Solved Can't Back-up, Restore, Password effected, Even mouse, keyboard

[Resolved] Can't Back-up, Restore, Password effected, Even mouse, keyboard

Tried to restart and got locked out! AVG finds nothing...

 

Why does nobody reply to this? I put the Two requested files on my desktop as instructed... Have I not done something right?? Please reply!

 

Have I done this correctly?

I would just like confirmation that I'm in the ball-game and MAY receive a response!!

 

Hi Thanks Pete... I was able to get on via alternative account...
Sorry I missed the part requesting that I post those... so....
Here they are!...


DDS (Ver_10-03-17.01) - NTFSX64
Run by beverly at 10:02:50.09 on Fri 08/20/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2012.844 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Symantec\WinFax\CTITrayI.Exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\beverly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bing.com/
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [cdloader] "c:\users\beverly\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRunOnce: [FlashPlayerUpdate] c:\windows\syswow64\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
mRun: [DellComms] "c:\program files (x86)\dell\dellcomms\bin\sprtcmd.exe" /P DellComms
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe "
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\beverly\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\contro~1.lnk - c:\program files (x86)\symantec\winfax\WFXCTL32.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files (x86)\digital line detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {410C30C7-098A-4090-928E-F1D356D34C7F} - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - c:\program files (x86)\4team corporation\fax4office\Fax4IE.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files (x86)\symantec\winfax\WfxSeh32.Dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [(Default)]
mRun-x64: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun-x64: [lxczbmgr.exe] "c:\program files (x86)\lexmark 1200 series\lxczbmgr.exe "
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\beverly\appdata\roaming\mozilla\firefox\profiles\lofc3lzy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-6-25 53488]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-2-8 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-2-8 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-2-8 317520]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-6-25 88576]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-21 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-21 308136]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\dell\dellcomms\bin\sprtsvc.exe [2008-12-16 206064]
R2 uvnc_service;UltraVNC Server;c:\programdata\ultravnc\winvnc.exe -service --> c:\programdata\ultravnc\winvnc.exe -service [?]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2009-6-25 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 Apache2.2;Remote Access Media Server;c:\program files (x86)\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-1-17 89920]
S4 dsl-db;Remote Access DB;c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-20 04:23:33 0 d-----w- c:\program files\EUSING~1
2010-08-20 02:56:46 0 d-----w- c:\windows\syswow64\XPSViewer
2010-08-20 02:56:44 896 ----a-w- c:\windows\system32\wbem\ServiceModel.mof.uninstall
2010-08-20 02:56:44 84985 ----a-w- c:\windows\system32\wbem\ServiceModel.mof
2010-08-13 18:42:15 0 d-----w- c:\programdata\Apple Computer
2010-08-12 02:09:52 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 02:09:32 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 02:09:32 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 02:09:26 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 02:09:06 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 02:09:06 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 02:06:12 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 02:06:09 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 02:02:37 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 02:02:36 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-12 02:02:07 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 02:02:07 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-10 18:47:19 0 d-----w- c:\users\beverly\appdata\roaming\OpenOffice.org
2010-08-10 18:35:46 0 d-----w- c:\program files (x86)\JRE
2010-08-10 18:35:28 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-08-10 18:29:22 0 d-----w- c:\programdata\Sun
2010-08-10 18:29:10 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-08-10 18:29:10 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-10 18:29:10 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-10 18:29:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-10 09:15:58 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-08-03 09:34:22 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-29 17:54:47 8573648 ----a-w- c:\users\beverly\Firefox Setup 3.6.8.exe
2010-07-23 00:20:34 0 d-----w- c:\programdata\Cozi
2010-07-23 00:20:34 0 d-----w- c:\program files (x86)\Cozi Express
2010-07-21 16:38:07 13048 ----a-w- c:\windows\system32\avgrssta.dll

==================== Find3M ====================

2010-08-20 02:55:19 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-20 02:55:19 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2010-08-20 02:55:19 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2010-08-20 02:55:19 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2010-07-21 16:38:08 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-21 16:37:25 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-17 02:48:32 2302 ----a-w- c:\users\beverly\appdata\roaming\wklnhst.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-02-28 19:10:18 1919 ----a-w- c:\program files\common files\Adobe Reader 9.lnk
2010-02-09 08:21:38 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-09 08:21:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-09 08:21:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-09 08:21:38 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-28 17:28:53 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-28 17:28:53 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-28 17:28:53 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-06-25 18:04:44 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:04:13.38 ===============


and....
(Separate post with next one!)

 

next

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/25/2009 6:55:17 AM
System Uptime: 8/19/2010 10:52:02 PM (12 hours ago)

Motherboard: Dell Inc. | | 0U880P
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | CPU 1 | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 204.98 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.47 GiB free.
E: is CDROM (CDFS)
I: is FIXED (NTFS) - 233 GiB total, 199.332 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

4Team Fax4Office
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Amazon Trail 3rd Edition
Apple Application Support
Apple Software Update
AVG Free 9.0
Byki
Byki Express
Choice Guard
ClueFinders(R) 3rd Grade Adventures
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Cozi
Dell-eBay
Dell Communications (Support Software)
Dell DataSafe Online
Dell Getting Started Guide
Dell Remote Access
Digital Line Detect
Eusing Free Registry Cleaner
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 20
JumpStart 2nd Grade v1.1
Junk Mail filter update
LiveUpdate
Microsoft Age of Empires
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Photo Premium 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.8)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OpenOffice.org 3.2
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Symantec WinFax PRO 10.0
The Friendly Address Book 3.0
The Friendly Diary 3.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Zynga Toolbar

 

The text that you have entered is too long (429226 characters). Please shor

==== Event Viewer Messages From Past Week ========

"The text that you have entered is too long (429226 characters). Please shorten it to 55000 characters long. "

This will take quite a while if this is the case!

In the meantime, I downloaded Spybot that found but can't fix this....
Which is also too long to post!...

--- Search result list ---
Virtumonde.sci: [SBI $55104C5D] Class ID (Registry value, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{98dbbf16-ca43-4c33-be80-99e6694468a4}\InprocServer32\=...C:\Program Files (x86)\4Team Corporation\Fax4Office\Fax4IE.dll...

Virtumonde.sci: [SBI $AD2018DB] Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{98dbbf16-ca43-4c33-be80-99e6694468a4}

Virtumonde.sci: [SBI $BC5D4D78] Library (File, nothing done)
C:\Program Files (x86)\4Team Corporation\Fax4Office\Fax4IE.dll
Properties.size=128528
Properties.md5=6A678840A56108CC10003D30721C6468
Properties.filedate=1232594358
Properties.filedatetext=2009-01-21 23:19:18


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

 

Thanks Pete.

Do I really need to break that into however many posts and post the whole thing? It would take like 10 posts!...

 

Thanks!
The "Attach" Log is 429,000 characters.
I'll wait I guess, I have to get something done here anyways.
Be Blessed!

 

Will do!

Thank you! I Will follow all these steps... But Not Tonight!!
Perhaps tomorrow, Hopefully by Monday. (Relatives in from out of State!!)
I will post as I complete!!
THANK YOU!! Be Blessed!!
Bev G.

 

Coffe does wonders!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4460

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/22/2010 12:54:27 AM
mbam-log-2010-08-22 (00-54-27).txt

Scan type: Quick scan
Objects scanned: 150565
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\4Team Corporation\Fax4Office\Fax4IE.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

 

GMER found nothing and the save includes nothing to post...

 

MBR Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 537
Logical Drives Mask: 0x0000011c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: