Coupon Printer for Windows
Critical Update for Windows Media Player 11

(KB959772)
Crystalize
CustomerResearchQFolder
Data Access Objects (DAO) 3.0
dBpowerAMP
Deal Info
Deskop Destroy 2 : Chicken Carnage
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DNA
DocProc
DocProcQFolder
doPDF 6.1 printer
DriverGuide DriverScan
EarthLink Accelerator
EarthLink Common Authentication
EarthLink FastLane
EarthLink Free Online Calling Lite 2.0 release

1104x
EarthLink LiteScanner
EarthLink MailBox
EarthLink MDAC
EarthLink Parental Controls
EarthLink Setup
EarthLink Smart Installer
EarthLink Software
EarthLink Spyware Blocker
EarthLink Toolbar
EarthLink Webspace
EarthLink Wireless High Speed
eCleaner 2.02
Elf Bowling - Bocce Style! (remove only)
eSupportQFolder
EVEREST Home Edition v2.20
Fax
Fomine Net Send GUI
Fontlist
Fraps
Genesys USB Mass Storage Device
getPlus(R)_dll
GMail Drive Shell Extension
GNU Aspell 0.50-3
Google Chrome
Google Deskbar
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
Google Video Player
Google Video Viewer 1.0 (based on VLC 0.8.2

Player)
GPBaseService
Greeting Card Creator 32
Gutterball
HighMAT Extension to Microsoft Windows XP

CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB958484)
Hotfix for Windows Internet Explorer 7

(KB947864)
Hotfix for Windows Media Format 11 SDK

(KB929399)
Hotfix for Windows Media Player 11

(KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HouseCall (for Netscape)
Hoyle Casino '99
HP Customer Participation Program 10.0
HP Image Zone Express
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software

10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Image Resizer Powertoy for Windows XP
InCD
InCD EasyWrite Reader
InterActual Player
Internet Explorer Q903235
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Digital Camera Support v5.0
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jewel Match
JGoodies JDiskReport 1.3.2
KhalInstallWrapper
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lizardtech Express View Browser Plug-in
Logitech Communications Manager
Logitech Desktop Messenger
Logitech iTouch Software
Logitech Legacy USB Camera Driver Package
Logitech Print Service
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Resource Center
Logitech SetPoint
Logitech Updater
Macromedia Shockwave Player
MagicTune
MailStore Home 4.0.0.3493
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
MediaFACE 4.0
MetaFrame Presentation Server Web Client for

Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic

Service Provider Package
Microsoft Compression Client Pack 1.0 for

Windows XP
Microsoft Data Access Components KB870669
Microsoft DirectX 9.0 SDK Update (Summer

2003)
Microsoft Internationalized Domain Names

Mitigation APIs
Microsoft Kernel-Mode Driver Framework

Feature Pack 1.5
Microsoft National Language Support

Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Photo Story 2 LE
Microsoft RAW Image Thumbnailer and

Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition

[ENU]
Microsoft User-Mode Driver Framework

Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update

kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 4.5
Microsoft Works Calendar 1.0
Microsoft Works Setup Launcher
Microsoft XML Parser
MimarSinan Rubber Ducky
Move Networks Media Player for Internet

Explorer
MovieEdit Task
MozBackup 1.4.4
Mozilla Firefox (3.5.7)
MSN Music Assistant
MSN Toolbar
MSSoap
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MusicIP Mixer 1.6
MUSICMATCH Jukebox
MWSnap 3
Natural Color
Nero
Nero OEM
Nero PhotoShow Express
NeroMIX
NetLibrary Media Center
NetShow Tools 3.0
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OverDrive Media Console
Paint.NET v2.61
Panda ActiveScan
PanoStandAlone
PC-Linq
Photo Story 3 for Windows
PhotoRecall Deluxe
PhotoStitch
Picasa 3
Pivot Software
PopCap Browser Plugin
Post-it® Software Notes Lite Version 2
PowerDVD
Pretty Good Solitaire 2k
PrinterShare
PrintMaster 7.00
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
RAW Image Task 1.2
RealPlayer
Redistributed Files
Reel Deal Casino - Championship Edition
Reg Organizer
RemoteCapture Task 1.1
Retrospect 7.5
Risk II
Roxio Express Labeler 3
Scan
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer

7 (KB938127)
Security Update for Windows Internet Explorer

7 (KB950759)
Security Update for Windows Internet Explorer

7 (KB953838)
Security Update for Windows Internet Explorer

7 (KB956390)
Security Update for Windows Internet Explorer

7 (KB958215)
Security Update for Windows Internet Explorer

7 (KB960714)
Security Update for Windows Internet Explorer

7 (KB961260)
Security Update for Windows Internet Explorer

7 (KB963027)
Security Update for Windows Internet Explorer

7 (KB969897)
Security Update for Windows Internet Explorer

8 (KB969897)
Security Update for Windows Internet Explorer

8 (KB971961)
Security Update for Windows Internet Explorer

8 (KB972260)
Security Update for Windows Internet Explorer

8 (KB974455)
Security Update for Windows Internet Explorer

8 (KB976325)
Security Update for Windows Internet Explorer

8 (KB978207)
Security Update for Windows Media Player

(KB952069)
Security Update for Windows Media Player

(KB954155)
Security Update for Windows Media Player

(KB968816)
Security Update for Windows Media Player

(KB973540)
Security Update for Windows Media Player 10

(KB911565)
Security Update for Windows Media Player 10

(KB917734)
Security Update for Windows Media Player 11

(KB936782)
Security Update for Windows Media Player 11

(KB954154)
Security Update for Windows Media Player 9

(KB917734)
Security Update for Windows Media Player 9

Series (KB969878)
Security Update for Windows Search 4 -

KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP

(KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP

(KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Send To Extensions PowerToy
ShaPlus Google Translator 1.0
ShareIns
Shockwave
Shop for HP Supplies
Sierra Utilities
Skype™ 3.8
Snood for Windows version 3.0-W
SolSuite
SolutionCenter
Sound Effects
Spelling Dictionaries Support For Adobe Reader

8
Spybot - Search & Destroy
SpywareBlaster 4.2
Status
Super Collapse!(TM) 3
Super Rumble Cube
SuperOthello
Symantec Network Drivers Update
System Explorer 1.5
Toolbox
Top 50 Blazing Games
Total Recorder 7.1
TotalAccess Core Applications
TPP Storage Driver Installation
TrayApp
Tweak UI
TweakNow RegCleaner Standard
Ulead VideoStudio version 4.0 SE
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1

(KB963707)
Update for Windows Internet Explorer 8

(KB971180)
Update for Windows Internet Explorer 8

(KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
USB Storage Driver
VIA Audio Driver Setup Program
ViaGrafix CDN Training
VideoToolkit01
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Magnifying Glass 2.00
VistaBootPRO 3.3
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Western Digital USB 2.0 Series II, Combo

Drive Win98 SE Driver
WinDirStat 1.1.2
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool

(KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix -

KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol 2007
WinPoET
WinZip 11.2
World Timetable
ZoneAlarm
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week

========

1/28/2010 5:42:06 PM, error: Service Control

Manager [7009] - Timeout (30000

milliseconds) waiting for the NVIDIA Display

Driver Service service to connect.
1/28/2010 5:42:06 PM, error: Service Control

Manager [7000] - The NVIDIA Display Driver

Service service failed to start due to the

following error: The service did not respond to

the start or control request in a timely fashion.
1/27/2010 10:12:10 AM, error: Service Control

Manager [7009] - Timeout (30000

milliseconds) waiting for the Application Layer

Gateway Service service to connect.
1/27/2010 10:12:10 AM, error: Service Control

Manager [7000] - The Application Layer

Gateway Service service failed to start due to the

following error: The service did not respond to

the start or control request in a timely fashion.
1/26/2010 2:51:55 PM, error: Service Control

Manager [7001] - The Windows Media Player

Network Sharing Service service depends on the

Universal Plug and Play Device Host service

which failed to start because of the following

error: The operation completed successfully.
1/26/2010 2:51:50 PM, error: Service Control

Manager [7022] - The HP CUE

DeviceDiscovery Service service hung on

starting.
1/26/2010 2:49:56 PM, error: Service Control

Manager [7009] - Timeout (30000

milliseconds) waiting for the TrueVector

Internet Monitor service to connect.
1/26/2010 2:49:56 PM, error: Service Control

Manager [7000] - The TrueVector Internet

Monitor service failed to start due to the

following error: The service did not respond to

the start or control request in a timely fashion.
1/26/2010 2:48:37 PM, error: Removable

Storage Service [111] - RSM could not load

media in drive Drive 0 of library VBTM Store

'n' Go USB Device.
1/25/2010 6:22:27 PM, error: Ftdisk [49] -

Configuring the Page file for crash dump failed.

Make sure there is a page file on the boot

partition and that is large enough to contain all

physical memory.
1/25/2010 6:22:27 PM, error: Ftdisk [45] - The

system could not sucessfully load the crash

dump driver.
1/25/2010 11:31:16 PM, error: Service Control

Manager [7034] - The Terminal Services

service terminated unexpectedly. It has done

this 1 time(s).
1/25/2010 11:31:16 PM, error: Service Control

Manager [7031] - The DCOM Server Process

Launcher service terminated unexpectedly. It

has done this 1 time(s). The following

corrective action will be taken in 60000

milliseconds: Reboot the machine.
1/25/2010 10:09:29 AM, error: Service Control

Manager [7011] - Timeout (30000

milliseconds) waiting for a transaction response

from the NVSvc service.
1/23/2010 10:53:32 AM, information: Windows

File Protection [64016] - Windows File

Protection file scan was started.

==== End Of File

===========================
I'll put the Hijack this log in my next post. Sallie

sallnjackn is offline  
Old 30th January 2010   #2
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:27 AM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead2\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
E:\downloaded program files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ElnkPub.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ProtctIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\uninsttb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Startup: Secunia PSI.lnk = D:\program files\Secunia\PSI\psi.exe
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\SearchUI.dll/search.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\sallie\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: ShaPlus Google Translator - res://E:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://www.bitdefender.com
O15 - Trusted Zone: start.earthlink.net
O15 - Trusted Zone: scgi.ebay.com
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: www.matchmaker.com
O15 - Trusted Zone: www.msphometour.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O15 - Trusted Zone: www.nwa.com
O15 - Trusted Zone: *.officemax.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O15 - Trusted Zone: http://www.vanishingpointgame.com
O15 - Trusted Zone: *.verisign
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {14578416-1111-1111-1111-111111411123} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1123999976890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} - http://www.wsel.net/imcupdatefiles/whistlesilent615.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123999962031
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neut....cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwba.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Update Service (gupdate1c8ea92b33f0c3c) (gupdate1c8ea92b33f0c3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead2\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 21113 bytes

sallnjackn is offline  
Old 30th January 2010   #3
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,893
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please, disable "word wrap" in Notepad and repost DDS logs. In current layout, they're impossible to read.

broni is online now  
Old 30th January 2010   #4
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

DDS (Ver_09-12-01.01) - FAT32x86
Run by sallie at 0:37:57.17 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.249 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead2\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
E:\downloaded program files\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
E:\downloaded program files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.earthlink.net/
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - HP Print Enhancer
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink totalaccess\toolbar\ElnkPub.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink totalaccess\toolbar\ProtctIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink totalaccess\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBAR.DLL
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink totalaccess\toolbar\Toolbar.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [WinPatrol] h:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechQuickCamRibbon] c:\program files\logitech\quickcam\Quickcam.exe /hide
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [Printing Migration] rundll32.exe c:\windows\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters
StartupFolder: c:\docume~1\sallie\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netsen~1.lnk - c:\program files\fomine net send gui\NetSendGUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\msworks\calendar\Wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBAR.DLL/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\SearchUI.dll/search.html
IE: Send Image to Photo Library - file://c:\documents and settings\sallie\application data\mgi\photosuite4\temp\MGI00000.html
IE: ShaPlus Google Translator - e:\program files\shaplus google translator\GoogleTranslator.dll/ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com\www
Trusted Zone: earthlink.net\start
Trusted Zone: ebay.com\scgi
Trusted Zone: hotmail.com\messenger
Trusted Zone: matchmaker.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\download
Trusted Zone: microsoft.com\ntservicepack
Trusted Zone: microsoft.com\V4.Windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: msphometour.com\www
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: nwa.com\www
Trusted Zone: officemax.com
Trusted Zone: passport.com\loginnet
Trusted Zone: passport.net\login
Trusted Zone: passport.net\memberservicesnet
Trusted Zone: vanishingpointgame.com\www
Trusted Zone: verisign
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {14578416-1111-1111-1111-111111411123}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://www.pestscan.com/scanner/axscanner.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123999976890
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} - hxxp://www.wsel.net/imcupdatefiles/whistlesilent615.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123999962031
DPF: {72770C4F-967D-4517-982B-92D6B9015649} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.875787037
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} - hxxp://scpwba.ops.placeware.com/etc/place/6000-zr/pws-pw01/lib/quicksilver.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - d:\program files\lizardtech\express view\expressview.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - d:\program files\lizardtech\express view\expressview.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /appe /caller:ie50 /user /install - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /appe /caller:ie50 /user /install - "c:\program files\outlook express\setup50.exe" /appe /caller:win9x /user /install - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\program files\outlook express\setup50.exe" /app:wab /caller:win9x /user /install - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sallie\applic~1\mozilla\firefox\profiles\default.95a\
FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/|http://webmail.pas.earthlink.net/wam...?x=-2084188008
FF - component: c:\documents and settings\sallie\application data\mozilla\firefox\profiles\default.95a\extensions\piclens@cooliris.com\c omponents\cooliris.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\sallie\application data\mozilla\firefox\profiles\default.95a\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sallie\application data\mozilla\firefox\profiles\default.95a\extensions\piclens@cooliris.com\p lugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\sallie\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\sallie\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: e:\program files\google\picasa3\npPicasa2.dll
FF - plugin: e:\program files\google\picasa3\npPicasa3.dll
FF - plugin: e:\program files\picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-1 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-1 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-1 360584]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-9-20 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-2-19 394952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-5 285392]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2003-1-29 14416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-19 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-2-3 126984]
S2 gupdate1c8ea92b33f0c3c;Google Update Service (gupdate1c8ea92b33f0c3c);c:\program files\google\update\GoogleUpdate.exe [2008-7-21 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 DCamUSBAlaris;ALARIS QuickVideo weeCam USB;c:\windows\system32\drivers\dvc2usb.sys --> c:\windows\system32\drivers\DVC2USB.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S4 0111741254318573mcinstcleanup;McAfee Application Installer Cleanup (0111741254318573);c:\windows\temp\011174~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\011174~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2010-01-27 05:00:46 0 d-----w- c:\docume~1\sallie\applic~1\JGoodies
2010-01-27 04:59:12 0 d-----w- c:\program files\JGoodies
2010-01-23 17:47:21 18432 ----a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-01-23 17:47:21 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2010-01-23 17:47:12 14208 ----a-w- c:\windows\system32\dllcache\battc.sys
2010-01-23 17:47:01 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-01-23 17:46:59 38912 ----a-w- c:\windows\system32\dllcache\avc.sys
2010-01-20 23:28:18 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-01-20 23:28:17 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-01-20 17:01:24 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-20 17:01:11 0 d-----w- c:\program files\Microsoft Plus! Dancer LE
2010-01-20 17:01:08 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-01-07 02:09:54 0 d-----w- c:\docume~1\sallie\applic~1\Malwarebytes
2010-01-07 02:09:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 02:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-07 02:09:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 16:29:27 0 d-----w- c:\docume~1\sallie\applic~1\OverDrive

==================== Find3M ====================

2010-01-30 06:04:54 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-30 06:04:54 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-20 16:47:30 7588 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 16:33:44 73728 ----a-w- c:\windows\system32\w30Xnol32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-04 23:32:16 69 ----a-w- c:\documents and settings\sallie\jagex_runescape_preferences2.dat
2009-12-04 23:14:50 39 ----a-w- c:\documents and settings\sallie\jagex_runescape_preferences.dat
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-11-06 03:03:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2002-01-15 00:30:34 21823560 ----a-w- c:\program files\dotnetfx.exe
2001-10-05 18:52:50 21866 ------w- c:\program files\common files\tppupd98.dll

============= FINISH: 0:42:29.26 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/13/2005 8:11:27 PM
System Uptime: 1/30/2010 12:05:29 AM (0 hours ago)

Motherboard: http://www.abit.com.tw/ | | KD7A(VIA KT400A-8235)
Processor: AMD Athlon(tm) XP 1500+ | Socket 7 | 1353/135mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 38 GiB total, 6.29 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 11.089 GiB free.
E: is FIXED (FAT32) - 19 GiB total, 9.335 GiB free.
F: is CDROM ()
G: is CDROM (INCDFS)
H: is FIXED (FAT32) - 75 GiB total, 17.935 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Toshiba Cable Modem PCX2500
Device ID: USB\VID_0930&PID_0307\5&45E894&0&2
Manufacturer: Toshiba
Name: Toshiba Cable Modem PCX2500 #4
PNP Device ID: USB\VID_0930&PID_0307\5&45E894&0&2
Service: USB_RNDIS

==== System Restore Points ===================

RP160: 1/22/2010 12:01:16 PM - Software Distribution Service 3.0
RP161: 1/22/2010 4:23:23 PM - Software Distribution Service 3.0
RP162: 1/26/2010 3:35:59 PM - System Checkpoint
RP163: 1/27/2010 1:12:17 AM - Avg8 Update
RP164: 1/27/2010 8:54:24 PM - Software Distribution Service 3.0
RP165: 1/29/2010 8:42:30 AM - System Checkpoint

==== Installed Programs ======================


32 Bit HP CIO Components Installer
ABIT SiluroDVD 4
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.6
Agere Systems PCI Soft Modem
AIM 6
AIM Toolbar
AIO_Scan
Alt-Tab Task Switcher Powertoy for Windows XP
AnalogX MaxMem
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Arcade Lines 1.11
AtomTime Pro 3.1a
Audacity 1.2.4
Avery Wizard 3.1
AVG Free 9.0
Bayden SlickRun (remove only)
Belarc Advisor 7.2
Belles Beauty Boutique
BitPim 1.0.6.20080630
Bonjour
Bounce Out Blitz(TM)
BufferChm
C5200
C5200_Help
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera TWAIN Driver
Canon Camera TWAIN Driver 6.5
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
CDDRV_Installer
CDex extraction audio
Choice Guard
Chuzzle Deluxe 1.01
Classic PhoneTools
Copy
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Crystalize
CustomerResearchQFolder
Data Access Objects (DAO) 3.0
dBpowerAMP
Deal Info
Deskop Destroy 2 : Chicken Carnage
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DNA
DocProc
DocProcQFolder
doPDF 6.1 printer
DriverGuide DriverScan
EarthLink Accelerator
EarthLink Common Authentication
EarthLink FastLane
EarthLink Free Online Calling Lite 2.0 release 1104x
EarthLink LiteScanner
EarthLink MailBox
EarthLink MDAC
EarthLink Parental Controls
EarthLink Setup
EarthLink Smart Installer
EarthLink Software
EarthLink Spyware Blocker
EarthLink Toolbar
EarthLink Webspace
EarthLink Wireless High Speed
eCleaner 2.02
Elf Bowling - Bocce Style! (remove only)
eSupportQFolder
EVEREST Home Edition v2.20
Fax
Fomine Net Send GUI
Fontlist
Fraps
Genesys USB Mass Storage Device
getPlus(R)_dll
GMail Drive Shell Extension
GNU Aspell 0.50-3
Google Chrome
Google Deskbar
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
Google Video Player
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
GPBaseService
Greeting Card Creator 32
Gutterball
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HouseCall (for Netscape)
Hoyle Casino '99
HP Customer Participation Program 10.0
HP Image Zone Express
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Image Resizer Powertoy for Windows XP
InCD
InCD EasyWrite Reader
InterActual Player
Internet Explorer Q903235
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Digital Camera Support v5.0
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jewel Match
JGoodies JDiskReport 1.3.2
KhalInstallWrapper
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lizardtech Express View Browser Plug-in
Logitech Communications Manager
Logitech Desktop Messenger
Logitech iTouch Software
Logitech Legacy USB Camera Driver Package
Logitech Print Service
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Resource Center
Logitech SetPoint
Logitech Updater
Macromedia Shockwave Player
MagicTune
MailStore Home 4.0.0.3493
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
MediaFACE 4.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft DirectX 9.0 SDK Update (Summer 2003)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Photo Story 2 LE
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 4.5
Microsoft Works Calendar 1.0
Microsoft Works Setup Launcher
Microsoft XML Parser
MimarSinan Rubber Ducky
Move Networks Media Player for Internet Explorer
MovieEdit Task
MozBackup 1.4.4
Mozilla Firefox (3.5.7)
MSN Music Assistant
MSN Toolbar
MSSoap
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MusicIP Mixer 1.6
MUSICMATCH Jukebox
MWSnap 3
Natural Color
Nero
Nero OEM
Nero PhotoShow Express
NeroMIX
NetLibrary Media Center
NetShow Tools 3.0
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OverDrive Media Console
Paint.NET v2.61
Panda ActiveScan
PanoStandAlone
PC-Linq
Photo Story 3 for Windows
PhotoRecall Deluxe
PhotoStitch
Picasa 3
Pivot Software
PopCap Browser Plugin
Post-it® Software Notes Lite Version 2
PowerDVD
Pretty Good Solitaire 2k
PrinterShare
PrintMaster 7.00
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
RAW Image Task 1.2
RealPlayer
Redistributed Files
Reel Deal Casino - Championship Edition
Reg Organizer
RemoteCapture Task 1.1
Retrospect 7.5
Risk II
Roxio Express Labeler 3
Scan
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Send To Extensions PowerToy
ShaPlus Google Translator 1.0
ShareIns
Shockwave
Shop for HP Supplies
Sierra Utilities
Skype™ 3.8
Snood for Windows version 3.0-W
SolSuite
SolutionCenter
Sound Effects
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.2
Status
Super Collapse!(TM) 3
Super Rumble Cube
SuperOthello
Symantec Network Drivers Update
System Explorer 1.5
Toolbox
Top 50 Blazing Games
Total Recorder 7.1
TotalAccess Core Applications
TPP Storage Driver Installation
TrayApp
Tweak UI
TweakNow RegCleaner Standard
Ulead VideoStudio version 4.0 SE
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
USB Storage Driver
VIA Audio Driver Setup Program
ViaGrafix CDN Training
VideoToolkit01
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Magnifying Glass 2.00
VistaBootPRO 3.3
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Western Digital USB 2.0 Series II, Combo Drive Win98 SE Driver
WinDirStat 1.1.2
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol 2007
WinPoET
WinZip 11.2
World Timetable
ZoneAlarm
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

1/28/2010 5:42:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
1/28/2010 5:42:06 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2010 10:12:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/27/2010 10:12:10 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2010 2:51:55 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully.
1/26/2010 2:51:50 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
1/26/2010 2:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
1/26/2010 2:49:56 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2010 2:48:37 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library VBTM Store 'n' Go USB Device.
1/25/2010 6:22:27 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/25/2010 6:22:27 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/25/2010 11:31:16 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/25/2010 11:31:16 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/25/2010 10:09:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/23/2010 10:53:32 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================

sallnjackn is offline  
Old 30th January 2010   #5
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,893
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please, download and run Norton Removal Tool: http://service1.symantec.com/Support...05033108162039


Please download ComboFix from Here or Here to your Desktop.


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

broni is online now  
Old 30th January 2010   #6
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

I'm going to post the Hijack This log I ran last night before I use the Norton removal tool and Combofix. Sallie

sallnjackn is offline  
Old 30th January 2010   #7
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,893
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
No, I need you to follow my instructions.

broni is online now  
Old 30th January 2010   #8
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

AXWIN Frame Window: svchost.exe - Application Error


Would you like me to post a Hijack this log before I run the Norton removal tool or Combofix? If you do would you like me to zip the file and attach it? Thank you for your help. Sallie

sallnjackn is offline  
Old 30th January 2010   #9
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,893
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please, read my reply #5 and act accordingly.

broni is online now  
Old 30th January 2010   #10
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Do I need to disable zone alarm? I've downloaded and tried to run Combofix but my computer always comes up with a message that says "System shutdown. Windows must now restart because the DCOM server process launcher terminated unexpectedly". I am restarting with scandisk and will run Combofix immediately when the computer has fully booted. Sallie

sallnjackn is offline  
Old 30th January 2010   #11
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

ComboFix 10-01-29.09 - sallie 01/30/2010 14:49:07.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -6:00]
Running from: c:\documents and settings\sallie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\AUTOLNCH.REG
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\patch.exe
c:\windows\start.exe
c:\windows\system32\encapi32.dll
c:\windows\system32\open.ico
c:\windows\system32\reboot.txt
c:\windows\system32\SHELLLNK.TLB
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\Web\default.htt
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 20:32 . 2010-01-30 20:32 -------- d-----w- C:\FOUND.001
2010-01-30 17:46 . 2010-01-30 17:46 -------- d-----w- C:\FOUND.000
2010-01-27 05:00 . 2010-01-27 05:00 -------- d-----w- c:\documents and settings\sallie\Application Data\JGoodies
2010-01-27 04:59 . 2010-01-27 04:59 -------- d-----w- c:\program files\JGoodies
2010-01-26 01:07 . 2010-01-26 01:07 -------- d-----w- c:\documents and settings\sallie\Local Settings\Application Data\IsolatedStorage
2010-01-24 03:59 . 2010-01-24 03:59 -------- d-----w- c:\program files\NOS
2010-01-23 17:47 . 2008-04-13 19:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2010-01-23 17:47 . 2008-04-13 19:36 14208 ----a-w- c:\windows\system32\dllcache\battc.sys
2010-01-23 17:47 . 2008-04-13 19:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-01-23 17:46 . 2008-04-13 19:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys
2010-01-20 23:28 . 2008-04-13 19:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-01-20 23:28 . 2008-04-13 19:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-01-20 17:01 . 2010-01-20 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-20 17:01 . 2010-01-20 17:01 -------- d-----w- c:\program files\Microsoft Plus! Dancer LE
2010-01-20 17:01 . 2010-01-20 17:01 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-01-13 17:56 . 2010-01-13 17:56 -------- d-----w- c:\documents and settings\sallie\Application Data\Notepad++
2010-01-07 02:09 . 2010-01-07 02:09 -------- d-----w- c:\documents and settings\sallie\Application Data\Malwarebytes
2010-01-07 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 02:09 . 2010-01-07 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 16:29 . 2010-01-04 16:29 -------- d-----w- c:\documents and settings\sallie\Application Data\OverDrive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 21:11 . 2008-09-20 15:01 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-30 21:11 . 2008-09-20 15:01 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-30 21:11 . 2010-01-30 21:15 92672 ------w- c:\windows\Internet Logs\xDB4A.tmp
2010-01-30 19:23 . 2009-11-18 23:26 0 ----a-w- c:\documents and settings\sallie\Local Settings\Application Data\prvlcl.dat
2010-01-29 02:01 . 2010-01-29 02:19 221184 ------w- c:\windows\Internet Logs\xDB49.tmp
2010-01-27 04:41 . 2010-01-27 04:41 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-20 21:15 . 2010-01-27 07:12 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-20 21:15 . 2010-01-27 07:12 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-20 16:47 . 2009-06-23 20:53 7588 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-20 12:50 . 2010-01-20 14:27 108544 ------w- c:\windows\Internet Logs\xDB5E.tmp
2010-01-14 22:49 . 2010-01-14 22:56 2629120 ------w- c:\windows\Internet Logs\xDB48.tmp
2010-01-14 17:12 . 2009-10-03 02:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-01 05:54 . 2004-04-24 23:00 26 ----a-w- c:\windows\popcinfo.dat
2009-12-31 16:55 . 2009-12-23 14:31 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-28 16:33 . 2009-12-28 16:33 73728 ----a-w- c:\windows\system32\w30Xnol32.dll
2009-12-21 19:14 . 2005-06-18 05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-04 23:32 . 2009-12-04 23:14 69 ----a-w- c:\documents and settings\sallie\jagex_runescape_preferences2.dat
2009-12-04 23:14 . 2009-12-04 23:12 39 ----a-w- c:\documents and settings\sallie\jagex_runescape_preferences.dat
2009-11-21 15:51 . 2005-08-14 01:28 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-11-20 14:56 . 2009-11-20 14:56 10134 ----a-r- c:\documents and settings\sallie\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-11-09 16:46 . 2008-05-01 15:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-06 03:03 . 2008-05-01 15:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-06 03:03 . 2008-05-01 15:46 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-06 03:03 . 2008-05-01 15:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2002-01-15 00:30 . 2002-01-15 00:30 21823560 ----a-w- c:\program files\dotnetfx.exe
2001-10-05 18:52 . 2003-09-15 23:25 21866 ------w- c:\program files\Common Files\tppupd98.dll
2006-12-26 02:49 . 2006-12-26 02:49 0 --sha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 19:02 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"WinPatrol"="h:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-11 292152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="c:\windows\System32\spool\migrate.dll" [2003-03-31 30208]

c:\documents and settings\sallie\Start Menu\Programs\Startup\
Secunia PSI.lnk - d:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Net Send GUI.lnk - c:\program files\Fomine Net Send GUI\NetSendGUI.exe [2008-2-25 258048]
Microsoft Works Calendar Reminders.lnk - c:\program files\MSWorks\Calendar\Wkcalrem.exe [1998-7-21 68368]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-8 67128]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-11 813584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-06 03:03 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IM"=c:\program files\EARTHLINKIM\aim.exe -cnetwait.odl
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"<NO NAME>"=
"SlickRun"="c:\program files\SLICKRUN\SR.EXE"
"E6TaskPanel"="c:\program files\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
"msnmsgr"="c:\program files\MSN MESSENGER\MSNMSGR.EXE" /background
"XSC SIP Client"="e:\program files\EarthLink Free Online Calling Lite\EarthLinkLite.exe"
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"PhotoShow Deluxe Media Manager"=c:\progra~1\AHEAD\NEROPH~1\DATA\XTRAS\MSSYSMGR.EXE
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QD FastAndSafe"=
"hpidschd.exe -log -- -log"="c:\program files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe"
"agrsmMSG"=agrsmMSG.exe
"TPP Auto Loader"=c:\windows\TPPALDR.EXE
"wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
"DisplayTrayIcon"=c:\windows\SYSTEM32\TrayIcon.exe
"WinPoET"=c:\program files\iVasion\WinPoET\WinPPPoverEthernet.exe
"AVG_CC"=c:\progra~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"POINTER"=point32.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"PivotSoftware"=c:\program files\WinPortrait\wpctrl.exe
"zzzHPSETUP"=E:\Setup.exe
"ELNKProxy"=c:\windows\surfmonkey\smproxy.exe
"zBrowser Launcher"=c:\program files\Logitech\iTouch\iTouch.exe
"MBM 5"="c:\program files\MOTHERBOARD MONITOR 5\MBM5.EXE"
"bpcpost.exe"=c:\windows\SYSTEM\bpcpost.exe
"WildTangent CDA"=RUNDLL32.exe c:\progra~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
"Ad-aware"="c:\program files\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
"Gene USB Monitor"=c:\windows\SYSTEM32\usbmonit.exe
"LoadQM"=loadqm.exe
"GhostStartTrayApp"=c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
"CriticalUpdate"=c:\windows\SYSTEM32\WUCRTUPD.EXE -startup
"Necutray"=NECUTRAY.EXE
"KodakCCS"=c:\program files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "c:\program files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"TotalRecorderScheduler"="e:\program files\HighCriteria\TotalRecorder\TotRecSched.exe"
"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"msnappau"="c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabled runkeys]
"Zone Labs Client"=c:\progra~1\ZONELA~1\ZONEAL~1\zlclient.exe
"TotalRecorderScheduler"="e:\program files\HighCriteria\TotalRecorder\TotRecSched.exe"
"nwiz"=nwiz.exe /install
"Logitech Utility"=LOGI_MWX.EXE
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"TVWakeup"=c:\progra~1\TVView~1\tvwakeup.exe
"Announcements"=c:\program files\TV Viewer\annclist.exe
"CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
"GhostStartService"=c:\program files\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
"KB891711"=c:\windows\SYSTEM\KB891711\KB891711.EXE
"SymTray - Norton SystemWorks"=c:\program files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\MusicIP\\MusicIP Mixer\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Fomine Net Send GUI\\NetSendGUI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\deepinvent\\MailStore Home\\MailStoreLocal.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:EnabledHCP Discovery Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/1/2008 9:46 AM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/1/2008 9:46 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/5/2009 9:00 PM 285392]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R2 PDIHWCTL;PDIHWCTL;c:\windows\SYSTEM32\DRIVERS\pdihwctl.sys [1/29/2003 3:08 PM 14416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/19/2008 7:34 PM 24652]
R3 BW2NDIS5;BW2NDIS5;c:\windows\SYSTEM32\DRIVERS\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\SYSTEM32\DRIVERS\TotRec7.sys [2/3/2009 8:09 PM 126984]
S2 gupdate1c8ea92b33f0c3c;Google Update Service (gupdate1c8ea92b33f0c3c);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2008 1:03 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 DCamUSBAlaris;ALARIS QuickVideo weeCam USB;c:\windows\system32\DRIVERS\DVC2USB.sys --> c:\windows\system32\DRIVERS\DVC2USB.sys [?]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [6/17/2009 6:20 AM 12648]
S4 0111741254318573mcinstcleanup;McAfee Application Installer Cleanup (0111741254318573);c:\windows\TEMP\011174~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\011174~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 01:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 01:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 01:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 01:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 01:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 01:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 22:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\MimarSinan Rubber Ducky Updates.job
- c:\windows\Installer\MimarSinan Rubber Ducky Updates for All Users.lnk [2008-02-07 00:29]

2008-04-08 c:\windows\Tasks\Sound Recorder 1.job
- c:\windows\SYSTEM32\sndrec32.exe [2005-08-14 01:12]

2010-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-24 01:01]

2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-21 03:31]

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-21 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.earthlink.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EARTHLINK TOTALACCESS\TOOLBAR\SearchUI.dll/search.html
IE: Send Image to Photo Library - file://c:\documents and settings\sallie\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
IE: ShaPlus Google Translator - e:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com\www
Trusted Zone: earthlink.net\start
Trusted Zone: ebay.com\scgi
Trusted Zone: hotmail.com\messenger
Trusted Zone: matchmaker.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\download
Trusted Zone: microsoft.com\ntservicepack
Trusted Zone: microsoft.com\V4.Windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: msphometour.com\www
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: nwa.com\www
Trusted Zone: officemax.com
Trusted Zone: passport.com\loginnet
Trusted Zone: passport.net\login
Trusted Zone: passport.net\memberservicesnet
Trusted Zone: vanishingpointgame.com\www
Trusted Zone: verisign
Trusted Zone: windowsupdate.com\download
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {14578416-1111-1111-1111-111111411123}
DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} - hxxp://www.wsel.net/imcupdatefiles/whistlesilent615.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} - hxxp://scpwba.ops.placeware.com/etc/place/6000-zr/pws-pw01/lib/quicksilver.cab
FF - ProfilePath - c:\documents and settings\sallie\Application Data\Mozilla\Firefox\Profiles\default.95a\
FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/|http://webmail.pas.earthlink.net/wam...?x=-2084188008
FF - component: c:\documents and settings\sallie\Application Data\Mozilla\Firefox\Profiles\default.95a\extensions\piclens@cooliris.com\c omponents\cooliris.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\sallie\Application Data\Mozilla\Firefox\Profiles\default.95a\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sallie\Application Data\Mozilla\Firefox\Profiles\default.95a\extensions\piclens@cooliris.com\p lugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\sallie\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\sallie\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\VIEWPOINT\VIEWPOINT MEDIA PLAYER\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-VIA Audio Driver Setup Program - c:\progra~1\VIATEC~1\VIAAUD~1\UnAudioAP.exe PCI\VEN_1106&DEV_3059



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 15:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F07618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78b8f28
\Driver\ACPI -> ACPI.sys @ 0xf782bcb8
\Driver\atapi -> atapi.sys @ 0xf77e3852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(6440)
c:\windows\system32\WININET.dll
h:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead2\InCD\InCDsrv.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Portrait Displays\MagicTune\dtsrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\SYSTEM32\ZONELABS\vsmon.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-01-30 15:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 21:34

Pre-Run: 6,300,434,432 bytes free
Post-Run: 6,431,866,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /NOEXECUTE=OPTIN

- - End Of File - - E10A8557C5911E4A91E602C52C5A214F

sallnjackn is offline  
Old 30th January 2010   #12
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:23 PM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead2\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
E:\downloaded program files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ElnkPub.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ProtctIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\uninsttb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Startup: Secunia PSI.lnk = D:\program files\Secunia\PSI\psi.exe
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\SearchUI.dll/search.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\sallie\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: ShaPlus Google Translator - res://E:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://www.bitdefender.com
O15 - Trusted Zone: start.earthlink.net
O15 - Trusted Zone: scgi.ebay.com
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: www.matchmaker.com
O15 - Trusted Zone: www.msphometour.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O15 - Trusted Zone: www.nwa.com
O15 - Trusted Zone: *.officemax.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O15 - Trusted Zone: http://www.vanishingpointgame.com
O15 - Trusted Zone: *.verisign
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {14578416-1111-1111-1111-111111411123} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1123999976890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} - http://www.wsel.net/imcupdatefiles/whistlesilent615.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123999962031
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neut....cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwba.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Update Service (gupdate1c8ea92b33f0c3c) (gupdate1c8ea92b33f0c3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead2\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 20459 bytes

sallnjackn is offline  
Old 30th January 2010   #13
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,893
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
How is the computer doing at this moment?


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
KillAll::

File::
c:\documents and settings\sallie\Local Settings\Application Data\prvlcl.dat
c:\windows\Internet Logs\xDB4A.tmp
c:\windows\Internet Logs\xDB49.tmp
c:\windows\Internet Logs\xDB5E.tmp
c:\windows\Internet Logs\xDB48.tmp
c:\windows\All Users\DRM\Cache\Indiv01.tmp


Folder::

Driver::
0111741254318573mcinstcleanup

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SymTray - Norton SystemWorks"=-


RegLockDel::

MBR::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

broni is online now  
Old 31st January 2010   #14
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

I ran Combofix again as you described with the CFScript.txt. It finished and the screen has had the "windows is shutting down " screen for 15 minutes but it is not shutting down.

sallnjackn is offline  
Old 31st January 2010   #15
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,893
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Give it another 15 minutes.
If still stuck, shut down and restart manually.
See, if Combofix will create its log.

broni is online now  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 00:25.


Recent Discussions
Mouse left clicker wont work for ce.. (10)
A thread tried to release a resourc.. (2)
I get the blue screen when I am doi.. (1)
'Open with' doesn't work (9)
High Memory Usage (8)
BSoD about twice a day, help me dec.. (9)
Get 30 GB of free storage with Micr.. (0)
What security software should I use.. (2)
Wireless is kaput- "unidentifi.. (8)
Permanently remove address in Windo.. (7)
IE 9 Proxy in Vista Strange Setting (12)
Chosing a replacement SSD (18)
Quad core cpu questions (9)
Npfs.SYS Blue Screen (8)
[iPhone 6 Teardown] (1)
Windows 9 Start (10)
Bing hijacked home page in both IE .. (4)
A blue screen I have never seen! (4)
Excel Macro help (7)
Correcting Login Screen Customizati.. (3)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 1.26656 seconds with 7 queries