Author Topic: I'm having severe issues with Vundo, Iexplorer constantly running (Read 25017 times)

daver23 · « **on:** November 07, 2011, 08:27:41 PM »

I'm having severe issues with Vundo, Iexplorer constantly running in background, searches in yahoo & google being hijacked. I've downloaded several free anti-spyware, anti-virus programs and am having not much luck at all. I'd prefer to get this resolved instead of shelling out alot of money for a new computer since i'm dirt poor at this point. I caught the virus off a sports blog recently, but have had issues with spyware, etc. in the past. Please help with what I should do. I did have a result for Mal_vundog at some point. None of the viruses, trojans found never delete off officially. I've tried for a week now. Thanks

SuperDave · « **Reply #1 on:** November 08, 2011, 12:59:33 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

daver23 · « **Reply #2 on:** November 08, 2011, 08:05:13 PM »

Thanks. I might be a little slow responding back with scans for a couple days. I don't have much time to do all the scans simultaneously when i'm home from work. The problem with some of the scans is that you tell me to close my browser, however in the background the virus keeps re-populating iexplorer.exe in my task manager. Should I unscrew my cable modem wire when running them to keep a browser from opening, or will that not do any good?

daver23 · « **Reply #3 on:** November 08, 2011, 09:35:40 PM »

Here is the result after I ran Superantispyware Scan. I mainly keep getting just the adware cookies in the results
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2011 at 10:07 PM

Application Version : 5.0.1134

Core Rules Database Version : 7917
Trace Rules Database Version: 5729

Scan type : Complete Scan
Total Scan Time : 02:18:51

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 37150
Registry threats detected : 1
File items scanned : 72755
File threats detected : 36

Adware.Tracking Cookie
   C:\Documents and Settings\David L\Cookies\SEQEERKL.txt [ /ru4.com ]
   C:\Documents and Settings\David L\Cookies\75454F2W.txt [ /atdmt.com ]
   C:\Documents and Settings\David L\Cookies\BWRRSMI8.txt [ /invitemedia.com ]
   C:\Documents and Settings\David L\Cookies\F5ALP9XJ.txt [ /doubleclick.net ]
   secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DP828U63 ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAVID L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MZPQ7CN.DEFAULT\COOKIES.SQLITE ]

System.BrokenFileAssociation
   HKCR\.exe

daver23 · « **Reply #4 on:** November 08, 2011, 10:07:32 PM »

While i'm waiting for my malware bytes scan...here is a current Hijack This log I took a couple things out of platform & MSIE

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:35 PM, on 11/8/2011
Platform: Windows XP SP3 (WinNT )
MSIE: Internet Explorer v8.00
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.insightbb.com;localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9718 bytes

daver23 · « **Reply #5 on:** November 08, 2011, 11:36:20 PM »

I didn't get any results from here.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8122

Service Pack 3
Internet Explorer 8.0

11/9/2011 12:16:55 AM
mbam-log-2011-11-09 (00-16-54).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 306078
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #6 on:** November 09, 2011, 11:50:21 AM »

I still need to see the DDS logs.

daver23 · « **Reply #7 on:** November 09, 2011, 04:38:41 PM »

here is the dds first

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by David L at 17:25:20 on 2011-11-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.57 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = sas.insightbb.com;localhost
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{C1F8BCC7-439B-47E2-B6FE-D1DBDE1A9D9F} : DhcpNameServer = 74.128.17.114 74.128.19.102
TCP: Interfaces\{CDB1D8AE-8FE3-4C1F-9B3C-0850B0C93106} : DhcpNameServer = 74.128.17.114 74.128.19.102
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\yaveyayu.dll c:\windows\system32\sitomoba.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david l\application data\mozilla\firefox\profiles\1mzpq7cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B50f077b9-0371-4059-868b-00aa5df9005e%7D&mid=4c85171e3a3847d19905d16b790da47a-603beb4178b06c01c7fc3d75245f54768a47c957&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-06%2015%3A41%3A31&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50364
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\david l\application data\mozilla\firefox\profiles\1mzpq7cn.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\documents and settings\david l\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\david l\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\david l\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-3-27 165160]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2003-12-25 8440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2003-12-25 11237]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-7 366152]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-8-14 16512]
S3 gtermddo;gtermddo;\??\c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys --> c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-23 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-23 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-23 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-23 40552]
S4 IXGUZVESKAH;IXGUZVESKAH;c:\docume~1\davidl~1\locals~1\temp\IXGUZVESKAH.exe [2011-11-6 523136]
.
=============== Created Last 30 ================
.
2011-11-08 00:57:48   --------   d-----w-   c:\documents and settings\david l\application data\IObit
2011-11-08 00:57:44   --------   d-----w-   c:\program files\IObit
2011-11-07 01:54:12   --------   d-----w-   c:\program files\Bazooka Scanner
2011-11-07 00:31:33   --------   d-----w-   c:\documents and settings\david l\application data\Immunet
2011-11-07 00:31:33   --------   d-----w-   c:\documents and settings\all users\Immunet
2011-11-06 21:43:31   --------   d-----w-   c:\documents and settings\david l\application data\AVG2012
2011-11-06 21:41:33   --------   d-----w-   c:\documents and settings\david l\application data\AVG Secure Search
2011-11-06 21:41:19   --------   d-----w-   c:\program files\common files\AVG Secure Search
2011-11-06 21:41:18   --------   d-----w-   c:\program files\AVG Secure Search
2011-11-06 21:39:23   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-11-06 20:07:45   --------   d-----w-   c:\documents and settings\david l\application data\SUPERAntiSpyware.com
2011-11-06 20:07:02   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-11-06 19:49:42   --------   d-----w-   c:\documents and settings\david l\application data\Systweak
2011-11-06 19:49:14   17280   ----a-w-   c:\windows\system32\roboot.exe
2011-11-06 19:49:12   --------   d-----w-   c:\program files\YTDSETUP
2011-11-06 17:28:21   --------   d-----w-   c:\program files\Safer Networking
2011-11-06 16:58:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-06 16:37:54   2568   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2011-11-06 16:33:22   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-11-06 16:33:22   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-11-06 16:10:17   --------   d-----w-   c:\program files\PC Tools
2011-11-06 16:06:13   660992   ----a-w-   c:\windows\system32\drivers\pctEFA.sys
2011-11-06 16:06:13   341656   ----a-w-   c:\windows\system32\drivers\pctDS.sys
2011-11-06 16:05:48   331880   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2011-11-06 16:05:48   162584   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-06 16:05:23   185560   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2011-11-06 16:05:22   --------   d-----w-   c:\program files\common files\PC Tools
2011-11-06 16:04:10   --------   d-----w-   c:\documents and settings\all users\application data\PC Tools
2011-11-06 16:04:09   --------   d-----w-   c:\documents and settings\david l\application data\TestApp
2011-11-06 15:44:58   --------   d-----w-   c:\documents and settings\david l\application data\CallingID
2011-11-06 06:33:07   --------   d-----w-   c:\documents and settings\all users\application data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-06 06:21:32   --------   d-----w-   c:\program files\Uniblue
2011-11-06 06:21:18   939368   ----a-w-   c:\windows\system32\flash.ocx
2011-11-06 06:21:06   --------   d-----w-   c:\documents and settings\david l\local settings\application data\PackageAware
2011-11-05 21:15:49   388096   ----a-r-   c:\documents and settings\david l\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-05 17:03:59   --------   d-----w-   C:\Cache
2011-11-05 16:21:50   --------   d-----w-   c:\documents and settings\david l\local settings\application data\adaware
2011-11-05 16:20:39   --------   d-----w-   c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-11-05 16:19:37   --------   d-----w-   c:\program files\Toolbar Cleaner
2011-11-05 16:18:54   --------   d-----w-   c:\documents and settings\david l\application data\adawaretb
2011-11-05 16:18:37   --------   d-----w-   c:\program files\adawaretb
2011-11-05 16:17:36   64512   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2011-11-05 16:15:07   --------   d-----w-   c:\program files\Lavasoft
2011-11-05 15:37:11   --------   d-----w-   c:\program files\SpywareBlaster
2011-11-05 06:36:00   --------   d-----w-   C:\Data
2011-11-05 04:54:33   --------   d-----w-   c:\windows\pss
2011-11-05 01:50:48   --------   d-----w-   c:\documents and settings\david l\local settings\application data\Temp
2011-11-05 01:45:56   --------   d-----w-   c:\program files\AVAST Software
2011-11-05 01:45:56   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2011-11-04 03:32:41   --------   d-----w-   c:\program files\NetEraserDemo1
2011-11-04 03:15:21   53248   ----a-w-   c:\windows\system32\IMAGEPLUSCONTROL.OCX
2011-11-04 03:15:20   53248   ----a-w-   c:\windows\system32\UNRAR.DLL
2011-11-04 03:15:20   40448   ----a-w-   c:\windows\system32\UNACE.DLL
2011-11-04 03:15:20   352256   ----a-w-   c:\windows\system32\ijl15.dll
2011-11-04 03:15:20   143360   ----a-w-   c:\windows\system32\vbuzip10.dll
2011-11-04 03:15:18   89360   ----a-w-   c:\windows\system32\VB5DB.DLL
2011-11-04 03:15:18   667648   ----a-w-   c:\windows\system32\FreeImage.dll
2011-11-04 01:31:59   --------   d-----w-   c:\documents and settings\david l\application data\Malwarebytes
2011-11-04 01:31:30   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-11-04 01:31:19   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-04 00:45:03   --------   d-----w-   c:\program files\CCleaner
2011-11-03 00:27:46   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-11-03 00:27:46   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-02 06:04:25   95472   ----a-w-   c:\windows\system32\Vetredir.dll
2011-11-02 06:04:25   201968   ----a-w-   c:\windows\system32\Isafprod.dll
2011-11-02 06:04:25   128240   ----a-w-   c:\windows\system32\Isafeif.dll
2011-11-02 06:04:21   1054032   ----a-w-   c:\windows\system32\cfgmig32.dll
2011-11-02 06:03:54   --------   d-----w-   c:\windows\rnapxs
2011-11-02 05:59:29   --------   d-----w-   c:\program files\CA
2011-11-02 05:55:56   --------   d-----w-   c:\documents and settings\all users\application data\CA
2011-11-02 04:30:18   --------   d-----w-   c:\documents and settings\david l\application data\OpenCandy
2011-11-02 04:30:15   --------   d-----w-   c:\documents and settings\david l\application data\Sammsoft
2011-11-02 03:02:42   --------   d--h--w-   C:\$AVG
2011-11-01 06:27:31   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-01 06:01:56   --------   d-----w-   c:\program files\Trend Micro
2011-11-01 01:37:44   --------   d-----w-   c:\documents and settings\all users\application data\Common Files
2011-11-01 01:35:12   --------   d-----w-   c:\documents and settings\all users\application data\AVG2012
2011-11-01 01:34:19   --------   d-----w-   c:\program files\AVG
2011-11-01 01:30:23   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-10-31 06:43:51   101720   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-10-31 04:35:25   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-31 03:18:03   139656   ------w-   c:\windows\system32\dllcache\rdpwd.sys
2011-10-31 03:18:01   105472   ------w-   c:\windows\system32\dllcache\mup.sys
2011-10-31 03:16:13   10496   ------w-   c:\windows\system32\dllcache\ndistapi.sys
2011-10-31 03:04:55   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-10-31 03:04:55   215920   ----a-w-   c:\windows\system32\muweb.dll
2011-10-31 03:04:55   16736   ----a-w-   c:\windows\system32\mucltui.dll.mui
2011-10-31 00:53:29   --------   d-----w-   c:\documents and settings\all users\application data\PC1Data
.
==================== Find3M ====================
.
2011-10-07 12:23:48   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-26 16:41:20   611328   ------w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 16:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-13 12:30:10   32592   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48:55   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48:54   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:49:54   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2008-11-02 23:19:13   14138   ----a-w-   c:\program files\common files\ysid.com
.
============= FINISH: 17:33:37.57 ===============

daver23 · « **Reply #8 on:** November 09, 2011, 04:40:12 PM »

Here is the attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2006 5:00:10 PM
System Uptime: 11/9/2011 4:48:30 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 84.646 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.743 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0000
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW)
PNP Device ID: ROOT\NET\0000
Service: wanatw
.
==== System Restore Points ===================
.
RP1708: 8/6/2011 11:45:57 PM - System Checkpoint
RP1709: 8/8/2011 9:00:52 AM - System Checkpoint
RP1710: 8/14/2011 6:11:05 AM - System Checkpoint
RP1711: 8/15/2011 7:05:46 AM - System Checkpoint
RP1712: 8/16/2011 4:05:11 PM - System Checkpoint
RP1713: 8/17/2011 10:55:06 PM - System Checkpoint
RP1714: 8/18/2011 11:02:40 PM - System Checkpoint
RP1715: 8/19/2011 11:22:32 PM - System Checkpoint
RP1716: 8/21/2011 12:05:48 AM - System Checkpoint
RP1717: 8/22/2011 7:04:59 PM - System Checkpoint
RP1718: 8/23/2011 8:44:34 PM - System Checkpoint
RP1719: 8/24/2011 9:13:03 PM - System Checkpoint
RP1720: 8/25/2011 10:18:09 PM - System Checkpoint
RP1721: 8/27/2011 4:54:44 AM - System Checkpoint
RP1722: 8/28/2011 11:51:35 AM - System Checkpoint
RP1723: 8/30/2011 9:23:20 PM - System Checkpoint
RP1724: 8/31/2011 10:22:29 PM - System Checkpoint
RP1725: 9/2/2011 1:05:42 AM - System Checkpoint
RP1726: 9/3/2011 1:12:36 AM - System Checkpoint
RP1727: 9/4/2011 3:29:29 AM - System Checkpoint
RP1728: 9/5/2011 4:24:31 AM - System Checkpoint
RP1729: 9/7/2011 10:39:42 PM - System Checkpoint
RP1730: 9/9/2011 8:29:33 AM - System Checkpoint
RP1731: 9/10/2011 10:38:41 AM - System Checkpoint
RP1732: 11/3/2011 8:07:21 PM - Removed Ask Toolbar.
RP1733: 9/12/2011 9:56:33 PM - System Checkpoint
RP1734: 9/14/2011 11:12:40 PM - System Checkpoint
RP1735: 9/16/2011 8:05:56 AM - System Checkpoint
RP1736: 9/17/2011 2:03:24 PM - System Checkpoint
RP1737: 9/18/2011 3:03:51 PM - System Checkpoint
RP1738: 9/19/2011 3:16:46 PM - System Checkpoint
RP1739: 9/20/2011 3:31:19 PM - System Checkpoint
RP1740: 9/21/2011 6:26:48 PM - System Checkpoint
RP1741: 9/22/2011 8:55:24 PM - System Checkpoint
RP1742: 9/23/2011 9:06:33 PM - System Checkpoint
RP1743: 9/24/2011 11:01:13 PM - System Checkpoint
RP1744: 9/25/2011 11:49:27 PM - System Checkpoint
RP1745: 9/27/2011 12:46:21 AM - System Checkpoint
RP1746: 9/28/2011 8:01:11 AM - System Checkpoint
RP1747: 9/29/2011 8:50:47 AM - System Checkpoint
RP1748: 9/30/2011 9:50:37 AM - System Checkpoint
RP1749: 10/1/2011 2:44:47 PM - System Checkpoint
RP1750: 10/2/2011 11:49:36 PM - System Checkpoint
RP1751: 10/4/2011 8:00:37 AM - System Checkpoint
RP1752: 10/5/2011 8:14:05 AM - System Checkpoint
RP1753: 10/6/2011 8:42:19 AM - System Checkpoint
RP1754: 10/7/2011 10:18:14 PM - System Checkpoint
RP1755: 10/8/2011 10:30:46 PM - System Checkpoint
RP1756: 10/9/2011 10:33:24 PM - System Checkpoint
RP1757: 10/10/2011 10:50:14 PM - System Checkpoint
RP1758: 10/12/2011 10:44:40 PM - System Checkpoint
RP1759: 10/13/2011 11:31:58 PM - System Checkpoint
RP1760: 10/15/2011 1:41:12 AM - System Checkpoint
RP1761: 10/16/2011 2:41:57 AM - System Checkpoint
RP1762: 10/17/2011 8:01:29 AM - System Checkpoint
RP1763: 10/18/2011 8:37:00 AM - System Checkpoint
RP1764: 10/19/2011 9:24:30 AM - System Checkpoint
RP1765: 10/21/2011 1:12:59 AM - System Checkpoint
RP1766: 10/22/2011 7:13:16 AM - System Checkpoint
RP1767: 10/23/2011 7:24:22 AM - System Checkpoint
RP1768: 10/24/2011 8:00:16 AM - System Checkpoint
RP1769: 10/25/2011 8:25:19 AM - System Checkpoint
RP1770: 10/26/2011 8:36:25 AM - System Checkpoint
RP1771: 10/27/2011 10:04:56 AM - System Checkpoint
RP1772: 10/28/2011 5:50:10 PM - System Checkpoint
RP1773: 10/29/2011 6:24:21 PM - System Checkpoint
RP1774: 10/30/2011 8:03:40 PM - Restore Operation
RP1775: 10/30/2011 8:10:47 PM - Restore Operation
RP1776: 10/30/2011 9:44:29 PM - Restore Operation
RP1777: 10/30/2011 9:49:02 PM - Restore Operation
RP1778: 10/30/2011 9:52:50 PM - Restore Operation
RP1779: 10/30/2011 9:55:48 PM - Restore Operation
RP1780: 10/30/2011 9:58:39 PM - Restore Operation
RP1781: 10/30/2011 10:02:16 PM - Restore Operation
RP1782: 10/30/2011 10:08:42 PM - Restore Operation
RP1783: 10/30/2011 11:10:52 PM - Software Distribution Service 3.0
RP1784: 10/31/2011 12:32:49 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1785: 10/31/2011 1:05:36 AM - Installed Ad-Aware
RP1786: 10/31/2011 1:07:35 AM - Installed Ad-Aware
RP1787: 10/31/2011 2:04:38 AM - Software Distribution Service 3.0
RP1788: 10/31/2011 7:49:40 AM - Software Distribution Service 3.0
RP1789: 10/31/2011 6:09:38 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1790: 11/3/2011 8:06:47 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1791: 10/31/2011 7:03:09 PM - Software Distribution Service 3.0
RP1792: 11/5/2011 12:05:32 AM - Removed Ad-Aware
RP1793: 10/31/2011 7:53:14 PM - ARO 2011 - Before Installation
RP1794: 10/31/2011 7:55:39 PM - ARO 2011 - FIRST RUN
RP1795: 11/3/2011 8:06:59 PM - ARO 2011 Mon, Oct 31, 11 20:04
RP1796: 11/5/2011 12:05:25 AM - Installed AVG 2012
RP1797: 11/5/2011 12:05:22 AM - Installed AVG 2012
RP1798: 11/3/2011 8:06:51 PM - Removed Support.com Toolbar.
RP1799: 11/3/2011 8:07:04 PM - Installed HiJackThis
RP1800: 11/1/2011 11:21:37 PM - Restore Operation
RP1801: 11/1/2011 11:33:27 PM - Restore Operation
RP1802: 11/5/2011 12:05:19 AM - Removed AVG 2012
RP1803: 11/5/2011 12:05:16 AM - Removed AVG 2012
RP1804: 11/3/2011 8:06:35 PM - Removed HiJackThis
RP1805: 11/2/2011 12:59:27 AM - CA Internet Security Suite
RP1806: 11/3/2011 1:10:15 AM - Restore Operation
RP1807: 11/5/2011 12:05:09 AM - Removed Apple Mobile Device Support
RP1808: 11/5/2011 12:05:05 AM - Removed Apple Software Update
RP1809: 11/5/2011 12:04:55 AM - Removed EarthLink setup files
RP1810: 11/5/2011 12:04:45 AM - Removed iTunes
RP1811: 11/4/2011 8:45:56 PM - avast! Free Antivirus Setup
RP1812: 11/5/2011 10:22:31 AM - Removed Bonjour
RP1813: 11/5/2011 11:14:00 AM - Installed Ad-Aware
RP1814: 11/5/2011 11:15:00 AM - Installed Ad-Aware
RP1815: 11/5/2011 4:15:33 PM - Installed HiJackThis
RP1816: 11/6/2011 9:50:27 AM - CA Internet Security Suite
RP1817: 11/6/2011 10:30:29 AM - Restore Operation
RP1818: 11/6/2011 10:55:08 AM - Removed Adobe Reader 6.0.1
RP1819: 11/6/2011 10:55:58 AM - Removed Adobe Acrobat - Reader 6.0.2 Update
RP1820: 11/6/2011 10:56:06 AM - Installed Adobe Reader X (10.1.1).
RP1821: 11/6/2011 1:24:53 PM - Installed HiJackThis
RP1822: 11/6/2011 1:58:16 PM - RegClean Pro Sun, Nov 06, 11 13:58
RP1823: 11/6/2011 3:37:13 PM - Installed AVG 2012
RP1824: 11/6/2011 3:38:51 PM - Installed AVG 2012
RP1825: 11/6/2011 8:53:44 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1826: 11/6/2011 9:46:44 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1827: 11/6/2011 11:41:24 PM - Removed Lexmark Photo Center
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AIO_Scan
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
aspi
AutoUpdate
AVG 2012
Banctec Service Agreement
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CCHelp
CCScore
Conexant D850 56K V.9x DFVc Modem
Copy
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Version Checker
DocProc
DocProcQFolder
Documentation & Support Launcher
Download Updater (AOL LLC)
EarthLink setup files
EducateU
ELIcon
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
Facebook Plug-In
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Kodak EasyShare software
KSU
Last.fm 1.5.4.27091
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Move Media Player
Mozilla Firefox 6.0.1 (x86 en-US)
Mozilla Thunderbird (1.5.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NETGEAR GA311 Gigabit Adapter
NETGEAR GA311 Smart Wizard Utility
NetWaiting
NetZeroInstallers
Notifier
OTtBP
PixiePack Codec Pack
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Scan
Seagate Manager Installer
Search Assist
Search Settings 1.2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SFR
SFR2
SolutionCenter
Sonic Activation Module
Sonic Update Manager
SoulSeek 157 NS 13e
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
USB MassStorage CardReader
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
VS10RuntimeWin32
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/7/2011 6:04:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs
11/6/2011 9:57:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk szkg5 szkgfs
11/6/2011 9:57:38 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/6/2011 9:44:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
11/6/2011 9:44:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
11/6/2011 9:07:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde mfehidk
11/6/2011 8:57:05 AM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: Access is denied.
11/6/2011 8:57:05 AM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: Access is denied.
11/6/2011 8:52:22 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 7:34:50 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 7:14:27 PM, error: Service Control Manager [7031] - The Immunet 3.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/6/2011 6:29:56 PM, error: Service Control Manager [7000] - The ImmunetSelfProtectDriver service failed to start due to the following error: A device attached to the system is not functioning.
11/6/2011 6:29:36 PM, error: Service Control Manager [7000] - The ImmunetProtectDriver service failed to start due to the following error: The parameter is incorrect.
11/6/2011 5:15:13 PM, error: Service Control Manager [7034] - The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 12:07:13 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 3 time(s).
11/6/2011 12:06:58 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 2 time(s).
11/6/2011 10:41:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm mfehidk SASDIFSV SASKUTIL SbcpHid szkg5 szkgfs
11/6/2011 10:35:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk
11/6/2011 10:35:14 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
11/6/2011 10:35:14 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
11/6/2011 10:35:14 AM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The system cannot find the file specified.
11/6/2011 10:31:51 AM, error: Service Control Manager [7023] - The HIPS Policy Manager service terminated with the following error: Unspecified error
11/6/2011 10:26:53 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
11/6/2011 10:26:00 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 10:16:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid szkg5 szkgfs Tcpip WS2IFSL
11/5/2011 4:17:04 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
11/5/2011 2:08:57 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 3 time(s).
11/5/2011 12:18:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
11/5/2011 12:18:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
11/5/2011 12:17:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
11/5/2011 12:17:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
11/5/2011 12:09:49 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s).
11/5/2011 11:22:34 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2011 1:52:51 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 2 time(s).
11/5/2011 1:45:02 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/5/2011 1:21:12 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
11/4/2011 9:38:57 PM, error: Service Control Manager [7000] - The Moon Secure Antivirus Core service failed to start due to the following error: The system cannot find the file specified.
11/4/2011 9:34:51 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
11/4/2011 7:36:12 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/4/2011 7:23:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
11/4/2011 7:23:01 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/4/2011 5:00:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
11/4/2011 12:56:05 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:54:23 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:50:30 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:48:39 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:45:58 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:44:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:41:44 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:40:19 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:38:34 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:37:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:34:01 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:30:46 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 12:10:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 11:28:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/4/2011 11:23:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/4/2011 10:25:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/4/2011 10:25:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/4/2011 10:10:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid Tcpip WS2IFSL
11/4/2011 10:10:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/4/2011 1:40:51 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:18:58 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:17:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:10:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2011 1:04:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 9:13:00 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/3/2011 9:13:00 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/3/2011 8:23:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 8:23:25 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 5:54:04 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
11/3/2011 12:54:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
11/3/2011 12:54:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2011 12:52:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/3/2011 12:51:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid Tcpip WS2IFSL
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 12:51:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/3/2011 11:57:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:40:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:32:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:28:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 11:00:03 PM, error: Service Control Manager [7034] - The Kodak Camera Connection Software service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 10:55:16 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 10:55:16 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2011 10:44:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2011 10:44:17 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/2/2011 6:00:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/2/2011 6:00:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
11/2/2011 6:00:25 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

SuperDave · « **Reply #9 on:** November 09, 2011, 05:26:13 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

:files 
c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys 
c:\docume~1\davidl~1\locals~1\temp\IXGUZVESKAH.exe 

:services 
gtermddo
IXGUZVESKAH

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

daver23 · « **Reply #10 on:** November 09, 2011, 07:28:05 PM »

Here is the OTL log file. I'm trying to run the combofix. I'm having some slight issues so far.
========== OTL ==========
========== FILES ==========
File\Folder c:\docume~1\davidl~1\locals~1\temp\gtermddo.sys not found.
c:\docume~1\davidl~1\locals~1\temp\IXGUZVESKAH.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service gtermddo stopped successfully!
Service gtermddo deleted successfully!
Service IXGUZVESKAH stopped successfully!
Service IXGUZVESKAH deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_195824

daver23 · « **Reply #11 on:** November 09, 2011, 09:59:10 PM »

Okay I just ran into a big problem with combofix. I had been disabling my AVG anti-virus every 15 minutes to run the program. In the middle of my scan I got a phone call and I noticed I had a detection pop up saying there was a malware detection. I assumed it was from the Combofix and didn't really pay attention before it was too late and deleted the detection. So, should I just delete AVG for the time being so I can get Combofix ran correctly for it's whole process? I do have to get to bed right now, so i'll have to do this tomorrow night if that is the case. I had got all the way to the deleting files process in combofix when this happened.

daver23 · « **Reply #12 on:** November 09, 2011, 11:31:47 PM »

combofix scan(s) log
ComboFix 11-11-09.02 - David L 11/09/2011 23:25:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.226 [GMT -6:00]
Running from: c:\documents and settings\David L\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\data
c:\data\default\feed4.data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\David L\Cookies\nymucanor.inf
c:\documents and settings\David L\Cookies\umaz.ban
c:\documents and settings\David L\Start Menu\Programs\System Restore
c:\documents and settings\David L\WINDOWS
c:\windows\afeb.scr
c:\windows\iun6002.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_rec.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_rec_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\chevron-small.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\deal_report.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\DealioSearch.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\deals-leftcap.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\ebay_login.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\err_mainwindow.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\err_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\global_scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\headerbgthin.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\highlight-bg.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\logo.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\logo_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.css
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbarl.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\post-this-deal.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\post-this-deal_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\scroller.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search-chevron.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search-chevron_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search_bg_blink.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\separator.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\settings.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\settings_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\yahoo-search.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\index.76.35
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.10.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.109.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.110.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.12.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.13.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.130.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.135.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.153.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.155.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.156.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.16.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.161.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.178.66
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.184.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.188.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.189.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.196.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.198.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.199.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.200.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.201.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.202.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.203.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.205.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.213.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.214.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.215.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.216.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.217.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.218.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.219.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.220.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.221.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.222.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.223.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.226.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.227.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.228.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.229.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.23.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.239.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.24.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.240.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.241.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.242.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.243.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.244.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.245.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.247.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.248.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.249.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.250.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.251.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.252.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.253.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.254.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.255.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.256.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.257.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.279.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.28.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.282.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.283.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.284.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.289.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.290.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.291.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.296.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.297.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.304.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.307.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.308.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.31.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.310.46
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.311.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.315.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.316.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.317.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.318.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.319.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.32.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.334.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.335.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.336.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.337.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.338.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.339.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.34.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.340.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.341.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.349.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.35.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.350.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.351.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.352.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.353.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.354.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.357.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.358.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.359.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.360.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.361.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.362.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.363.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.364.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.365.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.367.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.368.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.369.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.370.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.371.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.372.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.373.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.375.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.376.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.377.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.378.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.384.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.386.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.387.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.388.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.389.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.390.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.391.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.392.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.393.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.394.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.396.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.397.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.398.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.399.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.403.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.404.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.405.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.406.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.407.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.408.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.409.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.412.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.413.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.414.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.415.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.416.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.417.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.418.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.419.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.420.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.421.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.423.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.424.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.425.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.426.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.427.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.428.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.429.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.430.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.432.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.433.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.434.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.435.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.436.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.437.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.438.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.439.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.440.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.442.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.443.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.444.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.445.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.446.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.450.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.451.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.452.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.453.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.454.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.456.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.457.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.458.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.459.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.460.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.462.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.463.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.464.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.465.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.468.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.469.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.470.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.471.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.472.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.478.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.479.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.480.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.481.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.482.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.49.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.50.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.500.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.501.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.502.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.51.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.52.72
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.520.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.521.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.522.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.53.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.531.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.532.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.534.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.54.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.55.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.56.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.57.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.58.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.593.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.595.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.63.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.66.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.70.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.71.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dealio-14356.log
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dealio-14357.log
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dod_cache.xml
c:\windows\system32\r2
c:\windows\system32\Thumbs.db
c:\windows\yfemel.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 04:54 . 2011-11-10 04:54   --------   d-----w-   c:\documents and settings\David L\Local Settings\Application Data\Sun
2011-11-10 01:58 . 2011-11-10 01:58   --------   d-----w-   C:\_OTL
2011-11-08 00:57 . 2011-11-08 00:58   --------   d-----w-   c:\documents and settings\David L\Application Data\IObit
2011-11-08 00:57 . 2011-11-08 00:57   --------   d-----w-   c:\program files\IObit
2011-11-07 00:31 . 2011-11-07 01:46   --------   d-----w-   c:\documents and settings\All Users\Immunet
2011-11-07 00:31 . 2011-11-07 00:31   --------   d-----w-   c:\documents and settings\David L\Application Data\Immunet
2011-11-06 20:07 . 2011-11-06 20:07   --------   d-----w-   c:\documents and settings\David L\Application Data\SUPERAntiSpyware.com
2011-11-06 20:07 . 2011-11-06 20:07   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-11-06 19:49 . 2011-11-06 20:03   --------   d-----w-   c:\documents and settings\David L\Application Data\Systweak
2011-11-06 19:49 . 2011-09-30 21:37   17280   ----a-w-   c:\windows\system32\roboot.exe
2011-11-06 19:49 . 2011-11-08 02:29   --------   d-----w-   c:\program files\YTDSETUP
2011-11-06 17:28 . 2011-11-06 17:43   --------   d-----w-   c:\program files\Safer Networking
2011-11-06 16:58 . 2011-11-06 16:58   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-06 16:37 . 2011-11-06 16:37   2568   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2011-11-06 16:33 . 2011-11-06 16:33   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-11-06 16:06 . 2011-10-07 23:52   660992   ----a-w-   c:\windows\system32\drivers\pctEFA.sys
2011-11-06 16:06 . 2011-10-07 23:52   341656   ----a-w-   c:\windows\system32\drivers\pctDS.sys
2011-11-06 16:05 . 2011-10-22 21:11   331880   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2011-11-06 16:05 . 2011-10-22 21:11   162584   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-06 16:05 . 2011-10-28 17:02   185560   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2011-11-06 16:05 . 2011-11-06 16:33   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-11-06 16:04 . 2011-11-06 16:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-11-06 16:04 . 2011-11-06 16:04   --------   d-----w-   c:\documents and settings\David L\Application Data\TestApp
2011-11-06 15:44 . 2011-11-06 15:44   --------   d-----w-   c:\documents and settings\David L\Application Data\CallingID
2011-11-06 06:33 . 2011-11-06 06:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-06 06:21 . 2011-11-06 06:21   --------   d-----w-   c:\program files\Uniblue
2011-11-06 06:21 . 2011-10-31 15:53   939368   ----a-w-   c:\windows\system32\flash.ocx
2011-11-06 06:21 . 2011-11-06 06:21   --------   d-----w-   c:\documents and settings\David L\Local Settings\Application Data\PackageAware
2011-11-05 21:15 . 2011-11-06 19:24   388096   ----a-r-   c:\documents and settings\David L\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-05 17:03 . 2011-11-05 17:03   --------   d-----w-   C:\Cache
2011-11-05 16:21 . 2011-11-05 21:01   --------   d-----w-   c:\documents and settings\David L\Local Settings\Application Data\adaware
2011-11-05 16:20 . 2011-11-06 14:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-11-05 16:19 . 2011-11-05 16:19   --------   d-----w-   c:\program files\Toolbar Cleaner
2011-11-05 16:18 . 2011-11-05 16:33   --------   d-----w-   c:\documents and settings\David L\Application Data\adawaretb
2011-11-05 16:18 . 2011-11-05 16:20   --------   d-----w-   c:\program files\adawaretb
2011-11-05 16:17 . 2011-10-29 00:35   64512   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2011-11-05 15:37 . 2011-11-06 06:32   --------   d-----w-   c:\program files\SpywareBlaster
2011-11-05 07:30 . 2011-11-05 07:30   --------   d-----w-   c:\documents and settings\Davetro23
2011-11-05 01:50 . 2011-11-05 01:58   --------   d-----w-   c:\documents and settings\David L\Local Settings\Application Data\Temp
2011-11-04 03:32 . 2011-11-05 01:06   --------   d-----w-   c:\program files\NetEraserDemo1
2011-11-04 03:15 . 2001-02-01 02:29   53248   ----a-w-   c:\windows\system32\IMAGEPLUSCONTROL.OCX
2011-11-04 03:15 . 2001-05-30 15:00   352256   ----a-w-   c:\windows\system32\ijl15.dll
2011-11-04 03:15 . 1998-12-03 00:11   143360   ----a-w-   c:\windows\system32\vbuzip10.dll
2011-11-04 03:15 . 1998-08-29 18:50   40448   ----a-w-   c:\windows\system32\UNACE.DLL
2011-11-04 03:15 . 1997-02-17 21:23   53248   ----a-w-   c:\windows\system32\UNRAR.DLL
2011-11-04 03:15 . 2002-07-25 03:43   667648   ----a-w-   c:\windows\system32\FreeImage.dll
2011-11-04 03:15 . 1998-06-18 05:00   89360   ----a-w-   c:\windows\system32\VB5DB.DLL
2011-11-04 01:31 . 2011-11-04 01:31   --------   d-----w-   c:\documents and settings\David L\Application Data\Malwarebytes
2011-11-04 01:31 . 2011-11-04 01:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-04 01:31 . 2011-11-08 02:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-04 00:45 . 2011-11-04 00:45   --------   d-----w-   c:\program files\CCleaner
2011-11-03 05:51 . 2011-11-05 04:52   --------   d-----w-   c:\documents and settings\Administrator
2011-11-03 00:27 . 2011-11-06 18:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-03 00:27 . 2011-11-06 17:46   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-11-02 06:04 . 2010-03-20 09:46   201968   ----a-w-   c:\windows\system32\Isafprod.dll
2011-11-02 06:04 . 2010-03-20 09:46   95472   ----a-w-   c:\windows\system32\Vetredir.dll
2011-11-02 06:04 . 2010-03-20 09:46   128240   ----a-w-   c:\windows\system32\Isafeif.dll
2011-11-02 06:04 . 2010-04-06 12:15   1054032   ----a-w-   c:\windows\system32\cfgmig32.dll
2011-11-02 06:03 . 2011-11-06 16:34   --------   d-----w-   c:\windows\rnapxs
2011-11-02 04:30 . 2011-11-02 04:30   --------   d-----w-   c:\documents and settings\David L\Application Data\OpenCandy
2011-11-02 04:30 . 2011-11-02 04:30   --------   d-----w-   c:\documents and settings\David L\Application Data\Sammsoft
2011-11-01 06:27 . 2011-11-01 06:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-01 06:01 . 2011-11-01 06:01   --------   d-----w-   c:\program files\Trend Micro
2011-11-01 01:37 . 2011-11-01 01:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Common Files
2011-11-01 01:34 . 2011-11-01 01:34   --------   d-----w-   c:\program files\AVG
2011-11-01 01:30 . 2011-11-10 05:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-10-31 06:43 . 2011-10-31 06:43   101720   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-10-31 04:35 . 2011-10-31 04:35   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-31 03:18 . 2011-06-24 14:10   139656   ------w-   c:\windows\system32\dllcache\rdpwd.sys
2011-10-31 03:18 . 2011-04-21 13:37   105472   ------w-   c:\windows\system32\dllcache\mup.sys
2011-10-31 03:16 . 2011-07-08 14:02   10496   ------w-   c:\windows\system32\dllcache\ndistapi.sys
2011-10-31 03:04 . 2009-08-07 00:23   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-10-31 03:04 . 2009-08-07 00:23   215920   ----a-w-   c:\windows\system32\muweb.dll
2011-10-31 00:53 . 2011-10-31 00:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 01:22 . 2011-07-10 04:04   544656   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-10 01:22 . 2008-09-13 17:38   128000   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-26 16:41 . 2011-09-26 16:41   611328   ------w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-10 17:51   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-10 17:51   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-10 17:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 17:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 17:50   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2008-11-02 23:19 . 2008-11-02 23:19   14138   ----a-w-   c:\program files\Common Files\ysid.com
2011-11-10 01:10 . 2011-05-12 02:12   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^David L^Start Menu^Programs^Startup^Seagate 2GEYGGZW Product Registration.lnk]
path=c:\documents and settings\David L\Start Menu\Programs\Startup\Seagate 2GEYGGZW Product Registration.lnk
backup=c:\windows\pss\Seagate 2GEYGGZW Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31   2144088   --sha-r-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 6:53 PM 11237]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 8:49 PM 366152]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/14/2008 7:26 PM 16512]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 21:04   8192   ----a-w-   c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\User_Feed_Synchronization-{7CBB0B5E-E906-454A-9643-EF6CB7A8C568}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = sas.insightbb.com;localhost
uSearchAssistant = hxxp://www.google.com
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\documents and settings\David L\Application Data\Mozilla\Firefox\Profiles\1mzpq7cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B50f077b9-0371-4059-868b-00aa5df9005e%7D&mid=4c85171e3a3847d19905d16b790da47a-603beb4178b06c01c7fc3d75245f54768a47c957&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-06%2015%3A41%3A31&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50364
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 00:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3532)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-11-10 00:26:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-10 06:26
.
Pre-Run: 92,078,886,912 bytes free
Post-Run: 91,919,921,152 bytes free
.
- - End Of File - - 96157B7347E96AA9E11E377F5145F300

daver23 · « **Reply #13 on:** November 09, 2011, 11:43:18 PM »

the iexplorer.exe is still regenerating every few minutes by the way.

SuperDave · « **Reply #14 on:** November 10, 2011, 12:24:18 PM »

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\roboot.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Computer Hope Forum

News:

Author Topic: I'm having severe issues with Vundo, Iexplorer constantly running (Read 25017 times)

daver23

I'm having severe issues with Vundo, Iexplorer constantly running

SuperDave

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

SuperDave

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

SuperDave

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

daver23

Re: I'm having severe issues with Vundo, Iexplorer constantly running

SuperDave

Re: I'm having severe issues with Vundo, Iexplorer constantly running