Solved IE and FireFox errors out, Safari works....WinXP Home SP3

[Resolved] IE and FireFox errors out, Safari works....WinXP Home SP3

This post was originally posted under "Internet & Networking > Internet Explorer" and is being re-posted here at the request of the BBS Administrator "Arie ".

I currently have 3 browsers on my computer. IE8, FireFox 3.5.3, and Safari. If I try to open either IE or FireFox I get the below crashed errors. Running Win XP Home SP3.

"Firefox had a problem and crashed. We'll try to restore your tabs and windows when it restarts. "

"Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. "

I can, as you can see, access Safari with no problems.

I have completely uninstalled Firefox and reinstalled it with no joy. I downloaded and reinstalled IE8 with the same results. I tried to restore a "restore point" from a month ago (well before the problem started) with still no joy. I have run spyware, malware, and crapware scans, systems appears to be clean. I have run "WinSock XP Fix "........

Can anybody help me see the trees for the forrest.

Thank you in advance.

Doug

Below are the requested logs:

* * * *
DDS.txt

DDS (Ver_09-10-13.01) - NTFSx86
Run by Debbie at 16:05:49.31 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.544 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\PC Tools Firewall Plus\FWService.exe
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java13\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java13\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AboutTime\AboutTime.exe
C:\Program Files\Safari\Safari.exe
c:\program files\aol toolbar\AolTbServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Debbie\Desktop\dds.scr
C:\Program Files\Mozilla Firefox\firefox.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java13\jre6\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java13\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java13\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java13\jre6\bin\jusched.exe "
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\debbie\startm~1\programs\startup\shortc~1.lnk - c:\program files\abouttime\AboutTime.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java13\jre6\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {6CCAA317-C38B-486C-8960-FAB8CC2F12F0} = 205.152.37.23,205.152.132.23
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\debbie\applic~1\mozilla\firefox\profiles\drmoto1x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\debbie\application data\mozilla\firefox\profiles\drmoto1x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\debbie\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\debbie\application data\vusion\npWARPVideoPlugin.394712.dll
FF - plugin: c:\documents and settings\debbie\application data\vusion\warpvideo@vusion.com\platform\winnt_x86-msvc\plugins\npWARPVideoPlugin.dll
FF - plugin: c:\program files\java13\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\java13\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-13 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-13 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-7-13 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-7-13 47640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-7-13 73840]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2003-2-12 158612]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-7-13 95640]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-13 906520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-13 298776]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-23 10:41 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-23 10:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-23 05:10 <DIR> -cd-h--- c:\windows\ie8
2009-10-22 09:53 <DIR> --d----- c:\docume~1\debbie\applic~1\Malwarebytes
2009-10-22 09:52 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 09:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 09:52 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-22 09:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 09:50 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-22 09:50 <DIR> --d----- c:\docume~1\debbie\applic~1\SUPERAntiSpyware.com
2009-10-02 23:30 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 15:37 34,668 a---h--- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2009-10-23 08:15 71,813 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-01 10:31 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 10:31 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-01 10:31 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-08 10:31 25,248 a------- c:\windows\system32\lmimirr.dll
2009-09-08 10:31 11,552 a------- c:\windows\system32\lmimirr2.dll
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 05:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-07 03:48 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-18 21:24 34 a------- c:\documents and settings\debbie\jagex_runescape_preferences.dat
2009-06-29 22:59 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 16:07:13.44 ===============

* * * *
Attach.txt

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/23/2008 11:36:11 AM
System Uptime: 10/23/2009 10:42:48 AM (6 hours ago)

Motherboard: Compaq | | 083C
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CN9 | 3066/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 32.288 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP315: 8/12/2009 3:04:55 PM - System Checkpoint
RP316: 8/13/2009 3:00:36 AM - Software Distribution Service 3.0
RP317: 8/14/2009 1:32:47 AM - Software Distribution Service 3.0
RP318: 8/15/2009 2:22:30 AM - System Checkpoint
RP319: 8/16/2009 3:22:35 AM - System Checkpoint
RP320: 8/17/2009 4:22:35 AM - System Checkpoint
RP321: 8/18/2009 2:10:12 AM - Software Distribution Service 3.0
RP322: 8/19/2009 2:52:39 AM - System Checkpoint
RP323: 8/20/2009 3:31:38 AM - System Checkpoint
RP324: 8/20/2009 1:48:59 PM - Software Distribution Service 3.0
RP325: 8/21/2009 2:31:41 PM - System Checkpoint
RP326: 8/22/2009 3:54:49 PM - System Checkpoint
RP327: 8/23/2009 3:57:14 PM - System Checkpoint
RP328: 8/24/2009 4:31:47 PM - System Checkpoint
RP329: 8/24/2009 5:09:55 PM - Software Distribution Service 3.0
RP330: 8/25/2009 5:31:50 PM - System Checkpoint
RP331: 8/26/2009 3:00:33 AM - Software Distribution Service 3.0
RP332: 8/27/2009 3:52:02 AM - System Checkpoint
RP333: 8/28/2009 12:18:42 AM - Software Distribution Service 3.0
RP334: 8/29/2009 12:51:54 AM - System Checkpoint
RP335: 8/30/2009 1:51:56 AM - System Checkpoint
RP336: 8/31/2009 2:52:01 AM - System Checkpoint
RP337: 9/1/2009 2:14:28 AM - Software Distribution Service 3.0
RP338: 9/2/2009 2:52:03 AM - System Checkpoint
RP339: 9/3/2009 3:32:03 AM - System Checkpoint
RP340: 9/3/2009 1:49:25 PM - Software Distribution Service 3.0
RP341: 9/4/2009 2:31:58 PM - System Checkpoint
RP342: 9/5/2009 2:33:03 PM - System Checkpoint
RP343: 9/6/2009 3:32:01 PM - System Checkpoint
RP344: 9/7/2009 4:32:05 PM - System Checkpoint
RP345: 9/7/2009 4:45:49 PM - Software Distribution Service 3.0
RP346: 9/8/2009 1:17:12 PM - Printer Driver LogMeIn Printer Driver Installed
RP347: 9/9/2009 3:00:41 AM - Software Distribution Service 3.0
RP348: 9/10/2009 3:21:28 AM - System Checkpoint
RP349: 9/10/2009 9:57:37 PM - Software Distribution Service 3.0
RP350: 9/11/2009 10:21:27 PM - System Checkpoint
RP351: 9/12/2009 11:21:29 PM - System Checkpoint
RP352: 9/14/2009 12:21:32 AM - System Checkpoint
RP353: 9/15/2009 1:21:34 AM - System Checkpoint
RP354: 9/15/2009 1:52:53 AM - Software Distribution Service 3.0
RP355: 9/16/2009 2:31:13 AM - System Checkpoint
RP356: 9/16/2009 3:00:32 AM - Software Distribution Service 3.0
RP357: 9/17/2009 3:14:01 AM - System Checkpoint
RP358: 9/17/2009 2:29:37 PM - Software Distribution Service 3.0
RP359: 9/18/2009 3:14:01 PM - System Checkpoint
RP360: 9/19/2009 4:14:04 PM - System Checkpoint
RP361: 9/20/2009 5:27:14 PM - System Checkpoint
RP362: 9/21/2009 11:54:37 AM - Software Distribution Service 3.0
RP363: 9/22/2009 12:14:10 PM - System Checkpoint
RP364: 9/23/2009 1:14:12 PM - System Checkpoint
RP365: 9/24/2009 2:14:15 PM - System Checkpoint
RP366: 9/24/2009 8:13:56 PM - Software Distribution Service 3.0
RP367: 9/25/2009 8:14:18 PM - System Checkpoint
RP368: 9/26/2009 9:14:23 PM - System Checkpoint
RP369: 9/27/2009 10:14:24 PM - System Checkpoint
RP370: 9/28/2009 9:00:11 PM - Software Distribution Service 3.0
RP371: 9/29/2009 9:53:50 PM - System Checkpoint
RP372: 9/30/2009 9:57:43 PM - System Checkpoint
RP373: 10/1/2009 10:53:54 PM - System Checkpoint
RP374: 10/2/2009 11:30:12 PM - Software Distribution Service 3.0
RP375: 10/3/2009 11:53:58 PM - System Checkpoint
RP376: 10/5/2009 12:54:01 AM - System Checkpoint
RP377: 10/5/2009 10:38:18 AM - Software Distribution Service 3.0
RP378: 10/6/2009 10:54:05 AM - System Checkpoint
RP379: 10/6/2009 4:22:21 PM - Printer Driver LogMeIn Printer Driver Installed
RP380: 10/7/2009 4:29:35 PM - System Checkpoint
RP381: 10/8/2009 5:29:36 PM - System Checkpoint
RP382: 10/8/2009 9:25:30 PM - Software Distribution Service 3.0
RP383: 10/9/2009 9:40:04 PM - System Checkpoint
RP384: 10/10/2009 10:29:43 PM - System Checkpoint
RP385: 10/11/2009 11:29:45 PM - System Checkpoint
RP386: 10/13/2009 12:07:21 AM - System Checkpoint
RP387: 10/14/2009 1:07:23 AM - System Checkpoint
RP388: 10/15/2009 2:07:25 AM - System Checkpoint
RP389: 10/16/2009 3:07:29 AM - System Checkpoint
RP390: 10/17/2009 4:07:41 AM - System Checkpoint
RP391: 10/18/2009 5:07:34 AM - System Checkpoint
RP392: 10/19/2009 6:07:37 AM - System Checkpoint
RP393: 10/20/2009 3:00:28 AM - Software Distribution Service 3.0
RP394: 10/20/2009 5:40:04 PM - Software Distribution Service 3.0
RP395: 10/21/2009 3:00:41 AM - Software Distribution Service 3.0
RP396: 10/22/2009 3:45:28 AM - System Checkpoint
RP397: 10/22/2009 9:49:06 AM - Software Distribution Service 3.0
RP398: 10/22/2009 10:46:27 AM - Removed Java(TM) 6 Update 7
RP399: 10/22/2009 10:50:15 AM - Removed Java(TM) 6 Update 4
RP400: 10/22/2009 11:13:33 AM - Removed OpenOffice.org 3.1
RP401: 10/23/2009 12:09:53 AM - Software Distribution Service 3.0
RP402: 10/23/2009 5:13:48 AM - Installed Windows Internet Explorer 8.
RP403: 10/23/2009 5:16:51 AM - Software Distribution Service 3.0
RP404: 10/23/2009 5:29:47 AM - Software Distribution Service 3.0
RP405: 10/23/2009 8:16:53 AM - Restore Operation
RP406: 10/23/2009 10:17:32 AM - Restore Operation

==== Installed Programs ======================

AboutTime
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11
AI RoboForm (All Users)
AiO_Scan_CDA
AiOSoftwareNPI
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATT-PRT22
Avance AC'97 Audio
AVG Free 8.5
Belarc Advisor 7.2
Bonjour
BufferChm
CD Key Reader
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
DocProc
Download Updater (AOL LLC)
Easy CD Creator 5 Basic
Encarta Online
eSupportQFolder
Eusing Free Registry Cleaner
F300
F300_Help
F300Trb
Fax_CDA
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
InterVideo WinDVD
IrfanView (remove only)
iTunes
Java(TM) 6 Update 15
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Microsoft Works 7.0
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NewCopy_CDA
PC Tools Firewall Plus 5.0
Pdf995
ProductContextNPI
QuickTime
Readme
RealOne Player
Safari
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Signature995
SiS M650
SMSC IrCC V5.1.3600.3 SP1
SoftK56 Data Fax CARP
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Toolbox
TrayApp
Uninstall AOL Emergency Connect Utility 1.0
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WARP Video 2
WeatherBug
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Word in Works Suite add-in
Zip995

==== Event Viewer Messages From Past Week ========

10/23/2009 9:38:39 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/23/2009 9:08:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/23/2009 8:53:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/23/2009 8:52:16 AM, error: WinDefend [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.69.18.0 Loading engine version: 1.1.4903.0
10/23/2009 8:01:51 AM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/23/2009 5:48:28 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/23/2009 5:48:15 AM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
10/23/2009 5:47:57 AM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
10/23/2009 10:45:08 AM, error: WinDefend [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.69.18.0 Loading engine version: 1.1.5202.0
10/22/2009 9:58:52 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/22/2009 9:56:34 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 10:53:18 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/22/2009 10:40:51 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 10:40:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/22/2009 10:28:04 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 2 time(s).
10/22/2009 10:26:53 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 10:26:33 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 10:26:26 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
10/20/2009 3:18:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the LogMeIn service.

==== End Of File ===========================

* * * *

Best Regards,

Doug

 

Thank you very much for your assistance.

I have posted the HijackThis log below.

In addition I did the following:

1 - Downloaded and ran the ComboFix
2 - Downloaded and ran RemoveAVG
3 - Downloaded and installed HijackThis

I can now brwose the Internet with any browser. Evidently, some type of Mal-ware had damaged my AVG and it thought that anything was an intruder (except Safari).

Thanks again........a lesson well learned. It's nice for someone to hit me with a 2x4 every now and again.

Best Regards,

Doug

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:22 AM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AboutTime\AboutTime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java13\jre6\bin\jqs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java13\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java13\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java13\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Shortcut to AboutTime.lnk = C:\Program Files\AboutTime\AboutTime.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CCAA317-C38B-486C-8960-FAB8CC2F12F0}: NameServer = 205.152.37.23,205.152.132.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java13\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9260 bytes

 

Thank you for the suggestions. I have already dumped the AVG. I installed the Free Microsoft virus protection until I can evaluate these others that you listed. I have many computers that I keep going for people. Some of he seniors in my church bring me their computers to fix 'cause I do it as a ministry at no charge.

Sorry but I had already deleted the ComboFix log after the scan that cleared up the problem. I could run it again and send you the log but I'm afraid that it would not show what was there during the first scan.

 

My deepest apologies. There was no disrespect intended. Actually, I did not delete the log file as I had thought but did not realize that until I completed the following. The problem is, ComboFix over-wrote the old one 'cause I was too stupid to rename it. Again, no disrespect intended. Thank you very much for your assistance with this.

Here is the latest log:

ComboFix 09-10-24.01 - Debbie 10/24/2009 22:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.697 [GMT -5:00]
Running from: c:\docume~1\Debbie\LOCALS~1\Temp\yhjryybl.tmp\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Debbie\My Documents\102409-2015.reg

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-24 16:44 . 2009-10-24 16:44 -------- d-----w- c:\program files\Trend Micro
2009-10-24 16:11 . 2009-10-24 16:11 -------- d-----w- c:\program files\iPod
2009-10-24 16:10 . 2009-10-24 16:13 -------- d-----w- c:\program files\iTunes
2009-10-24 02:24 . 2009-10-24 02:24 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-23 15:41 . 2009-10-23 15:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-23 15:37 . 2009-10-23 15:37 -------- d-----w- C:\ERDNT
2009-10-23 15:35 . 2009-10-23 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-23 15:19 . 2009-10-23 15:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-10-23 10:10 . 2009-10-23 15:38 -------- dc-h--w- c:\windows\ie8
2009-10-22 14:53 . 2009-10-22 14:53 -------- d-----w- c:\documents and settings\Debbie\Application Data\Malwarebytes
2009-10-22 14:52 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 14:52 . 2009-10-22 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 14:52 . 2009-10-23 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 14:52 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 14:50 . 2009-10-23 15:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 14:50 . 2009-10-22 14:50 -------- d-----w- c:\documents and settings\Debbie\Application Data\SUPERAntiSpyware.com
2009-10-03 04:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 22:45 . 2009-10-23 15:27 -------- d-----w- c:\documents and settings\Debbie\Application Data\Move Networks
2009-09-29 20:37 . 2009-09-29 20:37 34668 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 01:15 . 2008-08-23 20:45 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-10-24 16:19 . 2003-02-12 21:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-24 16:11 . 2008-08-24 00:59 -------- d-----w- c:\program files\Common Files\Apple
2009-10-24 15:56 . 2009-07-13 15:52 -------- d-----w- c:\program files\Java13
2009-10-24 15:45 . 2009-07-13 15:28 -------- d-----w- c:\program files\LogMeIn
2009-10-24 02:15 . 2008-08-23 19:52 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-24 02:15 . 2008-08-23 19:52 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-10-24 02:13 . 2008-08-23 19:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-24 01:45 . 2009-07-13 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-23 15:37 . 2008-10-08 23:53 -------- d-----w- c:\program files\Google
2009-10-23 15:24 . 2009-09-14 15:05 -------- d-----w- c:\program files\QuickTime
2009-10-23 15:19 . 2009-03-20 03:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-22 16:21 . 2009-07-13 16:13 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-22 14:49 . 2008-08-23 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-01 15:31 . 2009-07-13 15:29 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 15:31 . 2009-07-13 15:29 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 15:31 . 2009-07-13 15:28 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-25 15:29 . 2008-08-24 01:04 -------- d-----w- c:\documents and settings\Debbie\Application Data\Apple Computer
2009-09-14 15:13 . 2009-09-14 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 14:18 . 2002-12-14 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 15:31 . 2008-10-17 01:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 15:31 . 2008-10-17 01:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2002-12-14 08:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 14:57 . 2008-08-30 13:48 -------- d-----w- c:\program files\Safari
2009-08-29 08:08 . 2002-12-14 08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-06-29 22:08 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:42 . 2008-10-06 18:12 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2002-12-14 08:20 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2008-08-23 18:14 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2008-08-23 18:14 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2008-08-23 18:14 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-07-31 00:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2002-12-14 08:21 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2002-12-14 08:16 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2008-08-23 18:14 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-20 14:45 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-20 14:45 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2002-12-14 08:21 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-14 08:19 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2002-12-14 08:19 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-12-14 08:19 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-02 13:05 . 2008-08-23 20:35 335 ----a-w- c:\windows\nsreg.dat
2009-07-31 20:23 . 2009-07-13 15:53 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-03 692316]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched "= "c:\program files\Java13\jre6\bin\jusched.exe" [2009-07-31 149280]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Debbie\Start Menu\Programs\Startup\
Shortcut to AboutTime.lnk - c:\program files\AboutTime\AboutTime.exe [1999-11-19 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-22 15:35 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 15:31 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AboutTime\\AboutTime.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Documents and Settings\\Debbie\\Application Data\\Vusion\\WARPVideoStreamer.exe "=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe "=
"c:\\Program Files\\Common Files\\aol\\1249218777\\ee\\aolsoftware.exe "=
"c:\\Program Files\\AOL 9.1\\waol.exe "=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe "=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 74480]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/13/2009 10:29 AM 47640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2/12/2003 4:12 PM 158612]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2009-10-25 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{9380EFFF-8FBD-4495-BB7E-7FD9847A9964}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: {6CCAA317-C38B-486C-8960-FAB8CC2F12F0} = 205.152.37.23,205.152.132.23
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\drmoto1x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\drmoto1x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Debbie\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Debbie\Application Data\Vusion\npWARPVideoPlugin.394712.dll
FF - plugin: c:\documents and settings\Debbie\Application Data\Vusion\warpvideo@vusion.com\platform\WINNT_x86-msvc\plugins\npWARPVideoPlugin.dll
FF - plugin: c:\program files\Java13\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java13\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 22:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-25 22:33
ComboFix-quarantined-files.txt 2009-10-25 03:33
ComboFix2.txt 2009-10-24 00:11

Pre-Run: 35,114,508,288 bytes free
Post-Run: 35,085,688,832 bytes free

- - End Of File - - 93991A4111F2786F0D3022E3C7E357C9

 

Thank you for your assistance.

I will complete the above step as soon as possible. I had to put this laptop back in service sooner that I had planned.

Sometimes these things are totally out of my control.

 

DrWeb.csv Log File

dnary.mdb;C:\WINDOWS\system32\ias;Probably SCRIPT.Virus;;
prt22.EXE/data009\data003;C:\Program Files\ATT-PRT22-WISE\nullsoft\prt22.EXE/data009;Probably DLOADER.Trojan;;
data009;C:\Program Files\ATT-PRT22-WISE\nullsoft;Archive contains infected objects;;
prt22.EXE;C:\Program Files\ATT-PRT22-WISE\nullsoft;Archive contains infected objects;Moved.;
A0079189.EXE/data009\data003;C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP422\A0079189.EXE/data009;Probably DLOADER.Trojan;;
data009;C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP422;Archive contains infected objects;;
A0079189.EXE;C:\System Volume Information\_restore{242CA479-E471-469F-8A21-D2E6DA14EAB9}\RP422;Archive contains infected objects;Moved.;
MallTycoon3Setup-dm.exe;F:\My Documents\My Pictures;Adware.TryMedia;;

HijackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:26 PM, on 10/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java13\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java13\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AboutTime\AboutTime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Debbie\LOCALS~1\Temp\dc98268494\cue4vq.exe
C:\DOCUME~1\Debbie\LOCALS~1\Temp\dc98268494\4b637XP.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java13\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java13\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java13\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Shortcut to AboutTime.lnk = C:\Program Files\AboutTime\AboutTime.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CCAA317-C38B-486C-8960-FAB8CC2F12F0}: NameServer = 205.152.37.23,205.152.132.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java13\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9588 bytes

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:04 AM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java13\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AboutTime\AboutTime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java13\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java13\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Shortcut to AboutTime.lnk = C:\Program Files\AboutTime\AboutTime.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CCAA317-C38B-486C-8960-FAB8CC2F12F0}: NameServer = 205.152.37.23,205.152.132.23
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java13\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7557 bytes

 

Broni,

Thank you for your assistance. You have been a great help. Where could I go for resources on how to read the logs of the various tools that you use such as ComboFix, DrWeb, etc.?

Best Regards,

Doug

 

Again, Thank you very much for the assistance and Also Thank you for the link for the schools. I WILL take advantage of the oppurtunity for FREE anything.



Doug