Solved Crunchie come back!

[Resolved] Crunchie come back!

I had a major computer attack a few months ago and you helped me beyond belief. Well I've done it again. It's the same bug, too. I promise I will never go to a **** site again if you help me get out of this mess one more time...........

Everything is locked up except firefox, which is how I'm on here now. It won't open anything.

Please help.

m

 

under attack

From AVAST. I started running it right when the virus hit and it took out two trojans right away. Nothing else would run (just like last time). I felt like things were getting more messed up by the minute due to all the pop-ups coming at me, so I turned off the computer. After restarting, AVAST wouldn't start, but I got this log. I am running Mal-Ware and Spybot right now.






28.03.2010 14:03:33 general: Started: 28.03.2010, 14:03:33
28.03.2010 14:03:33 general: Running setup_av_pro-558 (1368)
28.03.2010 14:03:33 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
28.03.2010 14:03:33 system: Memory: 68% load. Phys:310220/981420K free, Page:1648608/2369912K free, Virt:2068868/2097024K free
28.03.2010 14:03:33 system: Computer WinName: M
28.03.2010 14:03:33 system: Windows Net User: M\Melanie
28.03.2010 14:03:34 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
28.03.2010 14:03:34 general: DldSrc set to inet
28.03.2010 14:03:34 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
28.03.2010 14:03:34 general: Old version: 558 (1368)
28.03.2010 14:03:34 registry: Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
28.03.2010 14:03:34 system: Using temp: C:\DOCUME~1\Melanie\LOCALS~1\Temp\_av_proI.tm~a02612 (97603M free)
28.03.2010 14:03:34 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
28.03.2010 14:03:34 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1368;p)
28.03.2010 14:03:34 system: Computer DnsName: m
28.03.2010 14:03:34 system: Computer Ip Addr: 192.168.1.2
28.03.2010 14:03:34 system: Installed in: C:\Program Files\Alwil Software\Avast4 (97603M free)
28.03.2010 14:03:34 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:34 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:34 package: Part prg_av_pro-558 is installed
28.03.2010 14:03:34 package: Part vps-10032801 is installed
28.03.2010 14:03:34 package: Part news-53 is installed
28.03.2010 14:03:34 package: Part setup_av_pro-558 is installed
28.03.2010 14:03:34 package: Part jrog-210 is installed
28.03.2010 14:03:34 general: Old version: 558 (1368)
28.03.2010 14:03:34 general: GUID: a9b0db83-74cd-499d-be98-eda5d957f513
28.03.2010 14:03:36 general: Server definition(s) loaded for 'main': 357 (maintenance:0)
28.03.2010 14:03:36 general: SelectCurrent: selected server 'Download622 AVAST Server' from 'main'
28.03.2010 14:03:36 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:36 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:36 general: Entered SetupProcessPro:o( INST_OP_UPDATE_GET_PACKAGES )
28.03.2010 14:03:36 general: Entered SetupProcessWin32Avast:o( INST_OP_UPDATE_GET_PACKAGES )
28.03.2010 14:03:36 general: Entered SetupProcessWin32:o( INST_OP_UPDATE_GET_PACKAGES )
28.03.2010 14:03:36 general: Entered SetupProcess:o( INST_OP_UPDATE_GET_PACKAGES )
28.03.2010 14:03:36 general: progress thread start
28.03.2010 14:03:39 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1368;f)
28.03.2010 14:03:41 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:43 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:43 general: InvalidateCurrent: invalidated server 'Download622 AVAST Server' from 'main'
28.03.2010 14:03:43 general: SelectCurrent: selected server 'Download659 AVAST Server' from 'main'
28.03.2010 14:03:43 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:43 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:43 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 1
28.03.2010 14:03:44 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:44 general: InvalidateCurrent: invalidated server 'Download659 AVAST Server' from 'main'
28.03.2010 14:03:44 general: SelectCurrent: selected server 'Limelight AVAST Server' from 'main'
28.03.2010 14:03:44 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:44 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:44 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 2
28.03.2010 14:03:47 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:47 general: InvalidateCurrent: invalidated server 'Limelight AVAST Server' from 'main'
28.03.2010 14:03:47 general: SelectCurrent: selected server 'Download605 AVAST Server' from 'main'
28.03.2010 14:03:47 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:47 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:47 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 3
28.03.2010 14:03:50 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:50 general: InvalidateCurrent: invalidated server 'Download605 AVAST Server' from 'main'
28.03.2010 14:03:50 general: SelectCurrent: selected server 'Download832 AVAST Server' from 'main'
28.03.2010 14:03:50 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:50 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:50 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 4
28.03.2010 14:03:53 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:53 general: InvalidateCurrent: invalidated server 'Download832 AVAST Server' from 'main'
28.03.2010 14:03:53 general: SelectCurrent: selected server 'Download855 AVAST Server' from 'main'
28.03.2010 14:03:53 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:53 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:53 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 5
28.03.2010 14:03:56 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:56 general: InvalidateCurrent: invalidated server 'Download855 AVAST Server' from 'main'
28.03.2010 14:03:56 general: SelectCurrent: selected server 'Download804 AVAST Server' from 'main'
28.03.2010 14:03:56 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:56 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:56 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 6
28.03.2010 14:03:59 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:03:59 general: InvalidateCurrent: invalidated server 'Download804 AVAST Server' from 'main'
28.03.2010 14:03:59 general: SelectCurrent: selected server 'Download764 AVAST Server' from 'main'
28.03.2010 14:03:59 internet: SYNCER: Type: use IE settings
28.03.2010 14:03:59 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:03:59 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 7
28.03.2010 14:04:02 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:02 general: InvalidateCurrent: invalidated server 'Download764 AVAST Server' from 'main'
28.03.2010 14:04:02 general: SelectCurrent: selected server 'Download754 AVAST Server' from 'main'
28.03.2010 14:04:02 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:02 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:02 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 8
28.03.2010 14:04:05 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:05 general: InvalidateCurrent: invalidated server 'Download754 AVAST Server' from 'main'
28.03.2010 14:04:05 general: SelectCurrent: selected server 'Download639 AVAST Server' from 'main'
28.03.2010 14:04:05 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:05 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:05 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 9
28.03.2010 14:04:08 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:08 general: InvalidateCurrent: invalidated server 'Download639 AVAST Server' from 'main'
28.03.2010 14:04:08 general: SelectCurrent: selected server 'Download795 AVAST Server' from 'main'
28.03.2010 14:04:08 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:08 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:08 internet: while trying to get file 'servers.def.vpu', error 0x20000004 has occured, try 10
28.03.2010 14:04:10 internet: tried 10 servers to get file 'servers.def.vpu', but failed (0x20000004)
28.03.2010 14:04:10 file: GetNewerStampedFile:GetFileWithRetry failed: C:\DOCUME~1\Melanie\LOCALS~1\Temp\_av_proI.tm~a02612\onefile, servers.def.vpu, error: 0x20000004
28.03.2010 14:04:11 package: Download servers.def, servers.def.vpu failed with error 0x20000004.
28.03.2010 14:04:12 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:13 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:13 general: InvalidateCurrent: invalidated server 'Download795 AVAST Server' from 'main'
28.03.2010 14:04:13 general: SelectCurrent: selected server 'Download635 AVAST Server' from 'main'
28.03.2010 14:04:13 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:13 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:13 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 1
28.03.2010 14:04:14 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:14 general: InvalidateCurrent: invalidated server 'Download635 AVAST Server' from 'main'
28.03.2010 14:04:14 general: SelectCurrent: selected server 'Download694 AVAST Server' from 'main'
28.03.2010 14:04:14 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:14 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:14 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 2
28.03.2010 14:04:17 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:17 general: InvalidateCurrent: invalidated server 'Download694 AVAST Server' from 'main'
28.03.2010 14:04:17 general: SelectCurrent: selected server 'Download704 AVAST Server' from 'main'
28.03.2010 14:04:17 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:17 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:17 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 3
28.03.2010 14:04:20 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:20 general: InvalidateCurrent: invalidated server 'Download704 AVAST Server' from 'main'
28.03.2010 14:04:20 general: SelectCurrent: selected server 'Download751 AVAST Server' from 'main'
28.03.2010 14:04:20 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:20 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:20 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 4
28.03.2010 14:04:23 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:23 general: InvalidateCurrent: invalidated server 'Download751 AVAST Server' from 'main'
28.03.2010 14:04:23 general: SelectCurrent: selected server 'Download607 AVAST Server' from 'main'
28.03.2010 14:04:23 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:23 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:23 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 5
28.03.2010 14:04:26 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:26 general: InvalidateCurrent: invalidated server 'Download607 AVAST Server' from 'main'
28.03.2010 14:04:26 general: SelectCurrent: selected server 'Download797 AVAST Server' from 'main'
28.03.2010 14:04:26 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:26 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:26 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 6
28.03.2010 14:04:29 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:29 general: InvalidateCurrent: invalidated server 'Download797 AVAST Server' from 'main'
28.03.2010 14:04:29 general: SelectCurrent: selected server 'Download980 AVAST Server' from 'main'
28.03.2010 14:04:29 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:29 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:29 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 7
28.03.2010 14:04:32 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:32 general: InvalidateCurrent: invalidated server 'Download980 AVAST Server' from 'main'
28.03.2010 14:04:32 general: SelectCurrent: selected server 'Download811 AVAST Server' from 'main'
28.03.2010 14:04:32 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:32 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:32 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 8
28.03.2010 14:04:35 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:35 general: InvalidateCurrent: invalidated server 'Download811 AVAST Server' from 'main'
28.03.2010 14:04:35 general: SelectCurrent: selected server 'Download613 AVAST Server' from 'main'
28.03.2010 14:04:35 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:35 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:35 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 9
28.03.2010 14:04:38 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
28.03.2010 14:04:38 general: InvalidateCurrent: invalidated server 'Download613 AVAST Server' from 'main'
28.03.2010 14:04:38 general: SelectCurrent: selected server 'Download653 AVAST Server' from 'main'
28.03.2010 14:04:38 internet: SYNCER: Type: use IE settings
28.03.2010 14:04:38 internet: SYNCER: Auth: another authentication, use WinInet
28.03.2010 14:04:38 internet: while trying to get file 'servers.def', error 0x20000004 has occured, try 10
28.03.2010 14:04:40 internet: tried 10 servers to get file 'servers.def', but failed (0x20000004)
28.03.2010 14:04:40 file: GetNewerStampedFile:GetFileWithRetry failed: C:\DOCUME~1\Melanie\LOCALS~1\Temp\_av_proI.tm~a02612\onefile, servers.def, error: 0x20000004
28.03.2010 14:04:40 package: Tried to download servers.def but failed with error 0x20000004.
28.03.2010 14:04:40 package: LoadAllDefs failed 0x20000004
28.03.2010 14:04:40 general: Err:Cannot connect to a613sm.avast.com (74.55.74.78:80)

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2006 6:59:02 PM
System Uptime: 3/28/2010 2:00:17 PM (0 hours ago)

Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2204/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 95.34 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1300: 12/29/2009 1:55:41 AM - Software Distribution Service 3.0
RP1301: 12/30/2009 2:28:42 AM - System Checkpoint
RP1302: 12/31/2009 3:28:42 AM - System Checkpoint
RP1303: 12/31/2009 12:17:58 PM - Software Distribution Service 3.0
RP1304: 1/1/2010 4:40:17 PM - System Checkpoint
RP1305: 1/3/2010 7:59:48 PM - System Checkpoint
RP1306: 1/4/2010 1:01:57 PM - Software Distribution Service 3.0
RP1307: 1/5/2010 1:19:33 PM - System Checkpoint
RP1308: 1/6/2010 1:20:30 PM - System Checkpoint
RP1309: 1/7/2010 2:19:25 PM - System Checkpoint
RP1310: 1/7/2010 8:50:23 PM - Software Distribution Service 3.0
RP1311: 1/8/2010 9:20:35 PM - System Checkpoint
RP1312: 1/9/2010 9:43:25 PM - System Checkpoint
RP1313: 1/10/2010 10:19:25 PM - System Checkpoint
RP1314: 1/11/2010 10:40:42 PM - System Checkpoint
RP1315: 1/12/2010 2:10:04 AM - Software Distribution Service 3.0
RP1316: 1/13/2010 2:19:28 AM - System Checkpoint
RP1317: 1/13/2010 3:00:15 AM - Software Distribution Service 3.0
RP1318: 1/14/2010 3:23:00 AM - System Checkpoint
RP1319: 1/14/2010 12:40:56 PM - Software Distribution Service 3.0
RP1320: 1/15/2010 1:37:39 PM - System Checkpoint
RP1321: 1/16/2010 4:37:12 PM - System Checkpoint
RP1322: 1/17/2010 5:46:28 PM - System Checkpoint
RP1323: 1/18/2010 10:18:59 AM - Software Distribution Service 3.0
RP1324: 1/19/2010 6:20:30 PM - System Checkpoint
RP1325: 1/20/2010 6:49:28 PM - System Checkpoint
RP1326: 1/21/2010 7:07:37 PM - System Checkpoint
RP1327: 1/21/2010 9:33:28 PM - Software Distribution Service 3.0
RP1328: 1/22/2010 3:00:15 AM - Software Distribution Service 3.0
RP1329: 1/22/2010 6:11:26 PM - Windows Defender Checkpoint
RP1330: 1/23/2010 10:20:40 AM - Configured Power2Go
RP1331: 1/24/2010 10:21:55 AM - System Checkpoint
RP1332: 1/25/2010 11:45:44 AM - System Checkpoint
RP1333: 1/26/2010 12:21:52 PM - System Checkpoint
RP1334: 1/26/2010 11:34:44 PM - Software Distribution Service 3.0
RP1335: 1/27/2010 6:12:45 PM - Installed FinePixViewer
RP1336: 1/27/2010 6:12:49 PM - Installed FinePixViewer
RP1337: 1/27/2010 6:13:45 PM - Installed FinePixViewer Resource
RP1338: 1/27/2010 6:14:24 PM - Installed FinePix Studio
RP1339: 1/28/2010 5:14:58 PM - Software Distribution Service 3.0
RP1340: 1/29/2010 5:21:03 PM - System Checkpoint
RP1341: 1/30/2010 5:25:26 PM - System Checkpoint
RP1342: 1/31/2010 5:32:24 PM - System Checkpoint
RP1343: 2/1/2010 5:37:30 PM - System Checkpoint
RP1344: 2/1/2010 6:24:22 PM - Software Distribution Service 3.0
RP1345: 2/2/2010 3:04:48 PM - Installed QuickTime
RP1346: 2/3/2010 3:32:20 PM - System Checkpoint
RP1347: 2/4/2010 5:34:39 PM - System Checkpoint
RP1348: 2/4/2010 10:42:31 PM - Software Distribution Service 3.0
RP1349: 2/5/2010 11:32:20 PM - System Checkpoint
RP1350: 2/6/2010 11:56:35 PM - System Checkpoint
RP1351: 2/8/2010 12:56:36 AM - System Checkpoint
RP1352: 2/8/2010 11:10:44 PM - Software Distribution Service 3.0
RP1353: 2/9/2010 7:29:31 AM - Windows Defender Checkpoint
RP1354: 2/9/2010 7:48:45 AM - Installed Uniblue DriverScanner v1.0
RP1355: 2/9/2010 10:27:19 AM - Installed Uniblue DriverScanner v1.0
RP1356: 2/9/2010 4:56:08 PM - Installed Uniblue DriverScanner v1.0
RP1357: 2/10/2010 3:00:19 AM - Software Distribution Service 3.0
RP1358: 2/11/2010 3:23:50 AM - System Checkpoint
RP1359: 2/12/2010 2:00:45 AM - Software Distribution Service 3.0
RP1360: 2/13/2010 2:25:01 AM - System Checkpoint
RP1361: 2/14/2010 2:28:53 AM - System Checkpoint
RP1362: 2/15/2010 3:23:49 AM - System Checkpoint
RP1363: 2/15/2010 12:07:03 PM - Software Distribution Service 3.0
RP1364: 2/16/2010 12:33:50 PM - System Checkpoint
RP1365: 2/17/2010 2:28:11 PM - System Checkpoint
RP1366: 2/18/2010 2:35:48 PM - System Checkpoint
RP1367: 2/18/2010 4:49:08 PM - Software Distribution Service 3.0
RP1368: 2/19/2010 6:24:21 PM - System Checkpoint
RP1369: 2/20/2010 7:55:43 PM - System Checkpoint
RP1370: 2/21/2010 12:45:45 PM - Configured Studio 10
RP1371: 2/21/2010 12:46:16 PM - Installed Studio 10
RP1372: 2/21/2010 12:47:19 PM - Configured Studio 10
RP1373: 2/21/2010 12:47:33 PM - Removed Studio 10
RP1374: 2/21/2010 12:47:41 PM - Removed Instant DVD Recorder
RP1375: 2/21/2010 12:47:54 PM - Removed MediaServer
RP1376: 2/21/2010 12:54:08 PM - Installed Studio 10
RP1377: 2/21/2010 12:55:58 PM - Installed Studio 10
RP1378: 2/21/2010 1:03:04 PM - Installed MediaServer
RP1379: 2/21/2010 1:04:20 PM - Installed Instant DVD Recorder
RP1380: 2/22/2010 1:44:35 PM - System Checkpoint
RP1381: 2/22/2010 7:57:53 PM - Software Distribution Service 3.0
RP1382: 2/23/2010 4:49:57 PM - Software Distribution Service 3.0
RP1383: 2/24/2010 6:26:22 PM - System Checkpoint
RP1384: 2/25/2010 11:24:37 AM - Software Distribution Service 3.0
RP1385: 2/26/2010 12:05:31 PM - System Checkpoint
RP1386: 2/27/2010 1:57:22 PM - System Checkpoint
RP1387: 2/28/2010 3:19:37 PM - System Checkpoint
RP1388: 3/1/2010 4:05:28 PM - System Checkpoint
RP1389: 3/1/2010 4:41:40 PM - Software Distribution Service 3.0
RP1390: 3/2/2010 5:46:35 PM - System Checkpoint
RP1391: 3/3/2010 6:38:59 PM - System Checkpoint
RP1392: 3/4/2010 8:15:33 PM - System Checkpoint
RP1393: 3/4/2010 9:42:48 PM - Software Distribution Service 3.0
RP1394: 3/5/2010 10:05:41 PM - System Checkpoint
RP1395: 3/6/2010 10:45:13 PM - System Checkpoint
RP1396: 3/7/2010 11:05:31 PM - System Checkpoint
RP1397: 3/8/2010 11:06:28 PM - System Checkpoint
RP1398: 3/9/2010 2:16:34 AM - Software Distribution Service 3.0
RP1399: 3/10/2010 3:05:17 AM - System Checkpoint
RP1400: 3/11/2010 3:00:23 AM - Software Distribution Service 3.0
RP1401: 3/11/2010 4:02:08 PM - Software Distribution Service 3.0
RP1402: 3/12/2010 7:20:59 PM - System Checkpoint
RP1403: 3/13/2010 7:37:50 PM - System Checkpoint
RP1404: 3/14/2010 9:30:59 PM - System Checkpoint
RP1405: 3/15/2010 5:45:42 PM - Software Distribution Service 3.0
RP1406: 3/16/2010 6:30:42 PM - System Checkpoint
RP1407: 3/17/2010 7:43:30 PM - System Checkpoint
RP1408: 3/18/2010 10:30:08 PM - System Checkpoint
RP1409: 3/19/2010 12:25:10 AM - Software Distribution Service 3.0
RP1410: 3/20/2010 12:27:16 AM - System Checkpoint
RP1411: 3/21/2010 1:26:07 AM - System Checkpoint
RP1412: 3/22/2010 1:56:44 AM - System Checkpoint
RP1413: 3/23/2010 2:05:33 AM - Software Distribution Service 3.0
RP1414: 3/23/2010 5:36:43 PM - Configured PowerStarter
RP1415: 3/24/2010 10:47:41 AM - Configured PowerStarter
RP1416: 3/25/2010 12:22:22 PM - Installed Suite
RP1417: 3/25/2010 2:25:36 PM - Software Distribution Service 3.0
RP1418: 3/26/2010 3:40:50 PM - System Checkpoint
RP1419: 3/27/2010 3:44:07 PM - System Checkpoint
RP1420: 3/28/2010 12:59:48 PM - Windows Defender Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
avast! Antivirus
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD Copy
CyberLink PowerProducer
DiscAPI (Studio 10)
ESET Online Scanner v3
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
HijackThis 2.0.2
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Product Assistant
iTunes
Malwarebytes' Anti-Malware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.17)
MSXML 4.0 SP2 (KB973688)
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
QuickTime
RAPID (Studio 10)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SmartDraw 2007
Studio 10
Total Immersion D'Fusion @Home Web Plug-In
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)

==== Event Viewer Messages From Past Week ========

3/25/2010 6:28:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/24/2010 3:58:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
3/22/2010 9:51:30 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2006 6:59:02 PM
System Uptime: 3/28/2010 2:00:17 PM (0 hours ago)

Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2204/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 95.34 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1300: 12/29/2009 1:55:41 AM - Software Distribution Service 3.0
RP1301: 12/30/2009 2:28:42 AM - System Checkpoint
RP1302: 12/31/2009 3:28:42 AM - System Checkpoint
RP1303: 12/31/2009 12:17:58 PM - Software Distribution Service 3.0
RP1304: 1/1/2010 4:40:17 PM - System Checkpoint
RP1305: 1/3/2010 7:59:48 PM - System Checkpoint
RP1306: 1/4/2010 1:01:57 PM - Software Distribution Service 3.0
RP1307: 1/5/2010 1:19:33 PM - System Checkpoint
RP1308: 1/6/2010 1:20:30 PM - System Checkpoint
RP1309: 1/7/2010 2:19:25 PM - System Checkpoint
RP1310: 1/7/2010 8:50:23 PM - Software Distribution Service 3.0
RP1311: 1/8/2010 9:20:35 PM - System Checkpoint
RP1312: 1/9/2010 9:43:25 PM - System Checkpoint
RP1313: 1/10/2010 10:19:25 PM - System Checkpoint
RP1314: 1/11/2010 10:40:42 PM - System Checkpoint
RP1315: 1/12/2010 2:10:04 AM - Software Distribution Service 3.0
RP1316: 1/13/2010 2:19:28 AM - System Checkpoint
RP1317: 1/13/2010 3:00:15 AM - Software Distribution Service 3.0
RP1318: 1/14/2010 3:23:00 AM - System Checkpoint
RP1319: 1/14/2010 12:40:56 PM - Software Distribution Service 3.0
RP1320: 1/15/2010 1:37:39 PM - System Checkpoint
RP1321: 1/16/2010 4:37:12 PM - System Checkpoint
RP1322: 1/17/2010 5:46:28 PM - System Checkpoint
RP1323: 1/18/2010 10:18:59 AM - Software Distribution Service 3.0
RP1324: 1/19/2010 6:20:30 PM - System Checkpoint
RP1325: 1/20/2010 6:49:28 PM - System Checkpoint
RP1326: 1/21/2010 7:07:37 PM - System Checkpoint
RP1327: 1/21/2010 9:33:28 PM - Software Distribution Service 3.0
RP1328: 1/22/2010 3:00:15 AM - Software Distribution Service 3.0
RP1329: 1/22/2010 6:11:26 PM - Windows Defender Checkpoint
RP1330: 1/23/2010 10:20:40 AM - Configured Power2Go
RP1331: 1/24/2010 10:21:55 AM - System Checkpoint
RP1332: 1/25/2010 11:45:44 AM - System Checkpoint
RP1333: 1/26/2010 12:21:52 PM - System Checkpoint
RP1334: 1/26/2010 11:34:44 PM - Software Distribution Service 3.0
RP1335: 1/27/2010 6:12:45 PM - Installed FinePixViewer
RP1336: 1/27/2010 6:12:49 PM - Installed FinePixViewer
RP1337: 1/27/2010 6:13:45 PM - Installed FinePixViewer Resource
RP1338: 1/27/2010 6:14:24 PM - Installed FinePix Studio
RP1339: 1/28/2010 5:14:58 PM - Software Distribution Service 3.0
RP1340: 1/29/2010 5:21:03 PM - System Checkpoint
RP1341: 1/30/2010 5:25:26 PM - System Checkpoint
RP1342: 1/31/2010 5:32:24 PM - System Checkpoint
RP1343: 2/1/2010 5:37:30 PM - System Checkpoint
RP1344: 2/1/2010 6:24:22 PM - Software Distribution Service 3.0
RP1345: 2/2/2010 3:04:48 PM - Installed QuickTime
RP1346: 2/3/2010 3:32:20 PM - System Checkpoint
RP1347: 2/4/2010 5:34:39 PM - System Checkpoint
RP1348: 2/4/2010 10:42:31 PM - Software Distribution Service 3.0
RP1349: 2/5/2010 11:32:20 PM - System Checkpoint
RP1350: 2/6/2010 11:56:35 PM - System Checkpoint
RP1351: 2/8/2010 12:56:36 AM - System Checkpoint
RP1352: 2/8/2010 11:10:44 PM - Software Distribution Service 3.0
RP1353: 2/9/2010 7:29:31 AM - Windows Defender Checkpoint
RP1354: 2/9/2010 7:48:45 AM - Installed Uniblue DriverScanner v1.0
RP1355: 2/9/2010 10:27:19 AM - Installed Uniblue DriverScanner v1.0
RP1356: 2/9/2010 4:56:08 PM - Installed Uniblue DriverScanner v1.0
RP1357: 2/10/2010 3:00:19 AM - Software Distribution Service 3.0
RP1358: 2/11/2010 3:23:50 AM - System Checkpoint
RP1359: 2/12/2010 2:00:45 AM - Software Distribution Service 3.0
RP1360: 2/13/2010 2:25:01 AM - System Checkpoint
RP1361: 2/14/2010 2:28:53 AM - System Checkpoint
RP1362: 2/15/2010 3:23:49 AM - System Checkpoint
RP1363: 2/15/2010 12:07:03 PM - Software Distribution Service 3.0
RP1364: 2/16/2010 12:33:50 PM - System Checkpoint
RP1365: 2/17/2010 2:28:11 PM - System Checkpoint
RP1366: 2/18/2010 2:35:48 PM - System Checkpoint
RP1367: 2/18/2010 4:49:08 PM - Software Distribution Service 3.0
RP1368: 2/19/2010 6:24:21 PM - System Checkpoint
RP1369: 2/20/2010 7:55:43 PM - System Checkpoint
RP1370: 2/21/2010 12:45:45 PM - Configured Studio 10
RP1371: 2/21/2010 12:46:16 PM - Installed Studio 10
RP1372: 2/21/2010 12:47:19 PM - Configured Studio 10
RP1373: 2/21/2010 12:47:33 PM - Removed Studio 10
RP1374: 2/21/2010 12:47:41 PM - Removed Instant DVD Recorder
RP1375: 2/21/2010 12:47:54 PM - Removed MediaServer
RP1376: 2/21/2010 12:54:08 PM - Installed Studio 10
RP1377: 2/21/2010 12:55:58 PM - Installed Studio 10
RP1378: 2/21/2010 1:03:04 PM - Installed MediaServer
RP1379: 2/21/2010 1:04:20 PM - Installed Instant DVD Recorder
RP1380: 2/22/2010 1:44:35 PM - System Checkpoint
RP1381: 2/22/2010 7:57:53 PM - Software Distribution Service 3.0
RP1382: 2/23/2010 4:49:57 PM - Software Distribution Service 3.0
RP1383: 2/24/2010 6:26:22 PM - System Checkpoint
RP1384: 2/25/2010 11:24:37 AM - Software Distribution Service 3.0
RP1385: 2/26/2010 12:05:31 PM - System Checkpoint
RP1386: 2/27/2010 1:57:22 PM - System Checkpoint
RP1387: 2/28/2010 3:19:37 PM - System Checkpoint
RP1388: 3/1/2010 4:05:28 PM - System Checkpoint
RP1389: 3/1/2010 4:41:40 PM - Software Distribution Service 3.0
RP1390: 3/2/2010 5:46:35 PM - System Checkpoint
RP1391: 3/3/2010 6:38:59 PM - System Checkpoint
RP1392: 3/4/2010 8:15:33 PM - System Checkpoint
RP1393: 3/4/2010 9:42:48 PM - Software Distribution Service 3.0
RP1394: 3/5/2010 10:05:41 PM - System Checkpoint
RP1395: 3/6/2010 10:45:13 PM - System Checkpoint
RP1396: 3/7/2010 11:05:31 PM - System Checkpoint
RP1397: 3/8/2010 11:06:28 PM - System Checkpoint
RP1398: 3/9/2010 2:16:34 AM - Software Distribution Service 3.0
RP1399: 3/10/2010 3:05:17 AM - System Checkpoint
RP1400: 3/11/2010 3:00:23 AM - Software Distribution Service 3.0
RP1401: 3/11/2010 4:02:08 PM - Software Distribution Service 3.0
RP1402: 3/12/2010 7:20:59 PM - System Checkpoint
RP1403: 3/13/2010 7:37:50 PM - System Checkpoint
RP1404: 3/14/2010 9:30:59 PM - System Checkpoint
RP1405: 3/15/2010 5:45:42 PM - Software Distribution Service 3.0
RP1406: 3/16/2010 6:30:42 PM - System Checkpoint
RP1407: 3/17/2010 7:43:30 PM - System Checkpoint
RP1408: 3/18/2010 10:30:08 PM - System Checkpoint
RP1409: 3/19/2010 12:25:10 AM - Software Distribution Service 3.0
RP1410: 3/20/2010 12:27:16 AM - System Checkpoint
RP1411: 3/21/2010 1:26:07 AM - System Checkpoint
RP1412: 3/22/2010 1:56:44 AM - System Checkpoint
RP1413: 3/23/2010 2:05:33 AM - Software Distribution Service 3.0
RP1414: 3/23/2010 5:36:43 PM - Configured PowerStarter
RP1415: 3/24/2010 10:47:41 AM - Configured PowerStarter
RP1416: 3/25/2010 12:22:22 PM - Installed Suite
RP1417: 3/25/2010 2:25:36 PM - Software Distribution Service 3.0
RP1418: 3/26/2010 3:40:50 PM - System Checkpoint
RP1419: 3/27/2010 3:44:07 PM - System Checkpoint
RP1420: 3/28/2010 12:59:48 PM - Windows Defender Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
avast! Antivirus
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD Copy
CyberLink PowerProducer
DiscAPI (Studio 10)
ESET Online Scanner v3
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
HijackThis 2.0.2
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Product Assistant
iTunes
Malwarebytes' Anti-Malware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.17)
MSXML 4.0 SP2 (KB973688)
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
QuickTime
RAPID (Studio 10)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SmartDraw 2007
Studio 10
Total Immersion D'Fusion @Home Web Plug-In
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)

==== Event Viewer Messages From Past Week ========

3/25/2010 6:28:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/24/2010 3:58:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
3/22/2010 9:51:30 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

Dds

DDS (Ver_10-03-17.01) - NTFSx86
Run by Melanie at 14:58:23.98 on Sun 03/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.133 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100328-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Melanie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;localhost
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Power2GoExpress] "f:\power2go\Power2GoExpress.exe" /Startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll ",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [<NO NAME>]
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe "
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [InstantBurn] f:\instan~1\win2k\IBurn.exe
mRun: [CLMLServer] "f:\power2go\CLMLSvc.exe "
mRun: [P2Go_Menu] "f:\power2go\muitransfer\muistartmenu.exe" "f:\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [UpdatePDRShortCut] "f:\dvd suite\muitransfer\muistartmenu.exe" "f:\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [UpdatePPShortCut] "f:\powerproducer\muitransfer\muistartmenu.exe" "f:\powerproducer" update "software\cyberlink\powerproducer\5.0 "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.avataritag.com/app/Plugin/DFusionHomeWebPlugIn.Installer.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\melanie\applic~1\mozilla\firefox\profiles\531rj6m2.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-27 114768]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-11-14 15784]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-27 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-27 138680]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-11-14 162344]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-28 1247600]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-27 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-27 352920]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-29 38224]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-25 17:16:17 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys
2002-07-26 23:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
2009-06-20 18:28:41 88 --sh--r- c:\windows\system32\5712CB1F76.sys
2009-06-20 18:31:06 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-22 08:08:24 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102220081023\index.dat

============= FINISH: 14:59:00.37 ===============

 

Please run and update Malwarebytes Anti-Malware. Once it is updated, run a quick scan. Remove what is found and reboot the computer. Post the log back here please with an hijackthis log.

 

mbam

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/28/2010 3:44:03 PM
mbam-log-2010-03-28 (15-44-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 225973
Time elapsed: 1 hour(s), 24 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






Nothing to remove, but I couldn't update it before I ran it. Will do hijack now.

 

hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:34 PM, on 3/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Melanie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll ",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe "
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [InstantBurn] F:\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [CLMLServer] "F:\Power2Go\CLMLSvc.exe "
O4 - HKLM\..\Run: [P2Go_Menu] "F:\Power2Go\MUITransfer\MUIStartMenu.exe" "F:\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
O4 - HKLM\..\Run: [UpdatePDRShortCut] "F:\DVD Suite\MUITransfer\MUIStartMenu.exe" "F:\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter "
O4 - HKLM\..\Run: [UpdatePPShortCut] "F:\PowerProducer\MUITransfer\MUIStartMenu.exe" "F:\PowerProducer" update "Software\CyberLink\PowerProducer\5.0 "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Power2GoExpress] "F:\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://www.avataritag.com/app/Plugin/DFusionHomeWebPlugIn.Installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12662 bytes

 

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• After you uncheck this, click on the Save button
• Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked ".

===============

Try updating and running MBA-M now please.

 

mbam

Ran mbam again and it got it! It's this program called Anti-Virus Soft. My gosh that thing is nasty!


What's next?







Malwarebytes' Anti-Malware 1.44
Database version: 3924
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/28/2010 6:00:42 PM
mbam-log-2010-03-28 (18-00-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 227668
Time elapsed: 56 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

How is the PC?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Otl

OTL logfile created on: 3/29/2010 6:32:44 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Melanie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 268.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.78 Gb Total Space | 97.70 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: M
Current User Name: Melanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/29 18:23:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie\Desktop\OTL.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/06 00:55:51 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/20 21:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/09/19 17:42:27 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/21 14:47:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2006/12/23 22:24:37 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/15 04:00:20 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/08/14 15:20:26 | 000,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/06/01 03:37:48 | 000,196,608 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/05/27 10:18:16 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/03/29 18:23:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie\Desktop\OTL.exe
MOD - [2006/12/23 22:24:37 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Melanie\Local Settings\Temp\IadHide4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/19 17:42:27 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/28 16:37:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/28 16:37:29 | 000,000,000 | ---D | M]

[2009/04/23 08:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Mozilla\Extensions
[2010/03/29 13:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\531rj6m2.default\extensions
[2009/09/18 10:26:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\531rj6m2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/29 13:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/02 17:14:22 | 001,933,312 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

O1 HOSTS File: ([2008/10/17 09:35:12 | 000,267,901 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9277 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CLMLServer] F:\Power2Go\CLMLSvc.exe File not found
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [InstantBurn] F:\INSTAN~1\Win2K\IBurn.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P2Go_Menu] F:\Power2Go\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] F:\DVD Suite\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [UpdatePPShortCut] F:\PowerProducer\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Power2GoExpress] F:\Power2Go\Power2GoExpress.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.avataritag.com/app/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Melanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Melanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/21 13:58:22 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5fa1ccc8-c0c8-11de-ad3b-00188b72c087}\Shell - " " = AutoRun
O33 - MountPoints2\{5fa1ccc8-c0c8-11de-ad3b-00188b72c087}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{5fa1ccc8-c0c8-11de-ad3b-00188b72c087}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b1fa718d-1671-11df-ad57-00188b72c087}\Shell\AutoRun\command - " " = F:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{b1fa718d-1671-11df-ad57-00188b72c087}\Shell\Install\command - " " = F:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\F\Shell - " " = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 13:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 18:23:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melanie\Desktop\OTL.exe
[2010/03/28 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\Desktop\backups
[2010/03/28 15:59:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melanie\Desktop\TFC.exe
[2010/03/28 12:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\Local Settings\Application Data\pptgqk
[2010/03/26 09:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\My Documents\Jmw1CEF.tmp
[2010/03/26 09:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\My Documents\Jmw1CEE.tmp
[2010/03/25 13:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\My Documents\Jmw1B63.tmp
[2010/03/25 13:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\My Documents\Jmw1B62.tmp
[2009/12/20 19:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2009/12/03 09:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/13 22:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/09 16:51:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/09 16:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/10/04 17:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/14 11:32:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\Documents and Settings\Melanie\My Documents\*.tmp files -> C:\Documents and Settings\Melanie\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/29 18:23:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie\Desktop\OTL.exe
[2010/03/29 18:16:12 | 000,000,020 | ---- | M] () -- C:\dirref.ini
[2010/03/29 14:51:29 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D849E1C1-B3CC-4887-B7C7-344812599166}.job
[2010/03/29 02:05:22 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/28 20:02:41 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/28 16:35:09 | 000,580,360 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 16:35:09 | 000,481,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 16:35:09 | 000,088,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 16:34:05 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/28 16:34:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/28 16:34:04 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/03/28 16:29:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/28 16:28:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/28 16:28:44 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 16:28:04 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Melanie\NTUSER.DAT
[2010/03/28 16:27:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Melanie\ntuser.ini
[2010/03/28 15:58:41 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie\Desktop\TFC.exe
[2010/03/28 14:56:21 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Melanie\Desktop\dds.scr
[2010/03/28 11:43:20 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/03/26 18:39:55 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/26 14:25:56 | 000,005,376 | ---- | M] () -- C:\CES.xml
[2010/03/26 12:29:07 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Melanie\Desktop\Microsoft Office Word 2003.lnk
[2010/03/25 20:33:56 | 000,256,440 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\BathPeriNailTurn.pds
[2010/03/25 12:34:10 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Melanie\Desktop\CyberLink DVD Suite.lnk
[2010/03/25 11:59:19 | 000,000,177 | ---- | M] () -- C:\Documents
[2010/03/25 11:09:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/22 09:15:26 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:29:49 | 000,000,359 | ---- | M] () -- C:\WINDOWS\VFO.INI
[5 C:\Documents and Settings\Melanie\My Documents\*.tmp files -> C:\Documents and Settings\Melanie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 14:56:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Melanie\Desktop\dds.scr
[2010/03/25 20:33:55 | 000,256,440 | ---- | C] () -- C:\Documents and Settings\Melanie\My Documents\BathPeriNailTurn.pds
[2010/03/25 12:21:28 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\Melanie\Desktop\CyberLink DVD Suite.lnk
[2010/02/21 14:05:28 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2009/11/14 22:56:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2009/09/12 19:37:34 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/09/16 18:01:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/03 17:53:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/09/03 17:49:27 | 000,003,860 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/17 16:27:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/01/20 21:55:38 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/20 21:55:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/20 21:55:36 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/01/20 21:55:34 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/20 21:55:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/06/22 12:18:25 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/06/10 16:05:34 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/06/10 16:05:34 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/06/10 16:05:34 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/06/10 16:05:34 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/06/10 16:05:34 | 000,000,359 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/06/10 16:05:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/05/18 01:07:21 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Melanie\Application Data\dvd.bmk
[2007/05/18 00:33:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\fusioncache.dat
[2007/04/06 20:33:13 | 000,002,182 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/22 18:56:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/24 17:23:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/02/24 17:23:24 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/02/24 17:23:24 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/12/24 00:52:15 | 000,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/24 00:52:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5712CB1F76.sys
[2006/12/23 23:02:00 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/17 20:43:49 | 000,075,088 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2006/12/17 20:43:49 | 000,013,034 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2006/12/17 20:43:49 | 000,010,834 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2006/12/17 20:43:49 | 000,005,338 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2006/12/17 20:43:49 | 000,005,142 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2006/12/17 20:43:49 | 000,004,826 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2006/12/17 20:43:49 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2006/12/17 20:43:49 | 000,003,818 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2006/12/17 20:43:49 | 000,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2006/12/17 20:43:49 | 000,002,782 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2006/12/17 20:43:49 | 000,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2006/12/17 20:43:49 | 000,001,378 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2006/12/17 20:43:49 | 000,000,980 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2006/12/17 20:43:49 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\snetfil.dll
[2006/12/17 20:43:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2006/12/17 20:43:49 | 000,000,306 | ---- | C] () -- C:\WINDOWS\System32\picsfil.dll
[2006/12/17 20:43:49 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\srchout.dll
[2006/12/17 20:43:47 | 000,334,174 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2006/12/17 20:40:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/17 20:15:15 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/28 22:44:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/28 22:33:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/28 22:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 22:07:32 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/28 22:07:32 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/28 22:07:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/28 22:07:32 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/28 22:07:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/28 22:07:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/28 22:07:31 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/28 22:06:35 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/02/09 18:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/06/10 17:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/06/10 17:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2009/11/14 22:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2007/06/13 18:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/10/04 10:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/12/23 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\FotoWire
[2010/01/27 19:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\FUJIFILM
[2010/03/25 11:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\GetRightToGo
[2006/12/24 00:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Leadertech
[2010/02/21 13:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Pinnacle Systems
[2008/03/26 11:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\SmartDraw
[2009/12/13 15:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Total Immersion
[2010/02/09 18:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Uniblue
[2010/03/29 02:05:22 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/28 16:34:04 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/03/29 14:51:29 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D849E1C1-B3CC-4887-B7C7-344812599166}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/21 17:50:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/21 17:50:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/21 17:50:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/21 17:50:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/08/05 08:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\drivers\storage\r133282\nvatabus.sys
[2006/08/05 08:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\i386\nvatabus.sys
[2006/08/05 08:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

 

extras

It didn't give me an "extras" report.

PC is working great, tho. And I thank you so much!

 

Ok. Let's do an on-line scan and make sure nothing is lurking.

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color= "blue"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color= "#3333FF"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • [color= "#6666CC"]Extended[/color]
  • Scan Options:
    • [color= "#6666CC"]Scan Archives[/color]
    • [color= "#6666CC"]Scan Mail Bases[/color]
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color= "Navy"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color= "Navy"]Save as [/color]prompt, [color= "navy"]Save in[/color] area, select: Desktop
In the [color= "navy"]File name[/color] area, use KScan, or something similar
In [color= "navy"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color= "Navy"]Kaspersky Online Scanner Report [/color]in your reply.

 

kapersky

I turned of Avast and Windows defender (turned off real-time protection) but still when I attempt to run the Kapersky scanner, it won't check for viruses, worm, trojans, or rootkits and says the reason is that other anti-virus software is running.

I don't know what else to turn off?????

 

Can you try it in safe mode with networking? I have seen this before with Kaspersky.

 

kapersky

Hi,

I don't know how to do that.

 

Sorry. When you turn on the computer, immediately after pressing the power button, start tapping the F8 key (some computers may use the F5), you should get a menu asking you if you want to boot to safe mode, safe mode with networking and a few other options.

 

Kscan

I ran it in safe mode, but it STILL wouldn't let me check the box to scan for viruses, trojans, and rootkits.....BUT it found a trojan, so go figure. What's next?

Thursday, April 1, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 01, 2010 19:04:02
Records in database: 3913532


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\

Scan statistics
Objects scanned 120717
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 02:36:01

File name Threat Threats count
C:\Documents and Settings\Melanie\Local Settings\Application Data\pptgqk\clknsftav.exe Infected: Trojan.Win32.FraudPack.aply 1

Selected area has been scanned.