Active System locks up in IE Explorer 8 and Mozilla Firefox

This is the log files from the Combofix that I have tried to run and is titled catchme folder in Combofix folder


-------- Mon 03/09/2009 - 6:25:26.70 -------------


-------- Mon 03/09/2009 - 23:49:06.34 -------------


-------- Tue 03/10/2009 - 20:27:04.51 -------------


-------- Tue 03/10/2009 - 20:27:55.61 -------------


-------- Wed 03/11/2009 - 1:34:45.36 -------------


-------- Wed 03/11/2009 - 1:41:21.28 -------------


-------- Wed 03/11/2009 - 2:37:11.61 -------------


-------- Sat 03/14/2009 - 0:19:40.55 -------------


-------- Sat 03/14/2009 - 0:20:37.73 -------------


-------- Sat 03/14/2009 - 3:39:01.41 -------------


-------- Sat 03/14/2009 - 3:59:45.75 -------------

 

Here is the only DDS Scan I have


DDS (Ver_09-02-01.01) - NTFSx86
Run by Steven Vakula at 5:58:48.04 on Thu 02/12/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_12

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80111
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80111
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inbox toolbar\Inbox.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_37.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MATCHMAKER: {a057a204-bacc-4d26-8e98-70ac85e57e9d} - c:\progra~1\matchmaker\matchmaker.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inbox toolbar\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inbox toolbar\Inbox.dll
TB: MATCHMAKER: {a057a204-bacc-4d26-8e98-70ac85e57e9d} - c:\progra~1\matchmaker\matchmaker.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe "
mRun: [RestoreIT!] "c:\program files\farstone\restoreit!\restoreit!_xp\VBPTASK.EXE" VBStart
mRun: [SonicFocus] "c:\program files\sonic focus\sfigui\\SFIGUI.EXE" BOOT
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe "
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [DiskSuite] c:\program files\pc tools disk suite\aDSProcMngr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_37.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_37.dll
Trusted Zone: mcafee.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1225093096170
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225092983836
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233907688677
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kbkgevents.webex.com/client/T26L/event/ieatgpc1.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inbox toolbar\Inbox.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\steven~1\appdata\roaming\mozilla\firefox\profiles\opuqnwg7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1576177&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\program files\mozilla firefox\extensions\{318732a4-3815-329c-4ad2-436952ee2641}\components\FFProxy3.dll
FF - component: c:\program files\mozilla firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy3.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-02-11 18:09 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-11 18:09 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-11 18:09 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-11 18:09 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-11 18:09 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 01:16 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-02-09 06:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-09 02:58 <DIR> -cd-h--- c:\programdata\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-02-09 02:58 <DIR> -cd-h--- c:\progra~2\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-02-09 02:58 <DIR> -cd-h--- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-02-09 02:58 <DIR> -cd-h--- c:\progra~2\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-02-09 02:57 <DIR> -cd-h--- c:\programdata\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
2009-02-09 02:57 <DIR> -cd-h--- c:\progra~2\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
2009-02-06 01:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_dc3d_01005.Wdf
2009-02-05 04:07 26,694 a------- c:\windows\system32\customercare.ico
2009-02-05 04:07 26,694 a------- c:\windows\system32\cableguy.ico
2009-02-05 04:07 26,694 a------- c:\windows\system32\about.ico
2009-02-05 04:07 10,134 a------- c:\windows\system32\tubely.ico
2009-02-03 03:41 <DIR> --d----- c:\programdata\Avg8
2009-02-03 03:41 <DIR> --d----- c:\progra~2\Avg8
2009-01-31 04:36 <DIR> --d----- c:\users\steven~1\appdata\roaming\Iconix
2009-01-31 04:36 <DIR> --d----- c:\programdata\Iconix
2009-01-31 04:36 <DIR> --d----- c:\progra~2\Iconix
2009-01-31 04:35 <DIR> --d----- c:\program files\common files\Iconix
2009-01-31 04:35 <DIR> --d----- c:\program files\Iconix
2009-01-31 02:52 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2009-01-31 02:51 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-01-31 02:41 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-31 02:41 <DIR> --d----- c:\windows\system32\directx
2009-01-31 02:32 <DIR> --d----- c:\program files\MSECache
2009-01-31 02:18 <DIR> --d----- c:\users\steven~1\appdata\roaming\Laplink
2009-01-31 02:17 <DIR> --d----- c:\program files\Laplink
2009-01-29 03:11 <DIR> -cd-h--- c:\programdata\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-01-29 03:11 <DIR> -cd-h--- c:\progra~2\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-01-29 01:47 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-28 10:33 <DIR> --d----- c:\program files\Microsoft
2009-01-26 03:29 <DIR> -cd-h--- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-01-26 03:29 <DIR> -cd-h--- c:\progra~2\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-01-23 03:11 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-23 03:06 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 03:06 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 03:06 <DIR> --d----- c:\program files\Lavasoft
2009-01-21 01:28 <DIR> --d----- c:\users\steven~1\appdata\roaming\matchmaker
2009-01-21 01:28 <DIR> --d----- c:\program files\matchmaker
2009-01-16 01:21 <DIR> --d----- c:\program files\Bonjour
2009-01-15 09:15 15,360 a------- c:\windows\system32\drivers\dc3d.sys
2009-01-13 16:01 288,768 a------- c:\windows\system32\drivers\srv.sys

==================== Find3M ====================

2009-02-11 18:13 51,200 a------- c:\windows\inf\infpub.dat
2009-02-11 18:13 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-09 10:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-06 01:22 86,016 a------- c:\windows\inf\infstor.dat
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 03:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 03:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 03:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 03:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 03:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 03:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 03:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 03:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 03:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 03:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-09 04:08 319,456 a------- c:\windows\DIFxAPI.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-04 09:31 53,248 a------- c:\windows\system32\CSVer.dll
2008-11-26 11:32 56,912 a------- c:\users\steven vakula\g2mdlhlpx.exe
2008-11-01 22:16 61,224 a------- c:\users\steven vakula\GoToAssistDownloadHelper.exe
2008-10-18 03:29 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-18 02:55 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-24 19:32 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2008-10-24 19:32 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-10-24 19:32 786,432 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 6:04:38.16 ===============

 

Hi
OK I need a new scan.

Please run DDS and post a new scan.

If you don't have it on your Desktop then do this.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.


Geri

 

DDS (Ver_09-03-16.01) - NTFSx86
Run by Steven Vakula at 2:01:20.26 on Mon 03/16/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.1.1033.18.1014.586 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CISVC.EXE
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\rundll32.exe
C:\Users\Steven Vakula\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_38.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv1.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {A057A204-BACC-4D26-8E98-70AC85E57E9D} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [SonicFocus] "c:\program files\sonic focus\sfigui\\SFIGUI.EXE" BOOT
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intervideo wincinema manager.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mp3 rocket (minimized).lnk - c:\program files\mp3 rocket\MP3Rocket.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip quick pick.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_38.dll
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\steven~1\appdata\roaming\mozilla\firefox\profiles\opuqnwg7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mozilla firefox\extensions\{318732a4-3815-329c-4ad2-436952ee2641}\components\FFProxy3.dll
FF - component: c:\program files\mozilla firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-6 64160]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2008-10-17 180074]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-10-18 21504]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S2 RelevantKnowledge;RelevantKnowledge; [x]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-7-6 906368]
S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
SUnknown IconixService;IconixService; [x]

=============== Created Last 30 ================

2009-03-16 00:42 318,976 a------- c:\windows\system32\CF9361.exe
2009-03-16 00:42 <DIR> --d----- C:\Mobofcix
2009-03-15 23:51 <DIR> --d----- C:\inetpub
2009-03-15 17:45 318,976 a------- c:\windows\system32\CF25999.exe
2009-03-15 17:45 318,976 a------- c:\windows\system32\CF25843.exe
2009-03-15 16:51 318,976 a------- c:\windows\system32\CF15422.exe
2009-03-15 16:26 318,976 a------- c:\windows\system32\CF10387.exe
2009-03-15 13:50 318,976 a------- c:\windows\system32\CF12703.exe
2009-03-14 08:28 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-14 08:28 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 08:28 <DIR> --d----- c:\program files\iPod
2009-03-14 08:28 <DIR> --d----- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 08:28 <DIR> --d----- c:\program files\iTunes
2009-03-14 08:28 <DIR> --d----- c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 04:13 50,688 a------- c:\users\steven vakula\ATF-Cleaner.exe
2009-03-14 03:59 318,976 a------- c:\windows\system32\CF7943.exe
2009-03-14 03:39 318,976 a------- c:\windows\system32\CF3874.exe
2009-03-14 03:26 <DIR> --d----- c:\programdata\TomTom
2009-03-14 03:26 <DIR> --d----- c:\progra~2\TomTom
2009-03-14 02:20 <DIR> -cd-h--- c:\programdata\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-03-14 02:20 <DIR> -cd-h--- c:\progra~2\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-03-14 02:19 <DIR> -cd-h--- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-03-14 02:19 <DIR> -cd-h--- c:\progra~2\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-03-14 02:19 <DIR> -cd-h--- c:\programdata\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
2009-03-14 02:19 <DIR> -cd-h--- c:\progra~2\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
2009-03-14 00:20 318,976 a------- c:\windows\system32\CF30550.exe
2009-03-14 00:19 318,976 a------- c:\windows\system32\CF30298.exe
2009-03-11 22:51 39 a------- c:\windows\ImageViewer.INI
2009-03-11 02:37 318,976 a------- c:\windows\system32\CF30047.exe
2009-03-11 01:41 318,976 a------- c:\windows\system32\CF19130.exe
2009-03-11 01:34 318,976 a------- c:\windows\system32\CF17814.exe
2009-03-10 20:27 318,976 a------- c:\windows\system32\CF23253.exe
2009-03-10 20:27 318,976 a------- c:\windows\system32\CF23018.exe
2009-03-10 12:29 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 12:29 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-09 23:49 318,976 a------- c:\windows\system32\CF9899.exe
2009-03-09 06:25 318,976 a------- c:\windows\system32\CF1984.exe
2009-03-07 02:58 318,976 a------- c:\windows\system32\CF19839.exe
2009-03-07 02:53 318,976 a------- c:\windows\system32\CF18742.exe
2009-03-07 01:27 318,976 a------- c:\windows\system32\CF1947.exe
2009-03-07 01:20 <DIR> --d----- c:\windows\pss
2009-03-07 01:17 318,976 a------- c:\windows\system32\CF32714.exe
2009-03-07 01:13 318,976 a------- c:\windows\system32\CF31868.exe
2009-03-06 08:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-06 05:08 12 a------- c:\windows\bthservsdp.dat
2009-03-06 02:00 812,344 a------- c:\users\steven vakula\HJTInstall.exe
2009-03-04 23:08 <DIR> --d----- c:\programdata\WinZip
2009-03-02 03:42 318,976 a------- c:\windows\system32\CF26669.exe
2009-03-02 03:30 318,976 a------- c:\windows\system32\CF24354.exe
2009-03-02 03:23 318,976 a------- c:\windows\system32\CF23048.exe
2009-03-02 03:23 318,976 a------- c:\windows\system32\CF22868.exe
2009-03-01 12:50 318,976 a------- c:\windows\system32\CF15723.exe
2009-03-01 12:20 <DIR> -cd-h--- c:\programdata\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-03-01 12:20 <DIR> -cd-h--- c:\progra~2\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-02-28 22:21 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-28 21:00 318,976 a------- c:\windows\system32\CF26147.exe
2009-02-28 20:59 318,976 a------- c:\windows\system32\CF25944.exe
2009-02-27 12:09 318,976 a------- c:\windows\system32\CF479.exe
2009-02-27 12:08 318,976 a------- c:\windows\system32\CF274.exe
2009-02-26 15:54 318,976 a------- c:\windows\system32\CF24559.exe
2009-02-26 12:59 318,976 a------- c:\windows\system32\CF23140.exe
2009-02-26 12:59 318,976 a------- c:\windows\system32\CF22996.exe
2009-02-26 12:58 155,648 a------- c:\windows\system32\igfxres.dll
2009-02-26 09:06 318,976 a------- c:\windows\system32\CF10222.exe
2009-02-26 08:21 318,976 a------- c:\windows\system32\CF1379.exe
2009-02-26 07:41 318,976 a------- c:\windows\system32\CF26238.exe
2009-02-26 07:40 318,976 a------- c:\windows\system32\CF26156.exe
2009-02-26 07:07 318,976 a------- c:\windows\system32\CF19495.exe
2009-02-26 01:37 <DIR> --d----- c:\users\steven vakula\.housecall6.6
2009-02-25 23:59 <DIR> --d----- c:\program files\Trend Micro
2009-02-25 22:59 7,680 a------- c:\windows\system32\spwmp.dll
2009-02-25 22:59 4,096 a------- c:\windows\system32\msdxm.ocx
2009-02-25 22:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-02-25 22:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-02-14 03:14 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-02-14 03:13 <DIR> --d----- c:\program files\DivX

==================== Find3M ====================

2009-03-14 08:24 51,200 a------- c:\windows\inf\infpub.dat
2009-03-14 08:24 86,016 a------- c:\windows\inf\infstor.dat
2009-03-14 08:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-06 03:17 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-01 03:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-14 00:16 318,976 a------- c:\windows\system32\CF26680.exe
2009-02-13 12:29 318,976 a------- c:\windows\system32\CF19373.exe
2009-02-06 01:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_dc3d_01005.Wdf
2009-01-15 09:15 15,360 a------- c:\windows\system32\drivers\dc3d.sys
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 03:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 03:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 03:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 03:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 03:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 03:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 03:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 03:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 03:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 03:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-09 04:08 319,456 a------- c:\windows\DIFxAPI.dll
2008-11-26 11:32 56,912 a------- c:\users\steven vakula\g2mdlhlpx.exe
2008-11-01 22:16 61,224 a------- c:\users\steven vakula\GoToAssistDownloadHelper.exe
2008-10-18 03:29 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-18 02:55 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:02:52.95 ===============

 

Attach zip link

Geri I can't see where how to attach the attach file or zip file of the link should I just post it for you?

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2008 3:02:48 PM
System Uptime: 3/16/2009 12:14:48 AM (2 hours ago)

Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 134 GiB total, 31.327 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: SAA7130 TV Card
Device ID: ROOT\MEDIA\0000
Manufacturer: Philips Semiconductors
Name: SAA7130 TV Card
PNP Device ID: ROOT\MEDIA\0000
Service: 3xHybrid

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: SAA7134 TV Card
Device ID: ROOT\MEDIA\0001
Manufacturer: Philips Semiconductors
Name: SAA7134 TV Card
PNP Device ID: ROOT\MEDIA\0001
Service: 3xHybrid

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9
Adobe Shockwave Player 11
Advanced SystemCare 3
AOL Toolbar
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutoUpdate
Avant Browser (remove only)
Bonjour
Client
DiMAGE Viewer
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Google Toolbar for Internet Explorer
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Iconix® eMail ID
ieSpell
Intel(R) Network Connections 13.2.8.0
Intel(R) Processor ID Utility
InterVideo Home Theater
InterVideo WinDVD Creator 2
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KC Softwares VideoInspector
KONICA_MINOLTA DiMAGE remote camera driver
LANDesk System Manager Download
LIVETV4PC
livetvbar Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.0.3)
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NTI CD-Maker
NTI CD-Maker 6 Standard
OpenOffice.org Installer 1.0
PC Pitstop Driver Alert 1.0.0.13
Privacy Guardian 4.1
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Smart Defrag 1.11
Sonic Focus 1.1
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware Free Edition
SVDVR
System Requirements Lab
Ultimate Extras sounds from Microsoft® Tinker™
Uniblue DriverScanner 2009
Uniblue PixelPerfect
Uniblue PowerSuite 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC_MergeModuleToMSI
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Online Meetings
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Sound Schemes
Windows Vista Upgrade Advisor
WinZip 12.0
XMLinst
Yahoo! Messenger
Yahoo! Toolbar

==== End Of File ===========================

 

Hi
OK lets go about this a little differently. Please do this.

Please delete the Combofix.exe you have on your desktop.

Click on Start,
Double click your C: Drive. If Combofix.txt is listed please delete it.

1. Please download OTMoveIt3 by OldTimer and save it to your desktop.
2. Double click the OtMoveIt3 icon on your desktop.
3. Paste the following code under the “Paste instructions for items to be moved” area.
   
   Code:

   :files
   c:\windows\system32\CF9361.exe
   C:\Mobofcix
   c:\windows\system32\CF25999.exe
   c:\windows\system32\CF25843.exe
   c:\windows\system32\CF15422.exe
   c:\windows\system32\CF10387.exe
   c:\windows\system32\CF12703.exe
   c:\windows\system32\CF7943.exe
   c:\windows\system32\CF3874.exe
   c:\windows\system32\CF30550.exe
   c:\windows\system32\CF30298.exe
   c:\windows\system32\CF30047.exe
   c:\windows\system32\CF19130.exe
   c:\windows\system32\CF17814.exe
   c:\windows\system32\CF23253.exe
   c:\windows\system32\CF23018.exe
   c:\windows\system32\CF9899.exe
   c:\windows\system32\CF1984.exe
   c:\windows\system32\CF19839.exe
   c:\windows\system32\CF18742.exe
   c:\windows\system32\CF1947.exe
   c:\windows\system32\CF32714.exe
   c:\windows\system32\CF31868.exe
   c:\windows\system32\CF26669.exe
   c:\windows\system32\CF24354.exe
   c:\windows\system32\CF23048.exe
   c:\windows\system32\CF22868.exe
   c:\windows\system32\CF15723.exe
   c:\windows\system32\CF26147.exe
   c:\windows\system32\CF25944.exe
   c:\windows\system32\CF479.exe
   c:\windows\system32\CF274.exe
   c:\windows\system32\CF24559.exe
   c:\windows\system32\CF23140.exe
   c:\windows\system32\CF22996.exe
   c:\windows\system32\CF10222.exe
   c:\windows\system32\CF1379.exe
   c:\windows\system32\CF26238.exe
   c:\windows\system32\CF26156.exe
   c:\windows\system32\CF19495.exe
   c:\windows\system32\CF26680.exe
   c:\windows\system32\CF19373.exe
   :services
   RelevantKnowledge
   

4. Push the large “Moveit” button.
5. OTMI3 may ask to reboot the machine. Please do so if asked.
6. Copy/Paste the contents under the Results line here in your next reply.
7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please run a Hijackthis scan and post it along with the OTMoveIt3 log.

Thanks
Geri

 

Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <c:\windows\system32\CF9361.exe> in the current context!
Error: Unable to interpret <C:\Mobofcix> in the current context!
Error: Unable to interpret <c:\windows\system32\CF25999.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF25843.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF15422.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF10387.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF12703.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF7943.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF3874.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF30550.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF30298.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF30047.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF19130.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF17814.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF23253.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF23018.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF9899.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF1984.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF19839.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF18742.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF1947.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF32714.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF31868.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF26669.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF24354.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF23048.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF22868.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF15723.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF26147.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF25944.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF479.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF274.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF24559.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF23140.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF22996.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF10222.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF1379.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF26238.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF26156.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF19495.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF26680.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\CF19373.exe> in the current context!
Error: Unable to interpret <:service> in the current context!
Error: Unable to interpret <RelevantKnowledgePush the large “Moveit” button. > in the current context!
Error: Unable to interpret <OTMI3 may ask to reboot the machine. > in the current context!

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03172009_014249

 

Hi
Please try it again, only copy what is inside the blue box and paste it into OTMoveIt3

Geri

 

========== FILES ==========
c:\windows\system32\CF9361.exe moved successfully.
C:\Mobofcix\N_ moved successfully.
C:\Mobofcix moved successfully.
c:\windows\system32\CF25999.exe moved successfully.
c:\windows\system32\CF25843.exe moved successfully.
c:\windows\system32\CF15422.exe moved successfully.
c:\windows\system32\CF10387.exe moved successfully.
c:\windows\system32\CF12703.exe moved successfully.
c:\windows\system32\CF7943.exe moved successfully.
c:\windows\system32\CF3874.exe moved successfully.
c:\windows\system32\CF30550.exe moved successfully.
c:\windows\system32\CF30298.exe moved successfully.
c:\windows\system32\CF30047.exe moved successfully.
c:\windows\system32\CF19130.exe moved successfully.
c:\windows\system32\CF17814.exe moved successfully.
c:\windows\system32\CF23253.exe moved successfully.
c:\windows\system32\CF23018.exe moved successfully.
c:\windows\system32\CF9899.exe moved successfully.
c:\windows\system32\CF1984.exe moved successfully.
c:\windows\system32\CF19839.exe moved successfully.
c:\windows\system32\CF18742.exe moved successfully.
c:\windows\system32\CF1947.exe moved successfully.
c:\windows\system32\CF32714.exe moved successfully.
c:\windows\system32\CF31868.exe moved successfully.
c:\windows\system32\CF26669.exe moved successfully.
c:\windows\system32\CF24354.exe moved successfully.
c:\windows\system32\CF23048.exe moved successfully.
c:\windows\system32\CF22868.exe moved successfully.
c:\windows\system32\CF15723.exe moved successfully.
c:\windows\system32\CF26147.exe moved successfully.
c:\windows\system32\CF25944.exe moved successfully.
c:\windows\system32\CF479.exe moved successfully.
c:\windows\system32\CF274.exe moved successfully.
c:\windows\system32\CF24559.exe moved successfully.
c:\windows\system32\CF23140.exe moved successfully.
c:\windows\system32\CF22996.exe moved successfully.
c:\windows\system32\CF10222.exe moved successfully.
c:\windows\system32\CF1379.exe moved successfully.
c:\windows\system32\CF26238.exe moved successfully.
c:\windows\system32\CF26156.exe moved successfully.
c:\windows\system32\CF19495.exe moved successfully.
c:\windows\system32\CF26680.exe moved successfully.
c:\windows\system32\CF19373.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service\Driver RelevantKnowledgePush the large “Moveit” button. not found.
Service\Driver RelevantKnowledgePush the large “Moveit” button. not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03172009_072959

 

Hi
OK do this one the same way.

Code:

:services
RelevantKnowledge

Some how you got this into the code box??
Push the large “Moveit” button.

Post the new OTMoveIt3 log.

Geri

 

========= SERVICES/DRIVERS ==========

Service\Driver RelevantKnowledge deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_005044

 

I'm hoping that the code was just what was displayed in the box that being the Relevant Knowledge? It was also in the prrior box?

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:19 AM, on 3/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\Explorer.exe
C:\Windows\helppane.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steven Vakula\Desktop\OTMoveIt3.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_38.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tbliv1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_38.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_38.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 9879 bytes

 

Hi
OK good.

Now one more time.

Please download Combofix, make sure you rename it before saving it, and run it this way.

Download ComboFix from Here

Before saving it rename it to Mobofcix.exe then download it to your Desktop.

Please run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Note - It's recommended to disable realtime protection applications, such as your antivirus program, while running ComboFix. They can sometimes interfere with the tool. Check this link for your applicable programs.

Thanks
Geri

 

Geri, Combofix will not go past the ComboFix is preparing to run state. I have let it sit at this point for a couple hours and it does not progress?

 

Geri, I checked the properties of the Combofix.exe and noticed that the program is being blocked? Could this have anything to do with it not running? It states that it is being blocked as it came from another computer and the blocking was to protect my system?

Thanks

 

Hi
Does it say what is blocking it?

Did you disable your Anti Virus and Spyware Apps?

SUPERAntiSpyware
Ad-Aware
Ad-Watch
Windows Defender

Geri

 

Yes I disabled everything. I right click the Combofix.exe which I renamed and click the properties button and in the general tab at the bottom for attributes the Read-only box is checked and underneath this and the Advanced tab is Security, This file came from another computer and might be blocked to help protect this computer. Then there is a Unblock tab. Even if I check this Unblock and then Apply this will come back if I reboot and recheck the Mobofcix.exe? I wish I could send a screen shot of it to you but it won't let me in this system. I also find it interesting that the Read-only tab is checked? Any ideas? I know that there is some bug on this system as the behavior is reflective of the problem.

 

I don't know if this matters but the size of the file states 2.79MB (2,933,805) but the size on disk states 2.80MB (2,936.832) ? If this means something?