I Believe My Pc is Infected with Some Sort of Malware or Virus

**crazythumbs23** · 25th May 2011

i have an hp pavilion slimeline running windows vista....up to last week all was working great, but now the computer is running super slow, and at start up i start to get all kinds of crazy pop ups and struff....i tried searching for some sort of checklist to help me rid my self of these items but to no avail..... can anybody help???

**Superdave** · 26th May 2011

Hello and welcome to Computer Juice Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1.I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2.The fixes are specific to your problem and should only be used for this issue on this machine.
3.If you don't know or understand something, please don't hesitate to ask.
4.Please DO NOT run any other tools or scans whilst I am helping you.
5.It is important that you reply to this thread. Do not start a new topic.
6.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7.Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
************************************************** ******
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

**crazythumbs23** · 30th May 2011

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/26/2011 at 11:44 PM

Application Version : 4.53.1000

Core Rules Database Version : 7151
Trace Rules Database Version: 4963

Scan type : Complete Scan
Total Scan Time : 02:22:30

Memory items scanned : 761
Memory threats detected : 0
Registry items scanned : 9241
Registry threats detected : 0
File items scanned : 206487
File threats detected : 206

Adware.Tracking Cookie
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\maggie@www.stopzilla[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\maggie@stopzilla[2].txt
www.kaputmedia.com [ C:\Users\maggie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8VWPMPT8 ]
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@2o7[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@ad.wsod[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@ad.yieldmanager[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@adbrite[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@ads.pointroll[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@advertise[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@advertising[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@atdmt[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@casalemedia[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@content.yieldmanager[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@content.yieldmanager[3].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@doubleclick[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@fastclick[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@householdaccount[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@insightexpressai[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@interclick[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@invitemedia[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@lucidmedia[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@media6degrees[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@pointroll[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@questionmarket[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@ru4[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@specificclick[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@statse.webtrendslive[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@tracking.servedbyy[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@trafficmp[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@www.cpcadnet[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@www.cpcadnet[2].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@www.find-quick-results[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\maggie@zedo[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\maggie@avgtechnologies.112.2o7[1].txt
C:\Users\maggie\AppData\Roaming\Microsoft\Windows\ Cookies\maggie@www.stopzilla[1].txt
.avgtechnologies.112.2o7.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.atdmt.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.atdmt.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.revsci.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.revsci.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.revsci.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.revsci.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.revsci.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.apmebf.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\cookies.sqlite ]
convoad.technoratimedia.net [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
crackle.com [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
media.kyte.tv [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
s0.2mdn.net [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\R oaming\Macromedia\Flash Player\#SharedObjects\YKRLEYE4 ]
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@ad.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@ad.yieldmanager[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@ads.bighealthtree[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@ads.undertone[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@citi.bridgetrack[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@content.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@dc.tremormedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@findlawonline[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@lucidmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@m1.mediasrv[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@m1.mediasrv[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@media6degrees[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@mediatraffic[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@myroitracking[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@trafficking.nabbr[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@tribalfusion[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@uiadserver[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\maggie-pc$@vidasco.rotator.hadj7.adjuggler[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@247realmed ia[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@2o7[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@a1.intercl ick[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.doublec lick[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.yieldma nager[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.yieldma nager[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.yieldma nager[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.yieldma nager[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ads.blogta lkradio[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ads.pointr oll[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ads.undert one[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adserv.bra ndaffinity[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adserver.a dtechus[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adserver.a dtechus[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adserving. versaneeds[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertise[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertisin g[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertisin g[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertisin g[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertisin g[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@advertnati on[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adxpose[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@adxpower[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@atdmt[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@click.fast partner[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@clicks.the specialsearch[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@clickthrou gh.kanoodle[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@content.yi eldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@content.yi eldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@dc.tremorm edia[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@dc.tremorm edia[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@dc.tremorm edia[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@dc.tremorm edia[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@doubleclic k[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@eas.apm.em ediate[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ehg-wss.hitbox[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@enhance[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@findology[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@findology[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@harrenmedi anetwork[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@harrenmedi anetwork[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@hitbox[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@imrworldwi de[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@imrworldwi de[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@imrworldwi de[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@insightexp ressai[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@invitemedi a[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@invitemedi a[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@invitemedi a[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@invitemedi a[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@invitemedi a[5].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@kontera[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@lucidmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@lucidmedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@lucidmedia[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@lucidmedia[5].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@media.adfr ontiers[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@mediabrand sww[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@mediabrand sww[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@mediabrand sww[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@network.re almedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@pro-market[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@questionma rket[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@r1-ads.ace.advertising[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@realmedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ru4[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ru4[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@servedby.a dxpower[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@serving-sys[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@serving-sys[5].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@statcounte r[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@statcounte r[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@statcounte r[4].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@track.clic kpayz[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@tribalfusi on[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@tribalfusi on[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@uiadserver[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@vidasco.ro tator.hadj7.adjuggler[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@vidasco.ro tator.hadj7.adjuggler[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@viewableme dia[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@www.find-quick-results[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@www.find-quick-results[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@www.find-quick-results[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@www.findev en[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@xml.traffi cengine[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@yieldmanag er[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@zedo[2].txt

Trojan.Agent/Gen-Falcomp
C:\USERS\MAGGIE\APPDATA\LOCAL\TEMP\302B.TMP
C:\WINDOWS\TEMP\SET48DB.TMP

Trojan.Agent/Gen-RogueAV
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\L OCAL\TWHBOZLUAN.EXE
C:\Windows\Prefetch\TWHBOZLUAN.EXE-6C08AC01.pf

Trojan.Agent/Gen-FraudAV
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\L OCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\53\3331AC75-7B55B40B
C:\WINDOWS\TEMP\0.8759813077884102.EXE

Trojan.Agent/Gen-FakeAlert
C:\WINDOWS\TEMP\0.8426356719905104.EXE
C:\WINDOWS\TEMP\0.8752409337254125.EXE
C:\WINDOWS\TEMP\0.941526219494921.EXE

Trojan.FakeAlert[Heuristic]
C:\WINDOWS\TEMP\UMVB\SETUP.EXE
C:\Windows\Prefetch\SETUP.EXE-62F758B2.pf

Trojan.Agent/Gen-FakeAlert[VideoSoft]
C:\WINDOWS\TEMP\WZR.EXE
C:\WINDOWS\TEMP\WZS.EXE
C:\Windows\Prefetch\WZR.EXE-26DB811E.pf
C:\Windows\Prefetch\WZS.EXE-3A313BA3.pf

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048

5/28/2011 2:49:55 PM
mbam-log-2011-05-28 (14-49-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 346317
Time elapsed: 39 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\0.2613498661795931.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

DDS (Ver_2011-05-26.01) - NTFS_x86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
Run by maggie at 22:19:09 on 2011-05-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1625 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\CYBERL~1\SHARED~1\RICHVI~1.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
uURLSearchHooks: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
mURLSearchHooks: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatic ea.exe /fu "c:\windows\temp\E_SFA45.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatig ca.exe /fu "c:\windows\temp\E_S9B66.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu. exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistart menu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [PCDrProfiler] "c:\program files\pc-doctor for windows\RunProfiler.exe" -r
StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maggie\appdata\roaming\mozilla\firefox\pr ofiles\4ri1o2pu.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\maggie\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\maggie\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-5 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-5 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-5 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-28 10:58:12 -------- d-----w- c:\users\maggie\appdata\roaming\Malwarebytes
2011-05-28 10:57:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 10:57:34 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 10:57:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 10:57:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-27 01:17:16 -------- d-----w- c:\users\maggie\appdata\roaming\SUPERAntiSpyware.c om
2011-05-27 01:17:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-27 01:17:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-25 02:35:26 -------- d-----w- c:\programdata\STOPzilla!
2011-05-25 02:35:26 -------- d-----w- c:\program files\STOPzilla!
2011-05-25 02:35:26 -------- d-----w- c:\program files\common files\iS3
2011-05-25 02:28:16 0 ----a-w- c:\users\maggie\appdata\roaming\4ri1o2pu.default.t mp
2011-05-25 02:23:29 -------- d-----w- c:\users\maggie\appdata\roaming\5015
2011-05-25 02:23:22 112 ----a-w- c:\users\maggie\appdata\roaming\srvblck2.tmp
2011-05-25 02:23:16 -------- d-----w- c:\users\maggie\appdata\roaming\xmldm
2011-05-25 02:23:16 -------- d-----w- c:\users\maggie\appdata\roaming\kock
2011-05-08 17:56:28 -------- d-----w- c:\programdata\lH28601PnCeA28601
2011-05-08 11:24:43 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2011-05-05 13:54:23 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2008-12-09 15:23:13 48352 --sh--r- c:\windows\system32\config\systemprofile\appdata\r oaming\appconf32.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x868CE6F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868d4a10]; MOV EAX, [0x868d4a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82285912] -> \Device\Harddisk0\DR0[0x86237AC8]
3 CLASSPNP[0x8072D8B3] -> ntkrnlpa!IofCallDriver[0x82285912] -> [0x848A6848]
5 acpi[0x8060A6BC] -> ntkrnlpa!IofCallDriver[0x82285912] -> [0x8490CC90]
\Driver\nvstor32[0x86746328] -> IRP_MJ_CREATE -> 0x868CE6F0
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\00000055 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-65M0A#4&1904635f&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:20:38.38 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-05-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2009 3:43:20 AM
System Uptime: 5/29/2011 10:07:59 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Acacia
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 183.4 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.295 GiB free.
E: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
Bonjour
CCleaner
Cisco Connect
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite Deluxe
Elf 1.15 Toolbar
Enhanced Multimedia Keyboard Solution
Epson Event Manager
EPSON NX420 Series Printer Uninstall
EPSON Printer Software
EPSON Scan
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PictureMover
Power2Go
PowerDirector
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Soft Data Fax Modem with SmartCP
SPORE Creature Creator Trial Edition
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Verizon Media Manager
WinRAR archiver
WinZip 15.0
.
==== End Of File ===========================

**Superdave** · 30th May 2011

Download OTL to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************** ***********

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

**crazythumbs23** · 31st May 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: maggie
->Temp folder emptied: 15899126 bytes
->Temporary Internet Files folder emptied: 78622682 bytes
->Java cache emptied: 36070 bytes
->FireFox cache emptied: 52185100 bytes
->Apple Safari cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91648596 bytes
RecycleBin emptied: 1308841 bytes

Total Files Cleaned = 229.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_224713

Files\Folders moved on Reboot...
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\P5XVOA7V\0L2Fkcy9kYXRhL2 M4Y2M0NTk1MzA3NDFmZTQzMmUwNjRjYTUwMzUwOWNlL2NmMTg0 OW
M5ZjViNDk0
YmVkMDBmYTdhOGE0NTQ1MWZmL3RtcC9lMTZlYTlkNTc0MTQxNG UzMmYyOTYxNDI1OTdlM2Q2Mg==[1].png not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\P5XVOA7V\DbWRiBGNkbgMEcG cDBHBsX3MDBHBscl9zA1VhQmZMQ1Q3RWpDZDZoNmtuZnRCTXEE cm
QDdGVjaHRp
Y2tlci5maW5hbmNlLnlhaG9vLmNvbQRzZWMDcGIEc2lkAwRzbG sDcHMtMQR2aWQDMjUxMTYzMDM-[1].gif not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\P5XVOA7V\wMDAyZjFmYTMyNQ RwbHJfcwNVYUJmTENUN0VqQ2Q2aDZrbmZ0Qk1xBHJkA3RlY2h0 aWNr
ZXIuZmluYW5jZS55Y
Whvby5jb20Ec2VjA3BiBHNpZAMxMjM2MzAyMTEEc2xrA3BzMTA EdmlkAzI1MTE2MzAz[1].gif not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\FC4Z2C7V\0L2Fkcy9kYXRhL2 M4Y2M0NTk1MzA3NDFmZTQzMmUwNjRjYTUwMzUwOWNlL2NmMTg0 OWM
5ZjViNDk0YmVkMDBm
YTdhOGE0NTQ1MWZmL3RtcC8xMDE4ZjdmYmZmY2RjZGNhMzM0OT dlZTUzYWVlZDRkNQ==[1].png not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\FC4Z2C7V\wMDAyZjFmYTMyNQ RwbHJfcwNVYUJmTENUN0VqQ2Q2aDZrbmZ0Qk1xBHJkA3RlY2h0 aWNrZXIu
ZmluYW5jZS55YWhvby5jb20Ec2Vj
A3BiBHNpZAMxMjM2MzAyMTEEc2xrA3NrBHZpZAMyNTExNjMwMw--[1].gif not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\BS25G2MN\jYXQDbWRiBGNkbg MEcGcDBHBsX3MDBHBscl9zA1VhQmZMQ1Q3RWpDZDZoNmtuZnRC TXEEcm
QDdGVjaHRpY2tlci5maW5hbmNlLnlhaG
9vLmNvbQRzZWMDcGIEc2lkAwRzbGsDbGQEdmlkAzI1MTE2MzAz[1].gif not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\BS25G2MN\wMDAyZjFmYTMyNQ RwbHJfcwNVYUJmTENUN0VqQ2Q2aDZrbmZ0Qk1xBHJkA3RlY2h0 aWNrZXIu
ZmluYW5jZS55YWhvby5jb20Ec2VjA3BiBH
NpZAMxMjM2MzAyMTEEc2xrA3BzMjAEdmlkAzI1MTE2MzAz[1].gif not found!
File\Folder C:\Users\maggie\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low(53)\Content.IE5\32B40GGZ\wMDAyZjFmYTMyNQ RwbHJfcwNVYUJmTENUN0VqQ2Q2aDZrbmZ0Qk1xBHJkA3RlY2h0 aWNrZXIu
ZmluYW5jZS55YWhvby5jb20Ec2VjA3BiBHNp
ZAMxMjM2MzAyMTEEc2xrA3BzMAR2aWQDMjUxMTYzMDM-[1].gif not found!

Registry entries deleted on Reboot...

2011/05/30 22:56:59.0289 0960 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 22:56:59.0644 0960 ================================================== ==============================
2011/05/30 22:56:59.0644 0960 SystemInfo:
2011/05/30 22:56:59.0644 0960
2011/05/30 22:56:59.0644 0960 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/30 22:56:59.0644 0960 Product type: Workstation
2011/05/30 22:56:59.0644 0960 ComputerName: MAGGIE-PC
2011/05/30 22:56:59.0644 0960 UserName: maggie
2011/05/30 22:56:59.0644 0960 Windows directory: C:\Windows
2011/05/30 22:56:59.0644 0960 System windows directory: C:\Windows
2011/05/30 22:56:59.0644 0960 Processor architecture: Intel x86
2011/05/30 22:56:59.0644 0960 Number of processors: 2
2011/05/30 22:56:59.0644 0960 Page size: 0x1000
2011/05/30 22:56:59.0644 0960 Boot type: Normal boot
2011/05/30 22:56:59.0644 0960 ================================================== ==============================
2011/05/30 22:57:00.0075 0960 Initialize success
2011/05/30 22:57:07.0836 5456 ================================================== ==============================
2011/05/30 22:57:07.0836 5456 Scan started
2011/05/30 22:57:07.0836 5456 Mode: Manual;
2011/05/30 22:57:07.0836 5456 ================================================== ==============================
2011/05/30 22:57:08.0218 5456 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/30 22:57:08.0301 5456 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/30 22:57:08.0345 5456 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/30 22:57:08.0389 5456 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/30 22:57:08.0431 5456 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/30 22:57:08.0517 5456 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/30 22:57:08.0595 5456 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/30 22:57:08.0632 5456 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/30 22:57:08.0666 5456 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/30 22:57:08.0700 5456 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/30 22:57:08.0748 5456 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/30 22:57:08.0801 5456 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/30 22:57:08.0835 5456 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/30 22:57:08.0899 5456 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/30 22:57:08.0960 5456 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/30 22:57:09.0028 5456 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 22:57:09.0063 5456 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/30 22:57:09.0160 5456 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/05/30 22:57:09.0207 5456 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/05/30 22:57:09.0265 5456 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2011/05/30 22:57:09.0350 5456 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/30 22:57:09.0441 5456 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/30 22:57:09.0518 5456 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 22:57:09.0573 5456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/30 22:57:09.0597 5456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/30 22:57:09.0641 5456 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/30 22:57:09.0675 5456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/30 22:57:09.0703 5456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/30 22:57:09.0735 5456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/30 22:57:09.0758 5456 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/30 22:57:09.0816 5456 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 22:57:09.0845 5456 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 22:57:09.0878 5456 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/30 22:57:09.0937 5456 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/30 22:57:10.0010 5456 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/30 22:57:10.0032 5456 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/30 22:57:10.0066 5456 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/30 22:57:10.0094 5456 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/30 22:57:10.0172 5456 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 22:57:10.0262 5456 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/30 22:57:10.0336 5456 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 22:57:10.0392 5456 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 22:57:10.0471 5456 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/30 22:57:10.0535 5456 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/30 22:57:10.0587 5456 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/30 22:57:10.0663 5456 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/30 22:57:10.0747 5456 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/30 22:57:10.0812 5456 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 22:57:10.0839 5456 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/30 22:57:10.0881 5456 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 22:57:10.0910 5456 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 22:57:10.0936 5456 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/30 22:57:10.0995 5456 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 22:57:11.0068 5456 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 22:57:11.0091 5456 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/30 22:57:11.0134 5456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/30 22:57:11.0196 5456 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 22:57:11.0237 5456 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/30 22:57:11.0261 5456 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/30 22:57:11.0317 5456 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 22:57:11.0383 5456 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/30 22:57:11.0469 5456 HSF_DP (78c88781fbd2fdd3bcba09f58897fe45) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/05/30 22:57:11.0515 5456 HSXHWBS2 (1e289f978d1e6f11db88d4fcb2f9d92f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/05/30 22:57:11.0581 5456 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 22:57:11.0623 5456 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/30 22:57:11.0693 5456 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 22:57:11.0744 5456 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/30 22:57:11.0799 5456 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/30 22:57:11.0911 5456 IntcAzAudAddService (0e70e4485f0ed782248e26353a08d312) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/30 22:57:11.0996 5456 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/30 22:57:12.0024 5456 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 22:57:12.0092 5456 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/30 22:57:12.0148 5456 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/30 22:57:12.0182 5456 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/30 22:57:12.0228 5456 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/30 22:57:12.0252 5456 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/30 22:57:12.0300 5456 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/30 22:57:12.0331 5456 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/30 22:57:12.0358 5456 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/30 22:57:12.0411 5456 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 22:57:12.0461 5456 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/30 22:57:12.0539 5456 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 22:57:12.0605 5456 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 22:57:12.0663 5456 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/30 22:57:12.0690 5456 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/30 22:57:12.0735 5456 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/30 22:57:12.0761 5456 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/30 22:57:12.0837 5456 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/30 22:57:12.0891 5456 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/30 22:57:12.0928 5456 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/30 22:57:13.0005 5456 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/30 22:57:13.0073 5456 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 22:57:13.0118 5456 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 22:57:13.0179 5456 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 22:57:13.0217 5456 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 22:57:13.0249 5456 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/30 22:57:13.0293 5456 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 22:57:13.0365 5456 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/30 22:57:13.0431 5456 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 22:57:13.0469 5456 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 22:57:13.0513 5456 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 22:57:13.0548 5456 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 22:57:13.0583 5456 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/30 22:57:13.0612 5456 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/30 22:57:13.0661 5456 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 22:57:13.0677 5456 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/30 22:57:13.0746 5456 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 22:57:13.0796 5456 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 22:57:13.0820 5456 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 22:57:13.0874 5456 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 22:57:13.0912 5456 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 22:57:13.0963 5456 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 22:57:13.0990 5456 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/30 22:57:14.0076 5456 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 22:57:14.0155 5456 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/30 22:57:14.0238 5456 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 22:57:14.0260 5456 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 22:57:14.0313 5456 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 22:57:14.0335 5456 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 22:57:14.0392 5456 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 22:57:14.0457 5456 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 22:57:14.0521 5456 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/30 22:57:14.0565 5456 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 22:57:14.0619 5456 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 22:57:14.0726 5456 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 22:57:14.0785 5456 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/30 22:57:14.0815 5456 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/30 22:57:14.0906 5456 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/05/30 22:57:15.0122 5456 nvlddmkm (7bc6fb1f3aa696944ceb46d038fa90ed) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/30 22:57:15.0314 5456 NVNET (d02b697f105de7f7e3e0b115d8bfb8f3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/30 22:57:15.0350 5456 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/30 22:57:15.0387 5456 nvrd32 (085e88101d0d4b321abf9c7e2b6ee99d) C:\Windows\system32\drivers\nvrd32.sys
2011/05/30 22:57:15.0457 5456 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
2011/05/30 22:57:15.0484 5456 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/30 22:57:15.0544 5456 nvstor32 (1199b2052f7861c1d39c2318e70904c9) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/30 22:57:15.0611 5456 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/30 22:57:15.0721 5456 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/30 22:57:15.0793 5456 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/30 22:57:15.0854 5456 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 22:57:15.0882 5456 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/30 22:57:15.0926 5456 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/30 22:57:15.0989 5456 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/30 22:57:16.0018 5456 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/30 22:57:16.0086 5456 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/30 22:57:16.0185 5456 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 22:57:16.0214 5456 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/30 22:57:16.0299 5456 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/05/30 22:57:16.0370 5456 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 22:57:16.0469 5456 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/30 22:57:16.0518 5456 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/30 22:57:16.0575 5456 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 22:57:16.0617 5456 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 22:57:16.0671 5456 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 22:57:16.0738 5456 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 22:57:16.0767 5456 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/30 22:57:16.0834 5456 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 22:57:16.0867 5456 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 22:57:16.0903 5456 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/30 22:57:16.0927 5456 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 22:57:16.0987 5456 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 22:57:17.0056 5456 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/05/30 22:57:17.0119 5456 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/05/30 22:57:17.0182 5456 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/05/30 22:57:17.0214 5456 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/30 22:57:17.0250 5456 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 22:57:17.0282 5456 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/30 22:57:17.0335 5456 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 22:57:17.0370 5456 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/30 22:57:17.0395 5456 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/30 22:57:17.0418 5456 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/30 22:57:17.0463 5456 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/30 22:57:17.0485 5456 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/30 22:57:17.0501 5456 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/30 22:57:17.0532 5456 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/30 22:57:17.0567 5456 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/30 22:57:17.0595 5456 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/30 22:57:17.0621 5456 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/30 22:57:17.0697 5456 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 22:57:17.0753 5456 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/30 22:57:17.0801 5456 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 22:57:17.0845 5456 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 22:57:17.0883 5456 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 22:57:17.0950 5456 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 22:57:17.0980 5456 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/30 22:57:18.0008 5456 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/30 22:57:18.0037 5456 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/30 22:57:18.0140 5456 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 22:57:18.0190 5456 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 22:57:18.0255 5456 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 22:57:18.0277 5456 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 22:57:18.0301 5456 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 22:57:18.0340 5456 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 22:57:18.0393 5456 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 22:57:18.0461 5456 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 22:57:18.0513 5456 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/30 22:57:18.0554 5456 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 22:57:18.0596 5456 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/30 22:57:18.0644 5456 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 22:57:18.0705 5456 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/30 22:57:18.0756 5456 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/30 22:57:18.0796 5456 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/30 22:57:18.0825 5456 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/30 22:57:18.0857 5456 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 22:57:18.0908 5456 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/30 22:57:18.0978 5456 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 22:57:19.0037 5456 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/30 22:57:19.0114 5456 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 22:57:19.0156 5456 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 22:57:19.0226 5456 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/30 22:57:19.0259 5456 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/30 22:57:19.0325 5456 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/30 22:57:19.0358 5456 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 22:57:19.0394 5456 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 22:57:19.0426 5456 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/30 22:57:19.0484 5456 USB_RNDIS_XP (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
2011/05/30 22:57:19.0548 5456 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 22:57:19.0572 5456 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/30 22:57:19.0597 5456 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/30 22:57:19.0622 5456 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/30 22:57:19.0652 5456 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/30 22:57:19.0685 5456 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/30 22:57:19.0748 5456 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 22:57:19.0808 5456 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/30 22:57:19.0843 5456 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/30 22:57:19.0891 5456 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/30 22:57:19.0920 5456 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 22:57:19.0955 5456 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 22:57:20.0013 5456 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/30 22:57:20.0052 5456 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 22:57:20.0147 5456 winachsf (0869c31e0ff995bf00628af8c1658e26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/30 22:57:20.0241 5456 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/30 22:57:20.0341 5456 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/30 22:57:20.0379 5456 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 22:57:20.0464 5456 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/30 22:57:20.0499 5456 XAudio (bfcc507eca58f11c5fed96e192b878cb) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/30 22:57:20.0626 5456 {55662437-DA8C-40c0-AADA-2C816A897A49} (bdfde977f5e88a539187aef24ded7c40) c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
2011/05/30 22:57:20.0666 5456 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
2011/05/30 22:57:20.0877 5456 ================================================== ==============================
2011/05/30 22:57:20.0877 5456 Scan finished
2011/05/30 22:57:20.0877 5456 ================================================== ==============================
2011/05/30 22:57:20.0912 5428 Detected object count: 0
2011/05/30 22:57:20.0912 5428 Actual detected object count: 0

**Superdave** · 31st May 2011

Please run another scan with DDS and post the two logs.

**crazythumbs23** · 1st Jun 2011

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
Run by maggie at 22:30:44 on 2011-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1296 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\maggie\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
uURLSearchHooks: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
mURLSearchHooks: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: Elf 1.15 Toolbar: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - c:\program files\elf_1.15\tbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatic ea.exe /fu "c:\windows\temp\E_SFA45.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatig ca.exe /fu "c:\windows\temp\E_S9B66.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Ac tiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu. exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistart menu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [PCDrProfiler] "c:\program files\pc-doctor for windows\RunProfiler.exe" -r
StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maggie\appdata\roaming\mozilla\firefox\pr ofiles\4ri1o2pu.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\maggie\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\maggie\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-5 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-5 243024]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-5 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-31 02:47:13 -------- d-----w- C:\_OTL
2011-05-28 10:58:12 -------- d-----w- c:\users\maggie\appdata\roaming\Malwarebytes
2011-05-28 10:57:34 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 10:57:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-27 01:17:16 -------- d-----w- c:\users\maggie\appdata\roaming\SUPERAntiSpyware.c om
2011-05-27 01:17:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-27 01:17:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-25 02:35:26 -------- d-----w- c:\programdata\STOPzilla!
2011-05-25 02:35:26 -------- d-----w- c:\program files\STOPzilla!
2011-05-25 02:35:26 -------- d-----w- c:\program files\common files\iS3
2011-05-25 02:28:16 0 ----a-w- c:\users\maggie\appdata\roaming\4ri1o2pu.default.t mp
2011-05-25 02:23:29 -------- d-----w- c:\users\maggie\appdata\roaming\5015
2011-05-25 02:23:22 112 ----a-w- c:\users\maggie\appdata\roaming\srvblck2.tmp
2011-05-25 02:23:16 -------- d-----w- c:\users\maggie\appdata\roaming\xmldm
2011-05-25 02:23:16 -------- d-----w- c:\users\maggie\appdata\roaming\kock
2011-05-08 17:56:28 -------- d-----w- c:\programdata\lH28601PnCeA28601
2011-05-08 11:24:43 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2008-12-09 15:23:13 48352 --sh--r- c:\windows\system32\config\systemprofile\appdata\r oaming\appconf32.exe
.
============= FINISH: 22:34:19.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2009 3:43:20 AM
System Uptime: 5/31/2011 10:23:43 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Acacia
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 184.156 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.392 GiB free.
E: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
Bonjour
CCleaner
Cisco Connect
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite Deluxe
Elf 1.15 Toolbar
Enhanced Multimedia Keyboard Solution
Epson Event Manager
EPSON NX420 Series Printer Uninstall
EPSON Printer Software
EPSON Scan
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Linksys Wireless-G USB Network Adapter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PictureMover
Power2Go
PowerDirector
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Soft Data Fax Modem with SmartCP
SPORE Creature Creator Trial Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Verizon Media Manager
WinRAR archiver
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
5/31/2011 10:25:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
5/31/2011 10:25:13 PM, Error: Service Control Manager [7024] - The AVG Free WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
5/31/2011 10:25:13 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/29/2011 11:04:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/29/2011 11:04:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
5/29/2011 10:20:41 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
5/29/2011 10:20:41 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/29/2011 10:20:41 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2011 10:20:41 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2011 10:08:38 PM, Error: EventLog [6008] - The previous system shutdown at 10:07:11 PM on 5/29/2011 was unexpected.
5/27/2011 9:50:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 9:50:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 9:49:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2011 9:49:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2011 9:49:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2011 9:49:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2011 9:49:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2011 9:49:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2011 9:48:38 PM, Error: EventLog [6008] - The previous system shutdown at 9:46:34 PM on 5/27/2011 was unexpected.
5/27/2011 9:43:14 PM, Error: EventLog [6008] - The previous system shutdown at 9:40:38 PM on 5/27/2011 was unexpected.
5/26/2011 7:56:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/26/2011 7:19:38 AM, Error: EventLog [6008] - The previous system shutdown at 7:16:37 AM on 5/26/2011 was unexpected.
5/25/2011 11:06:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 i8042prt spldr Wanarpv6
5/25/2011 11:05:17 PM, Error: EventLog [6008] - The previous system shutdown at 11:03:21 PM on 5/25/2011 was unexpected.
5/25/2011 11:03:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
5/25/2011 11:03:00 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2011 11:01:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Mobile-based device connectivity service to connect.
5/25/2011 11:01:18 PM, Error: Service Control Manager [7001] - The Windows Mobile 2003-based device connectivity service depends on the Windows Mobile-based device connectivity service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2011 11:01:18 PM, Error: Service Control Manager [7000] - The Windows Mobile-based device connectivity service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2011 11:01:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WcesComm with arguments "" in order to run the server: {FF4C4832-2BEA-4472-98A3-F931BEB8F62B}
5/25/2011 11:00:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
5/25/2011 10:59:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RapiMgr with arguments "" in order to run the server: {ED081F25-6A77-4C89-B689-C6E15C582EC1}
5/25/2011 10:46:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
5/25/2011 10:44:58 PM, Error: EventLog [6008] - The previous system shutdown at 10:42:24 PM on 5/25/2011 was unexpected.
5/25/2011 10:23:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt is3srv
5/25/2011 10:22:01 PM, Error: EventLog [6008] - The previous system shutdown at 11:03:41 PM on 5/24/2011 was unexpected.
5/24/2011 11:00:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
5/24/2011 11:00:46 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2011 10:56:59 PM, Error: EventLog [6008] - The previous system shutdown at 10:51:45 PM on 5/24/2011 was unexpected.
5/24/2011 10:50:05 PM, Error: EventLog [6008] - The previous system shutdown at 10:48:14 PM on 5/24/2011 was unexpected.
5/24/2011 10:46:29 PM, Error: EventLog [6008] - The previous system shutdown at 10:41:59 PM on 5/24/2011 was unexpected.
5/24/2011 10:33:33 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
5/24/2011 10:33:33 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

**Superdave** · 1st Jun 2011

This next scanner will not work with AVG on your computer. You can uninstall it to run the scan and then re-install it afterwards or you can download and install one of the other free AV's listed below.If you decide to go with another AV, you will have to uninstall AVG. If you have trouble doing this, please let me know and I'll provide a tool to remove it.
Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
************************************************** **
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

**crazythumbs23** · 2nd Jun 2011

ComboFix 11-06-01.04 - maggie 06/01/2011 22:52:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1886 [GMT -4:00]
Running from: c:\users\maggie\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\maggie\Akon - Right Now .mp3
c:\users\maggie\Documents\javi
c:\users\maggie\Gap Band - You Dropped A Bomb On Me - Funk Classics The 80's - .mp3
c:\users\maggie\Nucleus - Jam On It (Full) .mp3
c:\users\maggie\NWA - Easy E - Bitches Aint Shit .mp3
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 02:58 . 2011-06-02 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 02:36 . 2011-05-24 23:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C32D3D6-B1C4-4D00-A322-E41F6D727B51}\mpengine.dll
2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- C:\485fe0842b02dfa689
2011-05-31 02:47 . 2011-05-31 02:47 -------- d-----w- C:\_OTL
2011-05-31 02:37 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-28 10:58 . 2011-05-28 10:58 -------- d-----w- c:\users\maggie\AppData\Roaming\Malwarebytes
2011-05-28 10:57 . 2011-05-28 10:57 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 10:57 . 2011-05-28 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-27 01:17 . 2011-05-27 01:17 -------- d-----w- c:\users\maggie\AppData\Roaming\SUPERAntiSpyware.c om
2011-05-27 01:17 . 2011-05-27 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-27 01:17 . 2011-05-27 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-25 02:35 . 2011-05-26 02:24 -------- d-----w- c:\programdata\STOPzilla!
2011-05-25 02:35 . 2011-05-25 02:35 -------- d-----w- c:\program files\STOPzilla!
2011-05-25 02:35 . 2011-05-25 02:35 -------- d-----w- c:\program files\Common Files\iS3
2011-05-25 02:28 . 2011-05-25 02:28 0 ----a-w- c:\users\maggie\AppData\Roaming\4ri1o2pu.default.t mp
2011-05-25 02:23 . 2011-05-25 02:23 -------- d-----w- c:\users\maggie\AppData\Roaming\5015
2011-05-25 02:23 . 2011-05-25 02:23 112 ----a-w- c:\users\maggie\AppData\Roaming\srvblck2.tmp
2011-05-25 02:23 . 2011-05-25 02:23 -------- d-----w- c:\users\maggie\AppData\Roaming\xmldm
2011-05-25 02:23 . 2011-05-25 02:23 -------- d-----w- c:\users\maggie\AppData\Roaming\kock
2011-05-08 17:56 . 2011-05-08 17:56 -------- d-----w- c:\programdata\lH28601PnCeA28601
2011-05-08 00:42 . 2011-05-08 00:42 -------- d-----w- c:\windows\Sun
2011-05-07 20:34 . 2011-05-07 20:34 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-05-07 20:34 . 2011-05-07 20:34 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-24 23:14 . 2010-08-06 17:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-12 21:55 . 2011-04-27 16:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 12:20 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 12:20 1136640 ----a-w- c:\windows\system32\mfc42.dll
2008-12-09 15:23 48352 --sh--r- c:\windows\System32\config\systemprofile\AppData\R oaming\appconf32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\Elf_1.15\tbElf_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2008-09-10 77824]
.
c:\users\maggie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
FF - ProfilePath - c:\users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\maggie\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
.
.
************************************************** ************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2011-06-01 23:07:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-02 03:07
.
Pre-Run: 199,311,822,848 bytes free
Post-Run: 199,156,785,152 bytes free
.
- - End Of File - - 60276A2A7B2EFC4F611C39A5EA242507

**Superdave** · 2nd Jun 2011

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

KillAll::
File::
c:\users\maggie\AppData\Roaming\4ri1o2pu.default.t mp
c:\users\maggie\AppData\Roaming\5015
c:\users\maggie\AppData\Roaming\srvblck2.tmp
c:\users\maggie\AppData\Roaming\kock
Folder::
c:\users\maggie\AppData\Roaming\5015
c:\users\maggie\AppData\Roaming\kock
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

************************************************** *
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/
Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

**crazythumbs23** · 3rd Jun 2011

ComboFix 11-06-02.02 - maggie 06/02/2011 23:35:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1903 [GMT -4:00]
Running from: c:\users\maggie\Downloads\ComboFix.exe
Command switches used :: c:\users\maggie\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\maggie\AppData\Roaming\4ri1o2pu.default. tmp"
"c:\users\maggie\AppData\Roaming\5015"
"c:\users\maggie\AppData\Roaming\kock"
"c:\users\maggie\AppData\Roaming\srvblck2.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\maggie\AppData\Roaming\4ri1o2pu.default.t mp
c:\users\maggie\AppData\Roaming\5015
c:\users\maggie\AppData\Roaming\5015\components\Ac roFF.txt
c:\users\maggie\AppData\Roaming\5015\install.rdf
c:\users\maggie\AppData\Roaming\kock
c:\users\maggie\AppData\Roaming\srvblck2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 03:41 . 2011-06-03 03:47 -------- d-----w- c:\users\maggie\AppData\Local\temp
2011-06-03 03:41 . 2011-06-03 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 02:36 . 2011-05-24 23:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C32D3D6-B1C4-4D00-A322-E41F6D727B51}\mpengine.dll
2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- C:\485fe0842b02dfa689
2011-05-31 02:47 . 2011-05-31 02:47 -------- d-----w- C:\_OTL
2011-05-31 02:37 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-28 10:58 . 2011-05-28 10:58 -------- d-----w- c:\users\maggie\AppData\Roaming\Malwarebytes
2011-05-28 10:57 . 2011-05-28 10:57 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 10:57 . 2011-05-28 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-27 01:17 . 2011-05-27 01:17 -------- d-----w- c:\users\maggie\AppData\Roaming\SUPERAntiSpyware.c om
2011-05-27 01:17 . 2011-05-27 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-27 01:17 . 2011-05-27 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-25 02:35 . 2011-05-26 02:24 -------- d-----w- c:\programdata\STOPzilla!
2011-05-25 02:35 . 2011-05-25 02:35 -------- d-----w- c:\program files\STOPzilla!
2011-05-25 02:35 . 2011-05-25 02:35 -------- d-----w- c:\program files\Common Files\iS3
2011-05-25 02:23 . 2011-05-25 02:23 -------- d-----w- c:\users\maggie\AppData\Roaming\xmldm
2011-05-08 17:56 . 2011-05-08 17:56 -------- d-----w- c:\programdata\lH28601PnCeA28601
2011-05-08 00:42 . 2011-05-08 00:42 -------- d-----w- c:\windows\Sun
2011-05-07 20:34 . 2011-05-07 20:34 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-05-07 20:34 . 2011-05-07 20:34 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-24 23:14 . 2010-08-06 17:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-12 21:55 . 2011-04-27 16:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 12:20 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 12:20 1136640 ----a-w- c:\windows\system32\mfc42.dll
2008-12-09 15:23 48352 --sh--r- c:\windows\System32\config\systemprofile\AppData\R oaming\appconf32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\Elf_1.15\tbElf_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2008-09-10 77824]
.
c:\users\maggie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
FF - ProfilePath - c:\users\maggie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4ri1o2pu.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\maggie\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 23:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Completion time: 2011-06-02 23:49:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-03 03:49
ComboFix2.txt 2011-06-02 03:07
.
Pre-Run: 198,944,268,288 bytes free
Post-Run: 198,638,690,304 bytes free
.
- - End Of File - - 3D8AB9A54BAAD23D4D2642FDB2912A4F

SysProt AntiRootkit v1.0.1.0
by swatkat

************************************************** ****************************************
************************************************** ****************************************

No Hidden Processes found

************************************************** ****************************************
************************************************** ****************************************
No Hidden Kernel Modules found

************************************************** ****************************************
************************************************** ****************************************
No SSDT Hooks found

************************************************** ****************************************
************************************************** ****************************************
No Kernel Hooks found

************************************************** ****************************************
************************************************** ****************************************
No hidden files/folders found

**Superdave** · 3rd Jun 2011

I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

**crazythumbs23** · 5th Jun 2011

C:\Windows\System32\config\systemprofile\AppData\L ocalLow\Sun\Java\Deployment\cache\6.0\14\598a308e-21d16807 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\R oaming\appconf32.exe a variant of Win32/Spy.Banker.VYM trojan cleaned by deleting - quarantined

**Superdave** · 5th Jun 2011

How's your computer working now? Any other issues?

**crazythumbs23** · 7th Jun 2011

computer seems to be working fine, no hang-ups, surfing the net with no issues...is it completely clean now? if so i thank you very much for all your help.....

Thread Tools

Random Album Pictures

Posting Permissions