Author Topic: Application cannot be executed. The file *** is infected. (Read 29997 times)

Halogengirlie · « **on:** February 22, 2010, 10:28:08 PM »

http://www.computerhope.com/forum/index.php?topic=95177.0

Super Dave Please Help! (Ok I didnt read your instructions in the above link very carefully...and I followed your instructions...despite you saying not to... That being said.... can you please help me!)

I followed the instructions and ran the Rkill.exe software as well as the exeHelper.com I would post my logs... but once I ran the exe helper... but after running the Rkill I can no longer access the internet.

They appear to run appropriately. I then installed the SuperAntispyware Free Edition (SAS)....however, since I cannot connect to the internet... I cannot get the virus updates.

I then rebooted, to see if it would reconnect my internet. It did...but it also restarted the whole virus mess up again.

I re-ran the Rkill and the exeHelper... and now I don'tknow what to do. I am using another computer to post this message... and I am too scared to bring the logs onto this computer to post them.. for fear of cross infection.

Can I manually download the updates? You made reference to it in the post above...but I don't see a link.

Thank You!

Halogengirlie · « **Reply #1 on:** February 23, 2010, 03:28:52 AM »

Additional Information:

Windows XP Professional V2002 SP3
AntiVirus Software: ESET NOD 32 Antivirus 3.0.669.0 Virus Signature Database 4888 (20100222)
Firewall: Relying on the hardware Firewall on my lynksys router:
Settings checked are:
Block Anonymous Internet Requests
Filter Multicast
Filter IDENT (Port 113)
Setting not checked is:
Filter Internet Redirection
I don't believe that the XP Firewall was running... years ago when I set everything up (if I remember right) it conflicted with the hardware firewall.

Add Remove Programs: Removed "Search Assist" Not sure about "Sonic Update Manager" or "Bonjour" so I left those two alone.

House Cleaning: Ran the CCleaner... but unchecked all registry boxes since I am not very familiar with the registry

Java: Was running Java (Version 6 Update 18)

Ran HiJack This - generated log only.

Upda

Halogengirlie · « **Reply #2 on:** February 23, 2010, 03:29:43 AM »

LOG for ExeHelper

exeHelper by Raktor
Build 20091220
Run at 22:47:18 on 02/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20091220
Run at 23:11:51 on 02/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Halogengirlie · « **Reply #3 on:** February 23, 2010, 03:30:18 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:23 AM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Lelia Goehring\Application Data\U3\0000156279601FC9\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174695347609
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LELIAG~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 17127 bytes

Halogengirlie · « **Reply #4 on:** February 23, 2010, 03:31:00 AM »

Anti-Malware Log

alwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 3:50:34 AM
mbam-log-2010-02-23 (03-50-24).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 265715
Time elapsed: 1 hour(s), 25 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxethavm (Trojan.FakeAlert.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxethavm (Trojan.FakeAlert.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Halogengirlie · « **Reply #5 on:** February 23, 2010, 03:31:49 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/23/2010 at 01:52 AM

Application Version : 4.34.1000

Core Rules Database Version : 4611
Trace Rules Database Version: 2423

Scan type : Complete Scan
Total Scan Time : 01:59:38

Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 8812
Registry threats detected : 1
File items scanned : 125594
File threats detected : 256

Adware.Tracking Cookie
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@hitbox[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@serving-sys[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@specificclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@thefind[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@collective-media[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@overture[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@247realmedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@interclick[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@revsci[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@zedo[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@doubleclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@advertising[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@tacoda[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adbrite[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@insightexpressai[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@accountonline[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@2o7[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@nextag[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adinterax[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@casalemedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@media6degrees[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@statcounter[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@specificmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@dmtracker[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@apmebf[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trafficmp[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@realmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][6].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@fastclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@socialmedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@questionmarket[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adrevolver[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@web-stat[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@accessexcellence[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@burstnet[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][4].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@atdmt[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adbureau[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@mediaplex[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@chitika[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@bravenet[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@tribalfusion[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@123count[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trafficdashboard[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@kontera[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@bluestreak[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][5].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@qnsr[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@imrworldwide[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lfstmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@webstat[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@countercentral[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@oddcast[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][8].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][7].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][7].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@traveladvertising[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lynxtrack[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@azjmp[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@b5media[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@crossmediaservices[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@linksynergy[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][6].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lucidmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@invitemedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adlegend[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@yieldmanager[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@kanoodle[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@dealtime[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][11].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@sampitrack[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][8].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][8].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@pointroll[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][6].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@roiservice[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][4].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adecn[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@tradedoubler[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@burstbeacon[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adxpose[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][5].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@smartadserver[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][9].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@eyewonder[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@bizrate[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adcentriconline[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][5].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@revenue[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lockedonmedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@ru4[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@petfinder[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@clickshift[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][9].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][4].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@xiti[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@pro-market[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@skinsight[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@atwola[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trackalyzer[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia [email protected]
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trackmaster[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt

Rogue.AntivirusSoft
   HKU\S-1-5-21-612603234-3240061797-151707943-1005\Software\avsoft

Halogengirlie · « **Reply #6 on:** February 23, 2010, 03:34:43 AM »

I accidently skipped the cleaning program so I ran it after I ran the SuperAntiSpyware Scan Log.... So I presume that many of those cookies on the SuperAntiSpywate log are now gone. I will re-run the SuperAntiSpyware program and provide you with a new log if you need.

THANK YOU FOR YOUR HELP!

Halogengirlie · « **Reply #7 on:** February 23, 2010, 03:42:23 AM »

Order in which I ran programs since I botched the order a bit... I thought this would help.

rkill
Add Remove Programs
Super AntiSpyware
Malwarebytes
CCleaner
HiJack This (only to generate log... not to fix)

Halogengirlie · « **Reply #8 on:** February 23, 2010, 06:30:40 AM »

I thought that I attached the wrong log for the malware... so I re-ran it:

Malwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 7:25:27 AM
mbam-log-2010-02-23 (07-25-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 242419
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #9 on:** February 23, 2010, 04:40:17 PM »

Hello Halogengirlie. I'm certainly happy that you were able to get the scans I require.

Quote

Sonic Update Manager

This should be removed unless you are using Sonic. In that case you can fix it by going here.. If not, take a look at this link.

Quote

Bonjour

This is installed with some software such as iTunes or Adobe. If you don't want it here's how to remove it.

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

====================================================
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==================================================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

===========================================
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Halogengirlie · « **Reply #10 on:** February 23, 2010, 05:41:59 PM »

After running the SuperAntiSpyware, I was able to access the internet again! (Yea!) which meant that I could get the logs to you!

Also while I was at work today I re-ran the SuperAntiSpy Software (since it takes awhile to run). I will attach the log below.... it found 4 items, and said that it was able to remove them.

I went to the Jotti's site and tried the link provided... but it appears that the nolcol folder is now empty. (I have a screen shot of the folder, and it's Properities box... but I'm having a hard time figuring out how to post it.)

Should I proceed to the Windows Messenger, HiJack, and Combo Fix now? Despite my inability to do the Jotti page?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/23/2010 at 08:49 AM

Application Version : 4.34.1000

Core Rules Database Version : 4611
Trace Rules Database Version: 2423

Scan type : Complete Scan
Total Scan Time : 01:17:58

Memory items scanned : 668
Memory threats detected : 0
Registry items scanned : 8812
Registry threats detected : 0
File items scanned : 104740
File threats detected : 4

Adware.Tracking Cookie
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@doubleclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@insightexpressai[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt

[Saving space, attachment deleted by admin]

Halogengirlie · « **Reply #11 on:** February 23, 2010, 05:43:44 PM »

The image is hard to read... but it shows the path to the nolcol folder... and that the "nolcol Properities" box shows that it contains 0 fies and 0 folders. In the attributes column the read only and hidden boxes are both checked.

Halogengirlie · « **Reply #12 on:** February 23, 2010, 05:53:14 PM »

Also... reading ahead I also saw that for the Combo Fix I'm supposed to disable firewalls. I don't think I have a software firewall... just the hardware firewall on my router. Would I need to go into the router settings and disable it for this step?

Halogengirlie · « **Reply #13 on:** February 23, 2010, 05:59:18 PM »

And one last thought! My windows is asking me to install some updates. I'm not sure if I should do that now... or wait till after we complete the cleaning process.

the updates it's asking to install are as follows:

Update for Windows XP (KB967715) (Issue w/ not disabling Autorun features)
Update for Windows XP (KB976662) (Something to do with IE8 and non conformance with new ECMA Script)
Update for Windows XP (KB979306) (Something to do with daylight savings time adjustments)

It appears that these will require rebooting the machine after install.

SuperDave · « **Reply #14 on:** February 23, 2010, 07:55:01 PM »

Quote

Also while I was at work today I re-ran the SuperAntiSpy Software (since it takes awhile to run). I will attach the log below.... it found 4 items, and said that it was able to remove them.

Is this a business computer?

Quote

Should I proceed to the Windows Messenger, HiJack, and Combo Fix now? Despite my inability to do the Jotti page?

Yes. Please proceed with the rest.

Quote

just the hardware firewall on my router.

That won't cause a problem.

Don't bother installing the updates until we get the computer cleaned. Just do the ComboFix scan and paste the report here in your next reply.

Halogengirlie · « **Reply #15 on:** February 24, 2010, 12:13:37 PM »

It's a personal computer.. I just started the software running in the morning before I left for work, so that I wouldn't have to come home from work and then wait 2 hours for it to run.

(Kinda makes it feel like instant gratification when you come home that night and the log is all ready for you)

I'll work on the other items tonight. Thanks!

Halogengirlie · « **Reply #16 on:** February 24, 2010, 06:46:38 PM »

OK few items:

Bonjour... I've never used it (that I know of) What is it for?

Sonic... I went to read your second link... but it wouldn't work.

HiJack This... I didn't see any of the 3 items you listed... I'll attach the most current log below.

(Will work on Combo Fix next)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:21 PM, on 2/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174695347609
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LELIAG~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 16581 bytes

Halogengirlie · « **Reply #17 on:** February 24, 2010, 07:19:13 PM »

I shut off my windows firewall and my Anti-Virus & closed all windows.

I then ran the Combo Fix. It notified me that I needed to get a recovery console installed, which I agreed to. It downloaded it and began to run... a few minutes into the program a blue screen appeared.

It says:

A problem has been detected and Windows has been shut down to prevent damage to your computer

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. IF you need to use Safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select safe mode.

Technical Information:

*** STOP: 0x00000050 (0xBA4012A4, 0x00000008, 0x805417f4, 0x00000000)
*** mbr.sys - Address BA4012A4 base at BA4012A4, DateStamp 000000000

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.

Not sure what to do next.... I've never seen that message before.... Should I reboot and see if my computer comes up? OR reboot in safe mode??

Halogengirlie · « **Reply #18 on:** February 24, 2010, 07:41:04 PM »

I rebooted... and it came back up...

I think that perhaps this might be a good time to burn my personal files to DVD?

Halogengirlie · « **Reply #19 on:** February 24, 2010, 08:01:01 PM »

A few minutes after the reboot this message appeared

Microsoft Windows

Error Signature
BCCode: 1000005 BCP1: BA4012A4 BCP2: 00000008 BCP3: 805417F4
BCP4: 00000000 OSVer: 5_1_2600 SP: 3_0 Product: 256_1

Reporting details:

This error report includes: information regarding the conditionof Microsoft Windos when the problem occured, the operating system version and computer hardware in use, and the Internet Protocol (IP) address of your computer.

WE do not intentionally collect your name, address, email address or any other form of personally identifiable information. HOwever, the error report may contain customer - specific information in the collected data files. While this information coule be used to determine your identity, if present, it will nto be sued.

The data we collect will only be used to fix the problem. If more information is available, we will tell you, when you report the problem. Tis error report will be sent using a secure connection to a database with limited access and will not be used for marketing purposes.

To view technical info click here:

( I Clicked... and.... this is what it showed)

C:DOCUME~1\LELIAG~1\LOCALS~1\Temp\WERa707.dir00\Mini022410-01.dmp
C:DOCUME~1\LELIAG~1\LOCALS~1\Temp\WERa707.dir00\sysdata.xml

(I then reported to Windows and it provided this link)

http://wer.microsoft.com/responses/Response.aspx/685/en-us/5.1.2600.2.00010100.3.0?SGD=2968b530-6834-4de5-96bb-0e3ef1eefdd7

Halogengirlie · « **Reply #20 on:** February 24, 2010, 08:39:25 PM »

I attached photos of the error message images (in case I made a typo or something).

[Saving space, attachment deleted by admin]

SuperDave · « **Reply #21 on:** February 25, 2010, 12:58:24 PM »

Ok. Let's try this.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Halogengirlie · « **Reply #22 on:** February 25, 2010, 05:10:56 PM »

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Lelia Goehring on 02/25/2010 at 18:04:11.

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Documents and Settings\Lelia Goehring\Desktop\rkill.pif

Rkill completed on 02/25/2010 at 18:04:14.

Halogengirlie · « **Reply #23 on:** February 25, 2010, 05:14:22 PM »

I ran the rkill then tried the exehelper... and the exehelper gave me an error message. (The above log is from the first rkill).

I re-downloaded the exehelper... ran the rkill again (it showed only the C:\Documents and Settings\Lelia Goehring\Desktop\rkill.pif line the second time.. i forgot to save that log.)

I then ran the exehelper again, it worked the second time) and got this log:

exeHelper by Raktor
Build 20091220
Run at 18:08:09 on 02/25/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Halogengirlie · « **Reply #24 on:** February 25, 2010, 05:23:57 PM »

I also pulled my ESET NOD32 LOGS... Since I saw it kick up a message...

2/25/2010 6:15:45 PM
Real-time file system protection   file
C:\RECYCLER\S-1-5-21-612603234-3240061797-151707943-1005\Dc2.com
probably a variant of Win32/Agent trojan
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred on a file modified by the application: C:\WINDOWS\explorer.exe.

2/25/2010 6:03:05 PM
Real-time file system protection   file
C:\Documents and Settings\Lelia Goehring\Local Settings\Temporary Internet Files\Content.IE5\PW21Z7SY\exeHelper[1].com   probably a variant of Win32/Agent trojan
cleaned by deleting (after the next restart) - quarantined
NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2/23/2010 5:31:46 AM
Real-time file system protection   file
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP884\A0060016.exe
Win32/Adware.SpywareProtect2009 application
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to run the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

2/23/2010 4:20:11 AM
Real-time file system protection   file
C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe
Win32/Adware.SpywareProtect2009 application
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe.

2/23/2010 3:20:16 AM
Real-time file system protection   file
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP884\A0059734.com
probably a variant of Win32/Agent trojan
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to run the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

2/23/2010 2:27:40 AM
Real-time file system protection   file
C:\Documents and Settings\Lelia Goehring\Desktop\virus\exeHelper.com
probably a variant of Win32/Agent trojan
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to run the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

2/22/2010 11:09:48 PM
Real-time file system protection   file
G:\exeHelper.com
probably a variant of Win32/Agent trojan
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

2/22/2010 10:35:58 PM
Real-time file system protection   file
E:\exeHelper.com
probably a variant of Win32/Agent trojan
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

Halogengirlie · « **Reply #25 on:** February 25, 2010, 05:31:57 PM »

A bunch of those notifications were where it didn't like your exehelper... and in order to download it I would have to disable my anti-virus... once i ran it, I would turn the anti-virus back on.. and it would quarantine the exehelper...

But I didnt know what these were:

C:\RECYCLER\S-1-5-21-612603234-3240061797-151707943-1005\Dc2.com (Date: 2/25)

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP884\A0060016.exe Win32/Adware.SpywareProtect2009 application (Date: 2/23)

C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe Win32/Adware.SpywareProtect2009 application (Date: 2/23)

I don't see Adware in my "All Programs" files... so if it's a legit software... I didn't disable it when I tried to run the ComboFix.

Also that file in the nolcol directory... I never found a file there (of course that event is two days old... so it may be gone now).

Halogengirlie · « **Reply #26 on:** February 25, 2010, 05:38:34 PM »

Oh... and the error message I got with the exehelper... was not "error deleting a file"... it said that the exehelper was not a valid file... The second time I downloaded it I had no troubles running it.

Thanks again for your help!

SuperDave · « **Reply #27 on:** February 25, 2010, 07:53:36 PM »

Let's try this.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Halogengirlie · « **Reply #28 on:** February 26, 2010, 06:43:06 AM »

I ran it with my virus protection enabled and it did not try to block it (as far as I can tell). If you need me to re-run it with my virus protection disabled, please let me know.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Lelia Goehring at 7:37:04.15 on Fri 02/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1327 [GMT -6:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Lelia Goehring\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\progra~1\dellsu~1\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [PSDiagnosticM] "c:\program files\linksys wireless-g print server\PSDiagnosticM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\leliag~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\leliag~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-0000003d0002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174695347609
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leliag~1\applic~1\mozilla\firefox\profiles\ej1vlvan.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-7 3712]
R2 NeatReceipts Auto Backup;NeatReceipts Auto Backup;c:\program files\neatreceipts professional\exec\NeatReceiptsAutoBackup.exe [2007-3-16 30320]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2008-8-15 12032]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2008-8-15 39424]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-12 29744]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
S3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -snr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -sNR2005 [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.exe -i nr2005 --> c:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.EXE -i NR2005 [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-3-22 278384]

=============== Created Last 30 ================

2010-02-25 04:17:37   7168   --sha-w-   c:\windows\Thumbs.db
2010-02-25 02:07:21   0   ----a-w-   c:\windows\system32\openglssd.sys
2010-02-25 02:03:26   0   d-sha-r-   C:\cmdcons
2010-02-25 01:59:43   98816   ----a-w-   c:\windows\sed.exe
2010-02-25 01:59:43   77312   ----a-w-   c:\windows\MBR.exe
2010-02-25 01:59:43   261632   ----a-w-   c:\windows\PEV.exe
2010-02-25 01:59:43   161792   ----a-w-   c:\windows\SWREG.exe
2010-02-25 01:59:37   0   d-s---w-   C:\ComboFix
2010-02-23 10:13:08   0   d-----w-   c:\program files\Trend Micro
2010-02-23 09:59:52   0   d-----w-   c:\program files\CCleaner
2010-02-23 04:49:33   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-23 04:49:16   0   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-23 04:49:16   0   d-----w-   c:\docume~1\leliag~1\applic~1\SUPERAntiSpyware.com
2010-02-21 02:45:38   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-02-21 02:41:41   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-02-13 18:59:33   0   d-----w-   c:\docume~1\leliag~1\applic~1\Office Genuine Advantage
2010-02-01 02:42:42   0   d-----w-   c:\program files\common files\Adobe Systems Shared
2010-01-31 22:54:13   0   d-----w-   c:\program files\MyPublisher
2010-01-31 22:54:06   0   d-----w-   c:\docume~1\leliag~1\applic~1\MyPublisher

==================== Find3M ====================

2010-02-13 15:28:35   62064   ----a-w-   c:\windows\system32\nvModes.dat
2010-01-31 22:54:24   91264   ----a-w-   c:\windows\fonts\MPDorset-Bold.ttf
2010-01-31 22:54:24   38248   ----a-w-   c:\windows\fonts\DeckerI.ttf
2010-01-31 22:54:24   154520   ----a-w-   c:\windows\fonts\MPPeony.ttf
2010-01-31 22:54:24   143044   ----a-w-   c:\windows\fonts\MPPalisade-Bold.ttf
2010-01-31 22:54:24   137400   ----a-w-   c:\windows\fonts\MPPalisade-Regular.ttf
2010-01-31 22:54:24   130944   ----a-w-   c:\windows\fonts\MPBaxter.ttf
2010-01-31 22:54:24   110352   ----a-w-   c:\windows\fonts\MPDorset-Regular.ttf
2010-01-31 22:54:21   38784   ----a-w-   c:\windows\fonts\Decker.ttf
2010-01-07 22:07:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-04 00:29:51   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-01-04 00:29:49   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2009-12-31 16:50:03   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03   353792   ------w-   c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18   173056   ------w-   c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-16 18:43:27   343040   ------w-   c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23   33280   ------w-   c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44   726528   ----a-w-   c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51   2189184   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15   2145280   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15   2145280   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51   2023936   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51   2023936   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50   2066048   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28   474112   ------w-   c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22   455424   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-04-01 05:37:02   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 7:37:25.75 ===============

Halogengirlie · « **Reply #29 on:** February 26, 2010, 06:43:33 AM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2007 7:29:10 PM
System Uptime: 2/25/2010 5:25:39 PM (14 hours ago)

Motherboard: Dell Inc. | | 0JF242
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 2161/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 6.824 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Lelia's Phone
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Lelia's Phone
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP790: 11/29/2009 4:59:10 PM - System Checkpoint
RP791: 11/30/2009 3:00:17 AM - Software Distribution Service 3.0
RP792: 12/1/2009 3:40:41 AM - System Checkpoint
RP793: 12/2/2009 5:40:42 AM - System Checkpoint
RP794: 12/3/2009 7:40:41 AM - System Checkpoint
RP795: 12/4/2009 4:47:26 PM - System Checkpoint
RP796: 12/5/2009 5:41:47 PM - System Checkpoint
RP797: 12/6/2009 7:40:41 PM - System Checkpoint
RP798: 12/7/2009 11:23:01 PM - System Checkpoint
RP799: 12/8/2009 11:40:41 PM - System Checkpoint
RP800: 12/9/2009 3:00:18 AM - Software Distribution Service 3.0
RP801: 12/10/2009 3:00:18 AM - Software Distribution Service 3.0
RP802: 12/11/2009 3:25:31 AM - System Checkpoint
RP803: 12/12/2009 5:26:36 AM - System Checkpoint
RP804: 12/13/2009 7:25:32 AM - System Checkpoint
RP805: 12/13/2009 1:34:51 PM - Installed BlackBerry Desktop Software 4.7.
RP806: 12/13/2009 1:41:02 PM - Installed Roxio Media Manager
RP807: 12/14/2009 3:00:18 AM - Software Distribution Service 3.0
RP808: 12/15/2009 3:50:51 AM - System Checkpoint
RP809: 12/16/2009 5:50:52 AM - System Checkpoint
RP810: 12/17/2009 7:51:51 AM - System Checkpoint
RP811: 12/18/2009 8:04:13 AM - System Checkpoint
RP812: 12/19/2009 10:29:28 AM - System Checkpoint
RP813: 12/20/2009 11:13:40 AM - System Checkpoint
RP814: 12/21/2009 11:50:50 AM - System Checkpoint
RP815: 12/22/2009 1:15:51 PM - System Checkpoint
RP816: 12/23/2009 5:49:31 PM - System Checkpoint
RP817: 12/24/2009 7:04:49 PM - System Checkpoint
RP818: 12/25/2009 11:36:38 AM - Logitech Webcam Software v12.10.1110
RP819: 12/26/2009 1:04:53 PM - System Checkpoint
RP820: 12/27/2009 1:32:55 PM - System Checkpoint
RP821: 12/28/2009 1:46:54 PM - System Checkpoint
RP822: 12/29/2009 1:48:06 PM - System Checkpoint
RP823: 12/30/2009 3:32:56 PM - System Checkpoint
RP824: 12/31/2009 5:19:01 PM - System Checkpoint
RP825: 1/1/2010 7:09:42 PM - System Checkpoint
RP826: 1/2/2010 9:04:48 PM - System Checkpoint
RP827: 1/3/2010 11:20:12 PM - System Checkpoint
RP828: 1/5/2010 1:16:30 AM - System Checkpoint
RP829: 1/6/2010 3:11:46 AM - System Checkpoint
RP830: 1/7/2010 3:24:24 AM - System Checkpoint
RP831: 1/8/2010 5:11:53 AM - System Checkpoint
RP832: 1/9/2010 12:50:50 PM - System Checkpoint
RP833: 1/10/2010 2:13:29 PM - System Checkpoint
RP834: 1/11/2010 3:15:34 PM - System Checkpoint
RP835: 1/12/2010 5:20:54 PM - System Checkpoint
RP836: 1/13/2010 7:29:01 AM - Software Distribution Service 3.0
RP837: 1/14/2010 3:00:18 AM - Software Distribution Service 3.0
RP838: 1/15/2010 4:05:03 AM - System Checkpoint
RP839: 1/16/2010 4:06:11 AM - System Checkpoint
RP840: 1/17/2010 6:05:08 AM - System Checkpoint
RP841: 1/18/2010 8:09:11 AM - System Checkpoint
RP842: 1/19/2010 3:00:18 AM - Software Distribution Service 3.0
RP843: 1/20/2010 3:57:02 AM - System Checkpoint
RP844: 1/21/2010 5:57:05 AM - System Checkpoint
RP845: 1/22/2010 3:00:16 AM - Software Distribution Service 3.0
RP846: 1/23/2010 3:00:18 AM - Software Distribution Service 3.0
RP847: 1/23/2010 5:54:22 PM - Installed Device Package
RP848: 1/24/2010 11:42:25 PM - System Checkpoint
RP849: 1/26/2010 12:53:15 AM - System Checkpoint
RP850: 1/26/2010 3:00:18 AM - Software Distribution Service 3.0
RP851: 1/27/2010 3:17:38 AM - System Checkpoint
RP852: 1/28/2010 3:00:17 AM - Software Distribution Service 3.0
RP853: 1/29/2010 3:53:31 AM - System Checkpoint
RP854: 1/30/2010 5:53:31 AM - System Checkpoint
RP855: 1/31/2010 6:03:16 AM - System Checkpoint
RP856: 1/31/2010 8:40:45 PM - Installed Adobe Photoshop CS2
RP857: 1/31/2010 9:07:35 PM - Installed Adobe Acrobat 3D
RP858: 2/1/2010 9:21:18 PM - System Checkpoint
RP859: 2/2/2010 10:12:52 PM - System Checkpoint
RP860: 2/4/2010 12:35:02 AM - System Checkpoint
RP861: 2/5/2010 2:03:26 AM - System Checkpoint
RP862: 2/6/2010 2:13:00 AM - System Checkpoint
RP863: 2/7/2010 2:24:37 AM - System Checkpoint
RP864: 2/8/2010 4:03:22 AM - System Checkpoint
RP865: 2/9/2010 6:03:23 AM - System Checkpoint
RP866: 2/10/2010 3:00:35 AM - Software Distribution Service 3.0
RP867: 2/11/2010 3:00:17 AM - Software Distribution Service 3.0
RP868: 2/12/2010 3:52:25 AM - System Checkpoint
RP869: 2/13/2010 12:25:15 AM - Removed Logitech Webcam Software.
RP870: 2/13/2010 12:26:09 AM - Logitech Webcam Software v12.10.1110
RP871: 2/13/2010 12:38:48 AM - Removed Logitech Vid.
RP872: 2/13/2010 1:25:36 AM - Software Distribution Service 3.0
RP873: 2/14/2010 2:29:26 AM - System Checkpoint
RP874: 2/15/2010 4:25:54 AM - System Checkpoint
RP875: 2/16/2010 3:00:22 AM - Software Distribution Service 3.0
RP876: 2/17/2010 4:25:54 AM - System Checkpoint
RP877: 2/18/2010 4:26:05 AM - System Checkpoint
RP878: 2/19/2010 6:25:31 AM - System Checkpoint
RP879: 2/20/2010 6:26:04 AM - System Checkpoint
RP880: 2/20/2010 8:41:10 PM - Installed Java(TM) 6 Update 18
RP881: 2/20/2010 8:44:24 PM - Removed Java(TM) 6 Update 18
RP882: 2/20/2010 8:45:10 PM - Installed Java(TM) 6 Update 18
RP883: 2/21/2010 10:27:09 PM - System Checkpoint
RP884: 2/22/2010 10:49:15 PM - Installed SUPERAntiSpyware Free Edition
RP885: 2/23/2010 11:02:08 PM - System Checkpoint
RP886: 2/24/2010 7:24:06 PM - Software Distribution Service 3.0
RP887: 2/26/2010 7:31:11 AM - Software Distribution Service 3.0

==== Installed Programs ======================

50 Free Elegant Fonts
Ad-Aware 2007
Adobe Acrobat 3D
Adobe Acrobat 3D - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.6
Adobe Stock Photos 1.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Autodesk Architectural Desktop 2006
Autodesk Customization Conversion Tools
Autodesk DWF Viewer
biolsp patch
BlackBerry Desktop Software 4.7
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
BUM
CCleaner
Conexant HDA D110 MDC V.92 Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EA Download Manager
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ESET NOD32 Antivirus
ETS Launch Pad
ETS Upgrade
Garmin USB Drivers
Garmin WebUpdater
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp deskjet 930c series (Remove only)
Intellisync Lite
iQue - MapInstall and ContactLocation
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
KhalSetup
KODAK EASYSHARE Gallery Easy Upload, v2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
Linksys Wireless-G Print Server
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPublisher
NeatReceipts Professional v2.7.5
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
NTRU Hybrid TSS v2.0.25
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm Desktop for Garmin iQue
PC Connectivity Solution
PE Builder 3.1.10a
PowerDVD 5.7
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio Media Manager
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samsung ML-2850 Series
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Security Wizards
Sonic Update Manager
SPORE™
Stardock MyColors
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
URL Assistant
VPN Client
Wave Infrastructure Installer
Wave Support Software
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Desktop Search 3.01
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.2

==== Event Viewer Messages From Past Week ========

2/24/2010 8:41:12 PM, error: System Error [1003] - Error code 10000050, parameter1 ba4012a4, parameter2 00000008, parameter3 805417f4, parameter4 00000000.
2/24/2010 8:04:29 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
2/24/2010 8:00:29 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
2/24/2010 7:59:59 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/22/2010 11:11:30 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/22/2010 11:11:30 PM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
2/22/2010 11:03:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
2/22/2010 11:03:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NeatReceipts Auto Backup service to connect.
2/22/2010 11:03:03 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
2/22/2010 11:03:03 PM, error: Service Control Manager [7000] - The NeatReceipts Auto Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2010 11:03:03 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.

==== End Of File ===========================

SuperDave · « **Reply #30 on:** February 26, 2010, 12:55:10 PM »

Quote

I think that perhaps this might be a good time to burn my personal files to DVD?

That's not a bad idea to do at all times.
=================================

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services

:reg

:files
c:\windows\Thumbs.db
c:\windows\system32\openglssd.sys  
c:\windows\sed.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
=========================================
You are down to 6.824 GiB on your hard drive. You should at least 15% free space on your harddrive. This can cause all kinds of problems. You would be wise to uninstall any un-needed programs or get another hard drive for storage
=================================
Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for
J2SE Runtime Environment 5.0 Update 6
URL Assistant
WebFldrs XP ( If you don't need it.)

=====================================

Download GMER Rootkit Detector and save it your desktop.

* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

Halogengirlie · « **Reply #31 on:** February 26, 2010, 04:28:50 PM »

I think I can remove some programs... I have alot of spaced tied up in photos & videos... that I've backup up to disk...

If I got a remote drive and backed up my files to it... do I run the risk of reinfecting my computer when I go back to these items in the future?

SuperDave · « **Reply #32 on:** February 26, 2010, 04:59:38 PM »

Remember, you have to get to at least 12GiB of free space.
Backing up your files to a second hard drive is quite safe because they are mostly pictures, documents etc and most malware is not really interested in those things. Plus, you can also run scans on those files in your storage drives.

Halogengirlie · « **Reply #33 on:** February 26, 2010, 08:32:27 PM »

Ok cleared to 26 Gig clear.

Here is the log from the Old Timer

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\Thumbs.db moved successfully.
c:\windows\system32\openglssd.sys moved successfully.
c:\windows\sed.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lelia Goehring
->Temp folder emptied: 85367108 bytes
->Temporary Internet Files folder emptied: 14719581 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48489622 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2690645 bytes

User: NetworkService
->Temp folder emptied: 66264 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 60529 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23963746 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 68173317 bytes

Total Files Cleaned = 233.00 mb

OTM by OldTimer - Version 3.1.9.0 log created on 02262010_212328
All processes killed

OTM by OldTimer - Version 3.1.9.0 log created on 02262010_212323

Files moved on Reboot...

Registry entries deleted on Reboot...

Halogengirlie · « **Reply #34 on:** February 26, 2010, 08:34:10 PM »

I think that I ran the Old Timer Correctly... But I never got a chance to copy anything under the green bar, since the computer restarted itself.

Halogengirlie · « **Reply #35 on:** February 26, 2010, 08:38:52 PM »

J2SE Runtime Environment 5.0 Update 6 - This is in the add remove programs
URL Assistant- This is in the add remove programs
WebFldrs XP - I did not see this one in the add remove programs.

Should I remove these files (the Java and the URL)?

After that I will proceed with the rootkit.

SuperDave · « **Reply #36 on:** February 27, 2010, 11:21:47 AM »

Yes. Please uninstall those programs and proceed.

Halogengirlie · « **Reply #37 on:** February 27, 2010, 05:36:21 PM »

Ok.. I uninstalled the programs we talked about in the last post.

I then went on to use the rootkit.

The rootkit looked like it completed... I then copied the information and then hooked up my internet cable... and clicked to start my browser (which refused to load). The GMER froze and turned white,if I clicked on the desktop the comptuer would beep at me. I waited for about 20 mins... then tried to Ctrl + Alt + Delete... the computer wouldn't let me do anything. So I force rebooted it by holding down the power button. When it came back up, I waited awhile for everything to load and tried again. It ran for awhile and then gave me an error message "gmer.exe encounted a problem and needs to close." I photographed the messages which I can pdf if it is helpful.

I rebooted again to try one more time... and the computer would not properly shut down... it hung up on the blue screen. I waited about 20 mins and then held down the power button.

I re-downloaded the software and tried a third time and watched carefully... it looks like the error message pops up when it scans \Device\00000096

Perhaps I should run this from Safe mode... or turn my anti-virus off first?? I'm not sure why I can't get it to run.

Halogengirlie · « **Reply #38 on:** February 27, 2010, 05:47:53 PM »

I did install an external back up drive yesterday... just an FYI since it is new software... and I think that my EA Games auto downloaded some update...

But my computer is not running very well... it took quite awile to get an internet browser to come up... and the computer just seems to be running and running... but nothing shows up under the task manager... and it doesn't like to shut down... just hangs on every command.

SuperDave · « **Reply #39 on:** February 28, 2010, 08:29:20 AM »

I'm checking with my mentor about what the next step will be. Sorry for the delay.

SuperDave · « **Reply #40 on:** February 28, 2010, 07:10:23 PM »

Copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code: [Select]

@echo off
Copy /y gmer.exe ark.exe
Start ark.exe

Save it into the gmer folder as File name: ark.cmd
Save as type: All Files

Once done, double click ark.cmd to run it.

This should start GMER, follow the steps I have outlined earlier to save a log file, then post me the contents in your next reply.

Halogengirlie · « **Reply #41 on:** March 01, 2010, 09:44:00 AM »

"Save it into the gmer folder "

I had the gmer icon on my desktop... should I just save this to the desktop? OR make a folder for the gmer?

Thanks!

SuperDave · « **Reply #42 on:** March 01, 2010, 12:07:46 PM »

The GMER icon is on your desktop but you should find GMER also on your C: drive.

Halogengirlie · « **Reply #43 on:** March 07, 2010, 10:22:54 AM »

I looked for a GMER Folder under C:

But this is what I found:

gmer.exe is located c:\Documents and Settings\Lelia Goehring\Desktop
gmer.zip is located c:\Documents and Settings\Lelia Goehring\Recent
gmer.zip is located c:\Documents and Settings\Lelia Goehring\Desktop

Not sure which of these I should use for the new ark file

SuperDave · « **Reply #44 on:** March 07, 2010, 12:16:48 PM »

Ok. Delete GMER and we'll try this tool.

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

Halogengirlie · « **Reply #45 on:** March 07, 2010, 07:12:40 PM »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/03/07 20:02
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB68E7000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA612000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1CA4000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==

SuperDave · « **Reply #46 on:** March 09, 2010, 11:23:00 AM »

If there are no other issues, it's time for some clean-up. You can uninstall HTJ, ESET, DDS and RootRepeal. You may keep SAS and MBAM, if you wish. Update them and run them occassionaly.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

1.Double click OTM to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. When finished exit out of OTM.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Halogengirlie · « **Reply #47 on:** March 09, 2010, 09:23:27 PM »

Uninstalled - ComboFix & OTM

ESET NOD 32 is also my virus protection... I presume that I would leave that installed

#1 - Not sure how to remove Root Repeal... It does not seem to appear in my Add / Remove Programs list

#2 - Do I keep or remove CCleaner and Hijack This?

#3 - DDS? Not sure we used that one... what's the name of the program again?

#4 - When I install the third party firewall... will I need to disable XP's firewall? OR will it do it automatically?

Ran Secunia – installed everything it mentioned… then ran windows updater, installed all critical.

#5 - Windows site now says no critical updates left… but on a whim I went back to Secunia site… and now it says that I have 3 windows items that are unprotected. Not sure that I understand why… since the windows site says I’m ok… and I’ve upgraded to IE 8. I attached a PDF print out of the results.

Set up WOT & Spyware Blaster

Spybot found and fixed: Double Click Cookie, Fraud.sysguard (HKEY_USERS), Right Media Cookie

Still to do firewall and removal of assorted programs above once I receive your response.

#6 - Do you think that once these items are complete… that my computer will be safe enough again to surf the internet… access bank sites… etc?

[Saving space, attachment deleted by admin]

SuperDave · « **Reply #48 on:** March 10, 2010, 12:31:47 PM »

Quote

ESET NOD 32 is also my virus protection... I presume that I would leave that installed

Definitely and make sure it's always updated.

Quote

#1 - Not sure how to remove Root Repeal... It does not seem to appear in my Add / Remove Programs list

It should be on your desktop. Just delete it.

Quote

#2 - Do I keep or remove CCleaner and Hijack This?

Uninstall HJT and delete CCleaner from your desktop.

Quote

#3 - DDS? Not sure we used that one... what's the name of the program again?

You should find it on your desktop. Deckard's System Scanner

Quote

#4 - When I install the third party firewall... will I need to disable XP's firewall? OR will it do it automatically?

I think it will disable XP's Firewall but just to be on the safe side go to the Control panel and make sure it's disabled

Quote

#5 - Windows site now says no critical updates left

Just make sure that your automatic updates is turned on.

Quote

#6 - Do you think that once these items are complete… that my computer will be safe enough again to surf the internet… access bank sites… etc?

Yes. There were no rootkits and backdoor trojans found on your computer. Just make sure that all your protection is kept up-to-date.

Halogengirlie · « **Reply #49 on:** March 10, 2010, 02:41:26 PM »

Fantastic News!

Deckard's system scanner... I don't recall doing that one... perhaps I missed a step?
Would it be something I would need to do now... or just skip it?

rshultes · « **Reply #50 on:** March 10, 2010, 03:07:26 PM »

glad to hear yo got it fixed that combo fix might have done the trick i use it a lot for no internet issues.I'm going to link this to my site for some help for ppl thanks all this post is a keeper for self help!

SuperDave · « **Reply #51 on:** March 10, 2010, 04:36:35 PM »

Quote

Deckard's system scanner... I don't recall doing that one... perhaps I missed a step?
Would it be something I would need to do now... or just skip it?

We used DDS in Reply 27. It should be on your desktop. Just delete it.

Computer Hope Forum

News:

Author Topic: Application cannot be executed. The file *** is infected. (Read 29997 times)

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

SuperDave

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

SuperDave

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

SuperDave

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

Halogengirlie

SuperDave

Halogengirlie

Halogengirlie

SuperDave

Halogengirlie

SuperDave

Halogengirlie

Halogengirlie

Halogengirlie

SuperDave

Halogengirlie

Halogengirlie

SuperDave

SuperDave

Halogengirlie

SuperDave

Halogengirlie

SuperDave

Halogengirlie

SuperDave

Halogengirlie

SuperDave

Halogengirlie

rshultes

SuperDave