Author Topic: computer acting up (Read 34558 times)

FALLGUY · « **on:** May 06, 2010, 10:09:10 AM »

Here are my log files...Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2010 10:16:24 AM
mbam-log-2010-05-06 (10-16-24).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 267763
Time elapsed: 58 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorDoctor (Rogue.ErrorDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

FALLGUY · « **Reply #1 on:** May 06, 2010, 10:10:10 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:20 AM, on 5/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

(Unable to list running processes)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Webroot Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] C:\Documents and Settings\moore family\Local Settings\Temporary Internet Files\Content.IE5\GBM547GV\WinFixerScannerInstall[1].exe -nag
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1159381305-3383041272-4172013292-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'patti's place')
O4 - HKUS\S-1-5-21-1159381305-3383041272-4172013292-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'patti's place')
O4 - HKUS\S-1-5-21-1159381305-3383041272-4172013292-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'patti's place')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132341909031
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8036 bytes

FALLGUY · « **Reply #2 on:** May 06, 2010, 10:14:41 AM »

Java is update 6 #17 . It would not update to 6#20.download failed . SUPERspyware error 1719...Windows installer not correctly installed.

FALLGUY · « **Reply #3 on:** May 06, 2010, 10:24:12 AM »

I am unable to update programs or connect to anything USB.I've run PCtools registry optimizer which helped the speed and some of the freezing up. I currently have the latest SpySweeper and have no virus. I did catch one within the last week or so. The acting up has been happening for a couple of months. Especially Zune's software. I tried to delete and start over but it would not let me.

SuperDave · « **Reply #4 on:** May 08, 2010, 04:56:14 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
Please uninstall/delete PCtools registry optimizer

Your HJT log is not complete and this is an old version. Please uninstall HJT, download and run a new version.

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

FALLGUY · « **Reply #5 on:** May 09, 2010, 12:58:52 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:15 AM, on 5/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\STK017_V2.01\STK017M.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (filesize 311296 bytes, MD5 0B8B3ACC97126A9EC472CF898780D684)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 C9EDE29F223A27873E187D9FB6045EA6)
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 DEE8F03D1EACE0C8F914A2C76568EA32)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (filesize 311296 bytes, MD5 0B8B3ACC97126A9EC472CF898780D684)
O3 - Toolbar: Webroot Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE" (filesize 28160 bytes, MD5 60C2D0115B1B1FAC72A194CFF1A56494)
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] C:\Documents and Settings\moore family\Local Settings\Temporary Internet Files\Content.IE5\GBM547GV\WinFixerScannerInstall[1].exe -nag
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (filesize 385024 bytes, MD5 BAFCF6CF19CE4882039C52DFA17BE35F)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 037B1E7798960E0420003D05BB577EE6)
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install (filesize 1630208 bytes, MD5 3D51F8D38A5FE3EC219F33E83607BCDE)
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (filesize 33280 bytes, MD5 037B1E7798960E0420003D05BB577EE6)
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" (filesize 207360 bytes, MD5 901FD2C25D27AC8A2BF379ABB2BA21D1)
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (filesize 158448 bytes, MD5 1C1784599D8F78B6D37C40D85DF52FFF)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (filesize 149280 bytes, MD5 3A0647BDED81DBE0BCBB51D70B22C9E0)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 392845E8D49B5F0E81AAC4D795000A8C)
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (filesize 450560 bytes, MD5 57781B2D6C4DDBF753D820472462E445)
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe (filesize 1134592 bytes, MD5 21387BE4B70C89AF035755461FAB4152)
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 26CB10FA893F940AB09713FF46DCDADE)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132341909031
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exeC:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exeC:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exeC:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeC:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 10447 byte

Hi SuperDave,
I tried to remove the old hijack, Trend micro ,and Spysweeper . I kept telling me it wasn't there or error.
I've disable Spysweeper in the program as much as I could. I've also removed a group of other freeware that I downloaded but was unable to run because of errors. I can't believe I found this sight! It has been very enlightening. I've come to my wits end this last month. I really appreciate all your help and time.

The malware program stopped working too.

SuperDave · « **Reply #6 on:** May 09, 2010, 12:19:19 PM »

Can you please be more specific about what is wrong with your computer?

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Program Files\STK017_V2.01\STK017M.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

=============================================

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

===========================================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
=========================================
•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

FALLGUY · « **Reply #7 on:** May 09, 2010, 02:48:34 PM »

Hi Dave,
I tried the control + v and it brings up the file upload window. Not sure how the copy and paste comes into play.
I'll wait for your reply before next step.
My computer browser doesn't show websites in the complete form. Only in a text layout page.My Zune player and camera will not connect. Also the zune program will not uninstall or update as with most all programs not recognizing the internet connection for updating. The zune program gets a fuzz picture when I connect to the website for downloads. The fuzz picture would stay with the coputer display after I closed program. I then would have to restart computer to reset the fuzzy display. I had a lot of podcasts auto downloading regular shows til a few weeks ago.

SuperDave · « **Reply #8 on:** May 09, 2010, 05:14:24 PM »

Control V is just a shortcut for paste. Just do it the old-fashioned way. Use your mouse to highlight the file path then right-click in the browse box and click paste. It should paste the file path into the browse box. That file I'm getting you to scan is more than likely related to Zune and your camera. We'll know more when the file is scanned.

FALLGUY · « **Reply #9 on:** May 09, 2010, 08:25:15 PM »

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename:    STK017M.exe
Status:
Scan finished. 14 out of 20 scanners reported malware.
Scan taken on:    Mon 10 May 2010 04:25:13 (CET) Permalink

Additional info
File size:    151552 bytes
Filetype:    PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:    e7a0e4034e24d7bd27d3d620bbf793d4
SHA1:    f01b03b7dd6df0db15373280e73c0fb3c16ca5b b

Scanners
[ArcaVir]
2010-05-09 Adware.Cres
   [F-Secure Anti-Virus]
2010-05-09 not-a-virus:AdWare.Win32.Cres
[A-Squared]
2010-05-10 Riskware.AdWare.Win32.Cres!IK
   [G DATA]
2010-05-10 Win32:Trojan-gen
[Avast! antivirus]
2010-05-09 Win32:Trojan-gen
   [Ikarus]
2010-05-10 not-a-virus:AdWare.Win32.Cres
[Grisoft AVG Anti-Virus]
2010-05-09 Generic2.RV
   [Kaspersky Anti-Virus]
2010-05-09 not-a-virus:AdWare.Win32.Cres
[Avira AntiVir]
2010-05-09 ADSPY/Cres.A.4
   [ESET NOD32]
2010-05-09 Found nothing
[Softwin BitDefender]
2010-05-10 Found nothing
   [Panda Antivirus]
2010-05-09 Adware/Cres
[ClamAV]
2010-05-10 Found nothing
   [Quick Heal]
2010-05-08 Found nothing
[CPsecure]
2010-05-10 Found nothing
   [Sophos]
2010-05-05 Found nothing
[Dr.Web]
2010-05-10 Trojan.Siggen.204
   [VirusBlokAda VBA32]
2010-05-06 AdWare.Win32.Cres
[Frisk F-Prot Antivirus]
2010-05-09 W32/Adware.KIH
   [VirusBuster]
2010-05-09 Adware.Cres.C

SuperDave · « **Reply #10 on:** May 10, 2010, 06:20:52 PM »

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for C:\Program Files\STK017_V2.01 and uninstall it.
There is an infection in this folder and it must be removed. The worst thing is that this folder is possibly related to your camera. I certainly hope not.

=====================================

•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

===================================

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post

FALLGUY · « **Reply #11 on:** May 10, 2010, 08:43:15 PM »

Acrobat.com
Actiontec Gateway
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Advanced Registry Optimizer
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Software Suite
Ask Toolbar
ATI Display Driver
avast! Free Antivirus
Belarc Advisor 7.2
Big Kahuna Reef 2
BigFix
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
EPSON NX100 Series Printer Uninstall
EPSON Scan
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FATE
FATE from HP Media Center (remove only)
fflink
Google Earth
Google Photos Screensaver
Google Updater
Google Video Player
Google Web Accelerator
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hunting Unlimited 2010
J2SE Development Kit 5.0 Update 5
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 17
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Logitech SetPoint
Media Go
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft Works
Mozilla Firefox (3.6.3)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDSC2
Napster Burn Engine
Nero BurnRights
netbrdg
NVIDIA Drivers
OfotoXMI
Online Armor 4.0
PCDADDIN
PCDHELP
Picasa 3
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
QuickConnect
QuickTime
Realtek AC'97 Audio
Registry Mechanic 9.0
Scholastic's I SPY Fantasy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SHASTA
skin0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
Spy Sweeper Core
staticcr
STK017_V2.01
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VPRINTOL
Webroot AntiVirus with Spy Sweeper
WildTangent Games
WildTangent Web Driver
Windows Backup Utility
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Zune
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

Do you still want the messenger dealt with?

FALLGUY · « **Reply #12 on:** May 10, 2010, 08:52:00 PM »

Superspyware will not transfer to file destination. I've tried to send it to a new folder and it gives me an error.

Internal error2203.c:\WINDOWS\installer\1755el.ipi-2147287011

I tried this a couple days ago with the same results.

FALLGUY · « **Reply #13 on:** May 11, 2010, 06:27:47 AM »

I finally was able to load.SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2010 at 00:56 AM

Application Version : 4.36.1006

Core Rules Database Version : 4852
Trace Rules Database Version: 2664

Scan type : Complete Scan
Total Scan Time : 01:38:48

Memory items scanned : 421
Memory threats detected : 0
Registry items scanned : 6511
Registry threats detected : 55
File items scanned : 146166
File threats detected : 19

Adware.Tracking Cookie
   C:\Documents and Settings\moore family\Cookies\[email protected][1].txt
   C:\Documents and Settings\patti's place\Cookies\patti'[email protected][1].txt
   C:\Documents and Settings\patti's place\Cookies\patti'[email protected][2].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@adinterax[2].txt
   C:\Documents and Settings\patti's place\Cookies\patti'[email protected][2].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@ameriprisestats[1].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@eyewonder[2].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@fastclick[1].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@insightexpressai[1].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@interclick[1].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@intermundomedia[1].txt
   C:\Documents and Settings\patti's place\Cookies\patti's_place@invitemedia[2].txt
   C:\Documents and Settings\patti's place\Cookies\patti'[email protected][1].txt
   C:\Documents and Settings\patti's place\Cookies\patti'[email protected][2].txt

Unclassified.PC MightyMax
   HKU\S-1-5-21-1159381305-3383041272-4172013292-1007\Software\PC MightyMax
   HKLM\Software\PC MightyMax
   HKLM\Software\PC MightyMax\StartupCur
   HKLM\Software\PC MightyMax\StartupCur\Adobe Photo Downloader.3
   HKLM\Software\PC MightyMax\StartupCur\Adobe Photo Downloader.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\Adobe Photo Downloader.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\Adobe Photo Downloader.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\Adobe Photo Downloader.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\Adobe Reader Speed Launch.2
   HKLM\Software\PC MightyMax\StartupCur\Adobe Reader Speed Launch.2#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\Adobe Reader Speed Launch.2#SNAME
   HKLM\Software\PC MightyMax\StartupCur\ATIPTA.3
   HKLM\Software\PC MightyMax\StartupCur\ATIPTA.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\ATIPTA.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\ATIPTA.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\ATIPTA.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\ccApp.3
   HKLM\Software\PC MightyMax\StartupCur\ccApp.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\ccApp.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\ccApp.3#SDATA
   HKLM\Software\PC MightyMax\StartupCur\ccApp.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\ccApp.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\Logitech Hardware Abstraction Layer.3
   HKLM\Software\PC MightyMax\StartupCur\Logitech Hardware Abstraction Layer.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\Logitech Hardware Abstraction Layer.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\Logitech Hardware Abstraction Layer.3#SDATA
   HKLM\Software\PC MightyMax\StartupCur\Logitech Hardware Abstraction Layer.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\Logitech Hardware Abstraction Layer.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\LXCCCATS.3
   HKLM\Software\PC MightyMax\StartupCur\LXCCCATS.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\LXCCCATS.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\LXCCCATS.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\LXCCCATS.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\NI.UWFX5_0001_N56M0311.3
   HKLM\Software\PC MightyMax\StartupCur\NI.UWFX5_0001_N56M0311.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\NI.UWFX5_0001_N56M0311.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\NI.UWFX5_0001_N56M0311.3#SDATA
   HKLM\Software\PC MightyMax\StartupCur\NI.UWFX5_0001_N56M0311.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\NI.UWFX5_0001_N56M0311.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\Picasa Media Detector.3
   HKLM\Software\PC MightyMax\StartupCur\Picasa Media Detector.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\Picasa Media Detector.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\Picasa Media Detector.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\Picasa Media Detector.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\SpySweeper.3
   HKLM\Software\PC MightyMax\StartupCur\SpySweeper.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\SpySweeper.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\SpySweeper.3#SDATA
   HKLM\Software\PC MightyMax\StartupCur\SpySweeper.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\SpySweeper.3#BKEEP
   HKLM\Software\PC MightyMax\StartupCur\ymetray.3
   HKLM\Software\PC MightyMax\StartupCur\ymetray.3#NTYPE
   HKLM\Software\PC MightyMax\StartupCur\ymetray.3#SNAME
   HKLM\Software\PC MightyMax\StartupCur\ymetray.3#SDATAB
   HKLM\Software\PC MightyMax\StartupCur\ymetray.3#BKEEP
   C:\Program Files\PC MightyMax\lic.conf
   C:\Program Files\PC MightyMax\lic.dat
   C:\Program Files\PC MightyMax\pcdocrx.conf
   C:\Program Files\PC MightyMax\undo
   C:\Program Files\PC MightyMax

SuperDave · « **Reply #14 on:** May 11, 2010, 05:19:40 PM »

1. Close all open Web browsers.
2. From the Start menu in Windows select Control Panel.
3. Select Add or Remove Programs.
4. Uninstall any of the following programs associated with Ask.com: (the names may be slightly different)

- Ask.com
- Ask Bar
- Ask Desktop Search
- Ask Search
- Ask Toolbar
- Ask Jeeves

5. Click Change/Remove for each and uninstall all found.
===========================
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

For the above reason I would recommend that you uninstall Registry Mechanic 9.0
==================================
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
====================================
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driver and anything else related to WildTangent
===================================

Quote

Do you still want the messenger dealt with?

Yes, please.

=======================================
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

FALLGUY · « **Reply #15 on:** May 12, 2010, 01:53:54 PM »

Hey Dave,

I downloaded and installed as commy.exe. Run program and it will initialize and create restore point.
Then it wiil start scan. Then nothing for long periods of time with no stages showing up. I've tried
this 4 times.The first 2 failed after I got a notice that my virtual memory is to low. The program update itself 2 times ,so I know it is the latest. Last night I went through the files on my computer individually and found many empty and some remnants of others I've supposedly deleted(017stkv2). abrev. Also more of the registry cleaners files. The first time I ran commy.exe-virtual memory too low then freeze-2nd time updates and then vitual memory and freeze. 3rd it runs for halfour and just closes out and refreshes to desktop and same with 4th try.

SuperDave · « **Reply #16 on:** May 12, 2010, 04:18:02 PM »

Did you uninstall all the other stuff? If not, please do so now and then try this scan.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

FALLGUY · « **Reply #17 on:** May 13, 2010, 12:28:29 AM »

Hi Dave, Advanced registry optimizer was removed. There was a remnant in the program list that I deleted after the scan. Messenger is gone. Stko17-v2.01 just blinks when I try to remove. And finally, Ask toolbar give me an error-2203 Database C:WINDOWS\Installer\2aea4b5.ipi. cannot open data base file.
system error - 2147287011 .
This program came with webroot spysweeper.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2005 7:29:26 PM
System Uptime: 5/12/2010 6:02:57 PM (7 hours ago)

Motherboard: MICRO-STAR | | MS-7184
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 182 GiB total, 109.559 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.715 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Default Monitor
Device ID: DISPLAY\DEFAULT_MONITOR\5&10AC3848&2&10000000&01&05
Manufacturer: (Standard monitor types)
Name: Default Monitor
PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&10AC3848&2&10000000&01&05
Service:

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Default Monitor
Device ID: DISPLAY\DEFAULT_MONITOR\6&1586D8D5&0&113377A9&03&00
Manufacturer: (Standard monitor types)
Name: Default Monitor
PNP Device ID: DISPLAY\DEFAULT_MONITOR\6&1586D8D5&0&113377A9&03&00
Service:

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Default Monitor
Device ID: DISPLAY\DEFAULT_MONITOR\6&1586D8D5&0&113377A1&03&00
Manufacturer: (Standard monitor types)
Name: Default Monitor
PNP Device ID: DISPLAY\DEFAULT_MONITOR\6&1586D8D5&0&113377A1&03&00
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Wave Audio Mixer
Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Wave Audio Mixer
PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: kmixer

==== System Restore Points ===================

RP1728: 5/12/2010 6:08:20 AM - Software Distribution Service 3.0
RP1729: 5/12/2010 1:07:10 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Actiontec Gateway
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Advanced Registry Optimizer
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Software Suite
Ask Toolbar
ATI Display Driver
avast! Free Antivirus
Belarc Advisor 7.2
Big Kahuna Reef 2
BigFix
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
DIGOpt
EPSON NX100 Series Printer Uninstall
EPSON Scan
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FATE
FATE from HP Media Center (remove only)
fflink
Google Earth
Google Photos Screensaver
Google Updater
Google Video Player
Google Web Accelerator
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hunting Unlimited 2010
J2SE Development Kit 5.0 Update 5
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 17
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Logitech SetPoint
Media Go
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft Works
Mozilla Firefox (3.6.3)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDSC2
Napster Burn Engine
Nero BurnRights
netbrdg
NVIDIA Drivers
OfotoXMI
Online Armor 4.0
PCDADDIN
PCDHELP
Picasa 3
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
QuickConnect
QuickTime
Qwest eChat Support Tools
Realtek AC'97 Audio
Recovery Software Suite eMachines
Scholastic's I SPY Fantasy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SHASTA
skin0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
Spy Sweeper Core
staticcr
STK017_V2.01
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Webroot AntiVirus with Spy Sweeper
WildTangent Games
WildTangent Web Driver
Windows Backup Utility
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

5/8/2010 8:52:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
5/8/2010 2:09:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
5/8/2010 2:09:46 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
5/8/2010 1:56:58 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
5/8/2010 1:56:58 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll. Reference error message: The operation completed successfully. .
5/8/2010 1:56:58 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy" on line 0.
5/8/2010 1:56:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/8/2010 1:56:56 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2010 1:34:20 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/8/2010 1:18:50 AM, error: Service Control Manager [7000] - The OAnet service failed to start due to the following error: The specified driver is invalid.
5/8/2010 1:18:50 AM, error: Service Control Manager [7000] - The OADriver service failed to start due to the following error: The specified driver is invalid.
5/8/2010 1:08:00 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMon2 service which failed to start because of the following error: The specified driver is invalid.
5/8/2010 1:08:00 AM, error: Service Control Manager [7000] - The aswMon2 service failed to start due to the following error: The specified driver is invalid.
5/8/2010 1:07:20 AM, error: Service Control Manager [7000] - The aswSP service failed to start due to the following error: The specified driver is invalid.
5/8/2010 1:07:20 AM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
5/8/2010 1:07:18 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: Insufficient system resources exist to complete the requested service. .
5/8/2010 1:07:18 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
5/7/2010 6:55:16 AM, error: SAM [12288] - SAM failed to write changes to the database. This is most likely due to a memory or disk-space shortage. The SAM database will be restored to an earlier state. Recent changes will be lost. Check the disk-space available and maximum pagefile size setting.
5/7/2010 3:13:07 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe. Reference error message: The operation completed successfully. .
5/7/2010 3:04:08 PM, error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 1 time(s).
5/7/2010 2:41:23 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: A device attached to the system is not functioning. .
5/7/2010 2:41:15 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: Insufficient system resources exist to complete the requested service.
5/7/2010 2:28:47 PM, error: SideBySide [59] - Generate Activation Context failed for c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. Reference error message: The operation completed successfully. .
5/7/2010 10:33:32 AM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x800705aa.
5/7/2010 1:49:42 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070490.
5/6/2010 4:06:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.
5/6/2010 4:06:20 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2010 11:52:51 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.
5/6/2010 11:52:42 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
5/6/2010 11:52:24 AM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.
5/6/2010 1:28:07 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
5/12/2010 6:11:56 AM, error: Service Control Manager [7023] - The SSDP Discovery Service service terminated with the following error: The specified module could not be found.
5/12/2010 3:15:13 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB976382).
5/10/2010 9:33:04 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
5/10/2010 9:33:04 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Mozilla Firefox\firefox.exe. Reference error message: The operation completed successfully. .

==== End Of File ===========================

FALLGUY · « **Reply #18 on:** May 13, 2010, 12:29:52 AM »

next log
DDS (Ver_10-03-17.01) - NTFSx86
Run by moore family at 1:17:50.20 on Thu 05/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.143 [GMT -5:00]

AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Lavasoft Personal Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\moore family\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Webroot Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [NI.UWFX5_0001_N56M0311] c:\documents and settings\moore family\local settings\temporary internet files\content.ie5\gbm547gv\WinFixerScannerInstall[1].exe -nag
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132341909031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mooref~1\applic~1\mozilla\firefox\profiles\1ad26hkf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkl oaduri.enabled', 'allAccess');c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 61440]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-4-22 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-4-22 704432]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-12-24 2368]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-2-24 1201640]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\stk017w2.sys --> c:\windows\system32\drivers\STK017W2.sys [?]
S3 PRISM_USB;D-Link Air DWL-121 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-4-10 636416]
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\adblock.dll --> c:\program files\lavasoft\personal firewall\kernel\ADBLOCK.DLL [?]
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\arp.dll --> c:\program files\lavasoft\personal firewall\kernel\ARP.DLL [?]
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\content.dll --> c:\program files\lavasoft\personal firewall\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\dnscache.dll --> c:\program files\lavasoft\personal firewall\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\IMAPFILT.DLL [?]
S4 LavasoftFirewall;Lavasoft Personal Firewall Service;c:\program files\lavasoft\personal firewall\lpfw.exe /service --> c:\program files\lavasoft\personal firewall\lpfw.exe [?]
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll --> c:\program files\lavasoft\personal firewall\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\protect.dll --> c:\program files\lavasoft\personal firewall\kernel\PROTECT.DLL [?]
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\secret.dll --> c:\program files\lavasoft\personal firewall\kernel\SECRET.DLL [?]
S4 VFILT;Lavasoft Firewall Kernel Driver;\??\c:\program files\lavasoft\personal firewall\kernel\filtnt.sys --> c:\program files\lavasoft\personal firewall\kernel\FILTNT.SYS [?]

=============== Created Last 30 ================

2010-05-12 17:26:56   0   d-s---w-   C:\commy.exe
2010-05-12 11:32:20   0   d-sha-r-   C:\cmdcons
2010-05-12 06:35:28   0   d-s---w-   C:\ComboFix
2010-05-11 03:17:06   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-11 03:16:59   0   d-----w-   c:\program files\SUPERAntiSpyware
2010-05-11 03:16:59   0   d-----w-   c:\docume~1\mooref~1\applic~1\SUPERAntiSpyware.com
2010-05-08 19:52:55   98816   ----a-w-   c:\windows\sed.exe
2010-05-08 19:52:55   77312   ----a-w-   c:\windows\MBR.exe
2010-05-08 19:52:55   256512   ----a-w-   c:\windows\PEV.exe
2010-05-08 19:52:55   161792   ----a-w-   c:\windows\SWREG.exe
2010-05-08 06:24:07   0   d-----w-   C:\3399b69f05089dbfd00560f2
2010-05-08 06:06:18   0   d-----w-   c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-07 19:30:27   0   d-----w-   c:\docume~1\mooref~1\applic~1\Uniblue
2010-05-07 18:51:17   26368   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
2010-05-07 07:03:16   54016   ----a-w-   c:\windows\system32\drivers\rewac.sys
2010-05-06 19:42:29   0   d-----w-   c:\program files\3ivx
2010-05-06 18:21:04   54016   ----a-w-   c:\windows\system32\drivers\cxxqtr.sys
2010-05-06 15:17:27   54016   ----a-w-   c:\windows\system32\drivers\sdfsaevy.sys
2010-05-06 14:10:24   0   d-----w-   c:\docume~1\mooref~1\applic~1\Malwarebytes
2010-05-06 14:10:16   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 14:10:14   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-06 14:10:14   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-04 13:17:41   0   d-----w-   c:\docume~1\mooref~1\applic~1\Registry Mechanic
2010-05-03 02:05:36   126   ----a-w-   c:\windows\system32\mmc.exe.config
2010-04-27 05:40:16   0   d-sh--w-   C:\found.000
2010-04-24 13:39:56   126976   ----a-w-   c:\windows\system32\iavlsp.dll
2010-04-24 13:38:58   681984   ----a-w-   c:\windows\is-QMTOA.exe
2010-04-24 13:38:58   234   ----a-w-   c:\windows\is-QMTOA.lst
2010-04-24 13:38:58   10607   ----a-w-   c:\windows\is-QMTOA.msg
2010-04-24 06:02:20   206608   ----a-w-   c:\windows\system32\drivers\TMPassthru.sys
2010-04-22 18:48:51   108880   ----a-w-   c:\windows\system32\drivers\pwipf6.sys
2010-04-22 16:28:11   696832   ----a-w-   c:\windows\is-NJKBP.exe
2010-04-22 16:28:11   456   ----a-w-   c:\windows\is-NJKBP.lst
2010-04-22 16:28:11   10482   ----a-w-   c:\windows\is-NJKBP.msg
2010-04-22 15:45:23   406   ----a-w-   c:\windows\system32\ioloBootDefrag.cfg
2010-04-22 15:44:17   0   d-----w-   c:\program files\iolo
2010-04-22 15:40:24   74703   ----a-w-   c:\windows\system32\mfc45.dll
2010-04-22 15:37:42   0   d-----w-   c:\docume~1\mooref~1\applic~1\iolo
2010-04-22 15:37:42   0   d-----w-   c:\docume~1\alluse~1\applic~1\iolo
2010-04-21 16:08:42   40224   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT

==================== Find3M ====================

2010-05-12 07:10:29   507   ----a-w-   c:\program files\Shortcut to Absolutist.com.lnk
2010-05-09 21:39:18   1984   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-10 06:15:52   420352   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-25 06:24:37   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-02-19 23:47:50   3604480   ----a-w-   c:\windows\system32\GPhotos.scr
2010-02-17 14:10:28   2189952   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04   2066816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2008-12-03 17:54:02   170   ----a-w-   c:\program files\1bomb.ini
2008-09-01 21:44:14   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

FALLGUY · « **Reply #19 on:** May 13, 2010, 12:34:18 AM »

I have never been able to remove Norton. I'll try now to remove Iolo now. I really do appreciate your time with this . THANK YOU!

SuperDave · « **Reply #20 on:** May 13, 2010, 01:39:24 PM »

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

=====================================

Please download AskRemover from here[/URL]
Extract the zip file to your Desktop, then run AskRemover.bat
Allow it to run, and select yes to the registry merge warning.
Copy and paste the resulting log in your next post.

===================================

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for Google Updater and uninstall it.

===================================
Please delete ComboFix from your desktop and download and run a new version as described in Reply #14

FALLGUY · « **Reply #21 on:** May 14, 2010, 01:49:52 PM »

Norton errors at download. Could not be saved because source file cannot be read.Ask Remover Version 1.1 - Written by Belahzur

The current time and date is 10:28:27.57 Fri 05/14/2010

Microsoft Windows XP [Version 5.1.2600]

==== STARTING CHECK ====
C:\Documents and Settings\moore family\Local Settings\Application Data\AskToolbar has been found!

==== Starting removal of Ask ====
C:\Documents and Settings\moore family\Local Settings\Application Data\AskToolbar Deleted.

Applying removal of Ask Toolbar registry keys.

==== REGISTRY DUMP ====

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page   REG_SZ   http://www.google.com/

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Search Bar   REG_SZ   http://www.google.com/ie

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Search Bar   REG_SZ   http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm

*** The above keys may not need fixing ***

==== FINAL CHECK ====

==== EOF ====
Combo fix is still doing the same things. It begins start up and scan, then nothing or reloads desktop. The computer freezes up and I'll have to restart. I also have no internet connection immediatly after. $:-\$

SuperDave · « **Reply #22 on:** May 14, 2010, 07:14:34 PM »

Ok. Let's try this. It's the only way I could get ComboFix to run on my computer and my computer was clean.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

FALLGUY · « **Reply #23 on:** May 15, 2010, 11:58:34 PM »

I've downloaded and renamed but, how or when exactly do I enter the command. If I hit run it auto starts and has a blinking curser after it tells me what has initialized. Is this when I enter command? Because after the initial start it moves right to the scan .

SuperDave · « **Reply #24 on:** May 16, 2010, 12:50:04 PM »

Quote from: FALLGUY on May 15, 2010, 11:58:34 PM

I've downloaded and renamed but, how or when exactly do I enter the command. If I hit run it auto starts and has a blinking curser after it tells me what has initialized. Is this when I enter command? Because after the initial start it moves right to the scan .

You have to follow the directions. Go to Start , Run and copy and paste the command into the box. ComboFix should start.

FALLGUY · « **Reply #25 on:** May 16, 2010, 06:09:13 PM »

I've gotten it to run without the command. I'm unable to locate the log.

SuperDave · « **Reply #26 on:** May 16, 2010, 06:29:53 PM »

Go to your C: Drive and look in the ComboFix folder for a txt file.

FALLGUY · « **Reply #27 on:** May 16, 2010, 07:51:43 PM »

I found it . Had the matching dates.

[recovering disk space - old attachment deleted by admin]

SuperDave · « **Reply #28 on:** May 17, 2010, 01:14:43 PM »

Sorry. That's not it. Go to Search and put in *.txt in the search box and just scan your C: drive. It should be there.

FALLGUY · « **Reply #29 on:** May 17, 2010, 03:04:59 PM »

ComboFix 10-05-16.01 - moore family 05/16/2010 15:19:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.219 [GMT -5:00]
Running from: C:\Documents and Settings\moore family\Desktop\Blackpudding.bat.exe
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Lavasoft Personal Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\patch.exe
C:\WINDOWS\system32\Thumbs.db
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-11 03:17:20 . 2010-05-11 03:17:20   52224   ----a-w-   C:\Documents and Settings\moore family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-11 03:17:17 . 2010-05-11 03:17:17   117760   ----a-w-   C:\Documents and Settings\moore family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-11 03:17:06 . 2010-05-11 03:17:06   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-11 03:16:59 . 2010-05-11 03:17:00   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2010-05-11 03:16:59 . 2010-05-11 03:16:59   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\SUPERAntiSpyware.com
2010-05-08 06:24:07 . 2010-05-08 06:24:19   --------   d-----w-   C:\3399b69f05089dbfd00560f2
2010-05-08 06:06:18 . 2010-05-08 06:06:18   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-05-07 19:30:27 . 2010-05-07 19:30:27   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Uniblue
2010-05-07 18:51:17 . 2008-04-13 18:45:38   26368   -c--a-w-   C:\WINDOWS\system32\dllcache\usbstor.sys
2010-05-07 07:03:16 . 2010-05-07 07:03:16   54016   ----a-w-   C:\WINDOWS\system32\drivers\rewac.sys
2010-05-06 19:42:29 . 2010-05-06 19:42:29   --------   d-----w-   C:\Program Files\3ivx
2010-05-06 18:21:04 . 2010-05-06 18:21:04   54016   ----a-w-   C:\WINDOWS\system32\drivers\cxxqtr.sys
2010-05-06 15:17:27 . 2010-05-06 15:17:27   54016   ----a-w-   C:\WINDOWS\system32\drivers\sdfsaevy.sys
2010-05-06 14:10:24 . 2010-05-06 14:10:24   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Malwarebytes
2010-05-06 14:10:16 . 2010-04-29 20:39:38   38224   ----a-w-   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-05-06 14:10:14 . 2010-05-06 14:10:14   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-06 14:10:14 . 2010-04-29 20:39:26   20952   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2010-05-04 13:17:41 . 2010-05-04 13:17:41   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Registry Mechanic
2010-05-02 05:05:49 . 2010-05-02 05:05:49   --------   d-----w-   C:\Program Files\NOS
2010-04-27 05:40:16 . 2010-04-27 05:40:16   --------   d-----w-   C:\found.000
2010-04-24 13:39:56 . 2007-07-25 13:42:20   126976   ----a-w-   C:\WINDOWS\system32\iavlsp.dll
2010-04-24 13:38:58 . 2010-04-24 13:38:58   681984   ----a-w-   C:\WINDOWS\is-QMTOA.exe
2010-04-24 06:02:20 . 2008-03-02 08:28:00   206608   ----a-w-   C:\WINDOWS\system32\drivers\TMPassthru.sys
2010-04-22 18:48:51 . 2010-02-24 13:31:24   108880   ----a-w-   C:\WINDOWS\system32\drivers\pwipf6.sys
2010-04-22 16:59:46 . 2010-04-22 16:59:46   1456   ----a-w-   C:\Documents and Settings\moore family\Application Data\iolo\restore.bat
2010-04-22 16:28:11 . 2010-04-22 16:28:11   696832   ----a-w-   C:\WINDOWS\is-NJKBP.exe
2010-04-22 15:45:02 . 2010-04-22 15:45:02   --------   d-----w-   C:\Documents and Settings\LocalService\Application Data\iolo
2010-04-22 15:44:17 . 2010-05-12 07:12:13   --------   d-----w-   C:\Program Files\iolo
2010-04-22 15:40:24 . 2010-04-22 15:40:24   74703   ----a-w-   C:\WINDOWS\system32\mfc45.dll
2010-04-22 15:37:42 . 2010-04-24 13:38:53   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\iolo
2010-04-22 15:37:42 . 2010-04-22 16:59:46   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\iolo
2010-04-21 16:08:42 . 2010-04-21 17:36:37   40224   ----a-w-   C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 19:28:21 . 2009-08-29 04:23:27   720   ----a-w-   C:\Documents and Settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-05-14 15:13:20 . 2005-08-06 16:13:00   --------   d-----w-   C:\Program Files\Google
2010-05-12 07:18:18 . 2006-08-09 22:44:10   --------   d-----w-   C:\Program Files\WildGames
2010-05-12 07:10:29 . 2010-05-12 07:10:29   507   ----a-w-   C:\Program Files\Shortcut to Absolutist.com.lnk
2010-05-12 06:30:53 . 2006-12-02 21:00:00   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\WildTangent
2010-05-12 06:30:52 . 2005-11-25 01:41:17   --------   d-----w-   C:\Program Files\WildTangent
2010-05-11 02:47:42 . 2008-12-17 01:26:32   --------   d-----w-   C:\Program Files\Common Files\Wise Installation Wizard
2010-05-09 21:39:18 . 2009-03-16 01:45:09   1984   ----a-w-   C:\WINDOWS\system32\d3d9caps.dat
2010-05-09 06:30:21 . 2007-03-10 19:01:58   --------   d---a-w-   C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-09 06:29:05 . 2009-05-16 16:25:11   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Sammsoft
2010-05-06 15:34:59 . 2005-11-23 13:41:09   --------   d-----w-   C:\Program Files\Trend Micro
2010-05-03 03:01:54 . 2004-08-26 18:03:18   76487   ----a-w-   C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2010-05-02 05:07:29 . 2009-11-24 04:37:58   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\NOS
2010-04-24 06:02:18 . 2005-08-06 16:12:21   --------   d--h--w-   C:\Program Files\InstallShield Installation Information
2010-04-23 15:09:12 . 2005-11-21 21:25:46   40224   ----a-w-   C:\Documents and Settings\moore family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-22 19:17:24 . 2005-11-21 21:18:47   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Webroot
2010-04-22 17:20:18 . 2010-02-24 13:32:11   164   ----a-w-   C:\WINDOWS\install.dat
2010-04-09 05:59:31 . 2010-04-08 04:45:35   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Hoyle Casino
2010-04-08 04:46:54 . 2010-04-08 04:45:36   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\Hoyle FaceCreator
2010-03-22 16:36:28 . 2010-03-22 16:36:28   --------   d-----w-   C:\Documents and Settings\moore family\Application Data\EPSON
2010-03-10 06:15:52 . 2004-08-26 16:12:19   420352   ----a-w-   C:\WINDOWS\system32\vbscript.dll
2010-02-25 06:24:37 . 2004-08-26 16:12:21   916480   ----a-w-   C:\WINDOWS\system32\wininet.dll
2010-02-24 13:11:07 . 2004-08-26 16:12:01   455680   ----a-w-   C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-19 23:47:50 . 2010-02-19 23:47:50   3604480   ----a-w-   C:\WINDOWS\system32\GPhotos.scr
2010-02-17 14:10:28 . 2004-08-26 16:12:06   2189952   ----a-w-   C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 13:25:04 . 2004-08-04 05:59:00   2066816   ----a-w-   C:\WINDOWS\system32\ntkrnlpa.exe
2008-12-03 17:54:02 . 2008-11-28 17:40:56   170   ----a-w-   C:\Program Files\1bomb.ini
.

------- Sigcheck -------

[-] 2006-10-19 03:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2006-10-19 03:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
[7] 2005-01-28 18:44:28 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2005-01-28 18:44:28 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 19:00:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 21:14:10   238968   ----a-w-   C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 20:46:56 28160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 04:13:08 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 16:25:37 13529088]
"nwiz"="nwiz.exe" [2008-05-16 16:25:58 1630208]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 16:25:48 86016]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 16:19:26 207360]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2010-01-07 20:38:08 158448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 10:17:36 149280]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 07:04:34 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-25 450560]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21:42   548352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6P_0001_N56M1011
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 04:13:08   385024   ----a-w-   C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42:26   212992   ----a-w-   C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24:46   32768   ----a-w-   C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 18:01:46   77824   ----a-w-   C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 18:00:22   4048240   ----a-w-   C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 22:04:32   135168   ----a-w-   C:\Program Files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=3 (0x3)
"LavasoftFirewall"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA30.EXE"=
"C:\\WINDOWS\\system32\\mmc.exe"=

R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00:34 PM 29808]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30:10 PM 61440]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4/22/2010 10:44:45 AM 704432]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4/22/2010 10:44:45 AM 704432]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [12/24/2006 9:36:54 PM 2368]
R2 WRConsumerService;Webroot Client Service;C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2/24/2010 8:39:56 AM 1201640]
S3 DCamUSBSTK017;STK017 Camera;C:\WINDOWS\system32\DRIVERS\STK017W2.sys --> C:\WINDOWS\system32\DRIVERS\STK017W2.sys [?]
S3 PRISM_USB;D-Link Air DWL-121 Wireless USB Adapter Driver;C:\WINDOWS\system32\drivers\PRISMUSB.sys [4/10/2003 6:43:14 PM 636416]
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ADBLOCK.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\ADBLOCK.DLL [?]
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\ARP.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\ARP.DLL [?]
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\CONTENT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\DNSCACHE.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FTPFILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTMLFILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\HTTPFILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\IMAPFILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\IMAPFILT.DLL [?]
S4 LavasoftFirewall;Lavasoft Personal Firewall Service;C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe /service --> C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe [?]
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\MAILFILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\NNTPFILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\POP3FILT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\PROTECT.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\PROTECT.DLL [?]
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\SECRET.DLL --> C:\Program Files\Lavasoft\Personal Firewall\kernel\SECRET.DLL [?]
S4 VFILT;Lavasoft Firewall Kernel Driver;\??\C:\Program Files\Lavasoft\Personal Firewall\kernel\FILTNT.SYS --> C:\Program Files\Lavasoft\Personal Firewall\kernel\FILTNT.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44D56DA0-8592-45E9-8550-9C3F50037BE7}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 17:58:32 . 2009-03-08 09:31:54]

2010-05-07 C:\WINDOWS\Tasks\wrSpySweeper_L84A4C5C417F546BD84C9795BFE5C1E67.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-15 04:16:41 . 2009-11-06 21:19:58]

2010-05-07 C:\WINDOWS\Tasks\wrSpySweeper_L84A4C5C417F546BD84C9795BFE5C1E67.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-15 04:16:41 . 2009-11-06 21:19:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\moore family\Application Data\Mozilla\Firefox\Profiles\1ad26hkf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa2.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkl oaduri.enabled', 'allAccess');C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-@OnlineArmor GUI - C:\Program Files\Tall Emu\Online Armor\oaui.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-svcWRSSSDK
MSConfigStartUp-lxccmon - (no file)
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
AddRemove-Advanced Registry Optimizer_is1 - C:\Program Files\Advanced Registry Optimizer\unins000.exe
AddRemove-avast5 - C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
AddRemove-Game Console - WildGames - C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-OnlineArmor_is1 - C:\Program Files\Tall Emu\Online Armor\unins000.exe
AddRemove-ViewpointMediaPlayer - C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-WildTangent CDA - C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
AddRemove-WT083664 - C:\Program Files\WildGames\Plants vs. Zombies\Uninstall.exe

Is this it?

SuperDave · « **Reply #30 on:** May 17, 2010, 06:04:58 PM »

Quote

Is this it?

That's the one. Thanks

=====================================

Code: [Select]

C:\Program Files\1bomb.ini

Do you know what this program is for?
====================================

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driver (or anything else with the name WildTangent.)
I suspect that WildGames is one of these programs since they come from the same site.
===================================================

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\system32\drivers\rewac.sys
C:\WINDOWS\system32\mfc45.dll

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

==================================

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=

File::
C:\WINDOWS\system32\drivers\cxxqtr.sys
C:\WINDOWS\system32\drivers\sdfsaevy.sys
C:\found.000

Folder::
C:\found.000

DirLook::
C:\3399b69f05089dbfd00560f2
Driver::
STK017W2.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

==================================
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

FALLGUY · « **Reply #31 on:** May 17, 2010, 08:44:24 PM »

Here is the info on 1bomb file. It's a configuration.Video_Width: 640
Video_Height: 480
BPP: 16
VSync: 1
FullScreen: 0
InputType: 0
Sound: 1
Volume: -512
Stats: 0

*Note : Must have a space between item and value!
I'll send more in a little bit.
My kids play the Wild Tangent games. I'd like to keep them.I'm not to concerned with the info they create about the games. They do more learning about your shopping habit with your credit card than Wild Tangent and games. I understand its a privacy issue and agree with you , but I don't think it has any harm in it. My 2 cents. I'll get the other logs soon.

FALLGUY · « **Reply #32 on:** May 17, 2010, 08:55:51 PM »

http://virusscan.jotti.org/en/scanresult/8c048105ef576585bf710909ad9b2fa7e6f632f4/ad94ec62df70c322fa3ccaf0efdd5d5d1b88edf3

FALLGUY · « **Reply #33 on:** May 17, 2010, 09:32:59 PM »

I've moved the file over and it auto starts and then ask me if I wanted CFSript.txt to run.It say it is misspelled and the program shuts down when I click OK.

FALLGUY · « **Reply #34 on:** May 17, 2010, 09:41:37 PM »

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Webroot AntiVirus with Spy Sweeper
Online Armor 4.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Scholastic's I SPY Fantasy
Webroot AntiVirus with Spy Sweeper
Spy Sweeper Core
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
iolo common lib ioloServiceManager.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

SuperDave · « **Reply #35 on:** May 18, 2010, 07:26:23 AM »

The Jotti's link is for the wrong file. It's for imfivpf. I wanted two files scanned: C:\WINDOWS\system32\drivers\rewac.sys and
C:\WINDOWS\system32\mfc45.dll Could you please try to scan them again and give me the links.

=========================================

Quote

It say it is misspelled and the program shuts down when I click OK.

Please try it again.

========================================

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

===============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
=============================================

FALLGUY · « **Reply #36 on:** May 19, 2010, 09:27:10 AM »

I'm unable to remove old java.The new version will not download. I tried to update adobe and it fails too.
Adobe error info ID-6702.402.502.20041
send report to adobe http://Http://www.adobe.com/misc/bugreport.html
Installation is corrupt!(16263.201.355-42072312.80040154FFFFFFFF.80040154
I tried to do this when my computer started acting up without success. Most programs have issues downloading.

FALLGUY · « **Reply #37 on:** May 19, 2010, 09:43:27 AM »

OK. Got them removed. Now I'll update again.

FALLGUY · « **Reply #38 on:** May 19, 2010, 12:20:35 PM »

still get error messages.

SuperDave · « **Reply #39 on:** May 19, 2010, 12:24:51 PM »

How did you do with the ComboFix script and the two files to be scanned?

FALLGUY · « **Reply #40 on:** May 19, 2010, 12:38:12 PM »

I will try that in a bit . Busy day.

FALLGUY · « **Reply #41 on:** May 20, 2010, 12:03:24 AM »

http://virusscan.jotti.org/en/scanresult/2e6031ed88b70d1cbfa7798771041464f553d1e8

FALLGUY · « **Reply #42 on:** May 20, 2010, 12:06:09 AM »

http://virusscan.jotti.org/en/scanresult/85a8e39972371a64284a8fd215c32b940c2173ae

SuperDave · « **Reply #43 on:** May 20, 2010, 04:35:22 PM »

That looks good. Can you now please run the ComboFix script from Reply # 30?

FALLGUY · « **Reply #44 on:** May 20, 2010, 11:57:48 PM »

I've tried 4 other times with no luck. It keeps repeating that it is miss spelt. It spells it that way too. rather a surprise to have an errors grammar incorrect.

SuperDave · « **Reply #45 on:** May 21, 2010, 05:26:09 PM »

I'm checking on this. I'll be back ASAP.

SuperDave · « **Reply #46 on:** May 22, 2010, 01:11:43 PM »

You are running more than one Anti-Virus program on your computer which is a no-no. Two of them will have to go.
Webroot AntiVirus with Spy Sweeper
avast! Free Antivirus
iolo AntiVirus

===========================

Quote

It keeps repeating that it is miss spelt

It is misspelled. It should be CFScript.txtand not CFSript.txt .The "c" is missing. Please try it again with the correct spelling. Also, please ensure that all your protective programs are disabled before running the script.

FALLGUY · « **Reply #47 on:** May 24, 2010, 05:58:20 AM »

Wow! I feel dumb. I corrected and tried again with no luck. I only have spy sweeper for antivirus, which is disabled. the others were just blank files i missed in removal. Combo fix trys to update to newer program about every 3rd time I run it. It also errors during restore. Error Saving File\erdnt\Hiv-backup\security! It does this 3 times. I continue past. Then I'll get a forth error Error Saving File\erdnt\Hiv-backup\users\00000003\ntuser,dat!

SuperDave · « **Reply #48 on:** May 24, 2010, 11:56:29 AM »

Ok. Delete ComboFix from your desktop and download a new version and run the scan again, not the script, and send me the log.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

FALLGUY · « **Reply #49 on:** May 25, 2010, 07:59:51 PM »

It now tells me it is expired and closes. I've tried 3 different downloads and running six ways. I always lose my connection to internet and am unable to repair it. It gives me an error about the IP address. I restart to connect. This takes about 5-8 minutes to do.

evilfantasy · « **Reply #50 on:** May 25, 2010, 08:42:39 PM »

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

FALLGUY · « **Reply #51 on:** May 25, 2010, 08:59:08 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4144

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2010 9:57:46 PM
mbam-log-2010-05-25 (21-57-46).txt

Scan type: Quick scan
Objects scanned: 131128
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

evilfantasy · « **Reply #52 on:** May 26, 2010, 04:13:15 AM »

Run a scan with MGtools and attach the log. Using MGtools

FALLGUY · « **Reply #53 on:** May 26, 2010, 06:14:21 AM »

Here is the log for MGtools

[recovering disk space - old attachment deleted by admin]

evilfantasy · « **Reply #54 on:** May 26, 2010, 11:06:05 AM »

Go to Add or Remove Programs and uninstall:

Ask Toolbar
Viewpoint Media Player

.
----------

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] C:\Documents and Settings\moore family\Local Settings\Temporary Internet Files\Content.IE5\GBM547GV\WinFixerScannerInstall[1].exe -nag

.

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download OTM by OldTimer to your desktop.

Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services
LiveUpdate Scheduler
Automatic GameConsoleService

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"NI.UWFX5_0001_N56M0311"=-
"avast5"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe]

:files
C:\commy.exe
C:\commy.exe28948c
C:\found.000
C:\Program Files\Symantec
C:\Program Files\Messenger
C:\WINDOWS\system32\1024
C:\Documents and Settings\moore family\Desktop\Blackpudding.bat.exe

:Commands
[resethosts]
[purity]
[createrestorepoint]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Suspicious file scan

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\system32\drivers\cxxqtr.sys* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Also scan these two files and post the link to the results.

Code: [Select]

C:\WINDOWS\system32\drivers\rewac.sys

Code: [Select]

C:\WINDOWS\system32\drivers\sdfsaevy.sys
----------

Next post please add the OTM log and the 3 links to the files that were scanned at Jotti.

FALLGUY · « **Reply #55 on:** May 28, 2010, 09:53:56 AM »

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named LiveUpdate Scheduler was found to stop!
Service\Driver key LiveUpdate Scheduler not found.
Error: No service named Automatic GameConsoleService was found to stop!
Service\Driver key Automatic GameConsoleService not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\\NI.UWFX5_0001_N56M0311 not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\\avast5 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe\ deleted successfully.
========== FILES ==========
C:\commy.exe folder moved successfully.
C:\commy.exe28948c folder moved successfully.
C:\found.000 folder moved successfully.
File/Folder C:\Program Files\Symantec not found.
File/Folder C:\Program Files\Messenger not found.
C:\WINDOWS\system32\1024 folder moved successfully.
File/Folder C:\Documents and Settings\moore family\Desktop\Blackpudding.bat.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: 1016
Error closing restore point: The sequence number is invalid.

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 717773 bytes

User: moore family
->Temp folder emptied: 3332296 bytes
->Temporary Internet Files folder emptied: 14215122 bytes
->Java cache emptied: 129002704 bytes
->FireFox cache emptied: 60559832 bytes
->Flash cache emptied: 2489535 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: patti's place
->Temp folder emptied: 18632 bytes
->Temporary Internet Files folder emptied: 5570965 bytes
->FireFox cache emptied: 10365240 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1606296 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 151618416 bytes

Total Files Cleaned = 362.00 mb

OTM by OldTimer - Version 3.1.12.0 log created on 05282010_080304

Files moved on Reboot...

Registry entries deleted on Reboot...

FALLGUY · « **Reply #56 on:** May 28, 2010, 09:55:31 AM »

http://virusscan.jotti.org/en/scanresult/815752baf757f0171d9ae6110fdad166c2936378/e11e5c1d850b43b3b58f35c527b7ce0345afab06

FALLGUY · « **Reply #57 on:** May 28, 2010, 09:56:49 AM »

http://virusscan.jotti.org/en/scanresult/815752baf757f0171d9ae6110fdad166c2936378/84a7deb74a21aceafc961e7599ee32214e411201

FALLGUY · « **Reply #58 on:** May 28, 2010, 09:57:42 AM »

http://virusscan.jotti.org/en/scanresult/e11e5c1d850b43b3b58f35c527b7ce0345afab06/15d767d519dbebb347cbbcc2f04043bb935413c0

evilfantasy · « **Reply #59 on:** May 28, 2010, 10:02:02 AM »

Scan these two at Jotti please and post the links.

Code: [Select]

C:\WINDOWS\system32\drivers\rewac.sys

Code: [Select]

C:\WINDOWS\system32\drivers\sdfsaevy.sys

FALLGUY · « **Reply #60 on:** May 28, 2010, 10:16:37 AM »

http://virusscan.jotti.org/en/scanresult/e11e5c1d850b43b3b58f35c527b7ce0345afab06/19c6f710abac560bbabdd45dfdba5bdc1298af2a

FALLGUY · « **Reply #61 on:** May 28, 2010, 10:17:31 AM »

http://virusscan.jotti.org/en/scanresult/e11e5c1d850b43b3b58f35c527b7ce0345afab06/bc31d3533cb2dd5e9d500afabc18bc5bd008b9e5

evilfantasy · « **Reply #62 on:** May 28, 2010, 10:22:14 AM »

* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:services
cxxqtr
rewac
sdfsaevy

:files
C:\WINDOWS\system32\drivers\cxxqtr.sys
C:\WINDOWS\system32\drivers\rewac.sys
C:\WINDOWS\system32\drivers\sdfsaevy.sys

:Commands
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

FALLGUY · « **Reply #63 on:** May 28, 2010, 10:42:33 AM »

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named cxxqtr was found to stop!
Service\Driver key cxxqtr not found.
Error: No service named rewac was found to stop!
Service\Driver key rewac not found.
Error: No service named sdfsaevy was found to stop!
Service\Driver key sdfsaevy not found.
========== FILES ==========
C:\WINDOWS\system32\drivers\cxxqtr.sys moved successfully.
C:\WINDOWS\system32\drivers\rewac.sys moved successfully.
C:\WINDOWS\system32\drivers\sdfsaevy.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->FireFox cache emptied: 0 bytes

User: moore family
->Temp folder emptied: 17761 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38368434 bytes
->Flash cache emptied: 963 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: patti's place
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb

OTM by OldTimer - Version 3.1.12.0 log created on 05282010_113151

Files moved on Reboot...

Registry entries deleted on Reboot...

I wanted to let you know that the Ask toolbar is part of the Webroot spy sweeper program and it gives me an error 1316 trying to read C:\WINDOWS\installer\Ask toolbar MSI

evilfantasy · « **Reply #64 on:** May 28, 2010, 10:44:29 AM »

Quote

I wanted to let you know that the Ask toolbar is part of the Webroot spy sweeper program and it gives me an error 1316 trying to read C:\WINDOWS\installer\Ask toolbar MSI

When does this error occur?

FALLGUY · « **Reply #65 on:** May 28, 2010, 10:46:59 AM »

When I try to remove

evilfantasy · « **Reply #66 on:** May 28, 2010, 10:49:04 AM »

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

FALLGUY · « **Reply #67 on:** May 28, 2010, 10:58:57 AM »

It asks if my Proxy is configured. Don't know much about that except it's my address? Can't update.

evilfantasy · « **Reply #68 on:** May 28, 2010, 11:00:24 AM »

What browser are you using?

FALLGUY · « **Reply #69 on:** May 28, 2010, 11:00:49 AM »

Mozzilla firefox

evilfantasy · « **Reply #70 on:** May 28, 2010, 11:03:37 AM »

Use Internet Explorer. It will be easier to run that way.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

FALLGUY · « **Reply #71 on:** May 28, 2010, 11:13:05 AM »

I've change to bing. My search provider list has that and Ask. The pages freeze and it asks me if I want to debug the page. I say no and the page loads normal. The program still asks for proxy configuration.

evilfantasy · « **Reply #72 on:** May 28, 2010, 11:21:03 AM »

Use IE for this.

Use the Kaspersky Online Scanner

* Read through the requirements and privacy statement and click on Accept button.
* It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
* When the downloads have finished, click on Settings.
* Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

* Spyware, Adware, Dialers, and other potentially dangerous programs
* Archives
* Mail databases

* Click on My Computer under Scan and then put the kettle on!
* Once the scan is complete, it will display the results. Click on View Scan Report.
* You will see a list of infected items there. Click on Save Report As....
* Save this report to a convenient place like your desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
* Copy and paste the report into your next reply.

FALLGUY · « **Reply #73 on:** May 28, 2010, 11:35:58 AM »

It will not run . I need java 1.5 or higher. Tried to download that with no success.

evilfantasy · « **Reply #74 on:** May 28, 2010, 11:39:25 AM »

Try one more.

Scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

FALLGUY · « **Reply #75 on:** May 30, 2010, 12:13:10 AM »

panda found nothing!

evilfantasy · « **Reply #76 on:** May 30, 2010, 11:00:39 PM »

How is the computer running now?

FALLGUY · « **Reply #77 on:** May 31, 2010, 08:34:01 AM »

It has been somewhat better since computer hope got involved. The programs will not update. Some web locations only show a written out version of the site. Not the computer code ,just paragraph style. My Zune software will not recognize the player. Last night, I noticed the computer freezing between window clicks. I went to defrag and the programs menu was empty. I have to restart the computer to alleviate this. My photos from my camera will not download to picasa . It shows error half way through the download. It does recognize the camera.
I don't know if the hard drive is going or what. Would it have to do with the video card I installed? It's been a year or more since, but maybe it has worn it out. Just guessing here. I know the Trojan (asil) was in my computer and removed by spysweeper. since that time everything has been goofy.

evilfantasy · « **Reply #78 on:** May 31, 2010, 09:49:11 AM »

run the C:\MGtools\GetLogs.bat file by double clicking on it. Attach the new C:\MGlogs.zip file that will be created.

FALLGUY · « **Reply #79 on:** May 31, 2010, 05:27:17 PM »

here is the log

[recovering disk space - old attachment deleted by admin]

evilfantasy · « **Reply #80 on:** May 31, 2010, 06:21:25 PM »

Your logs are clean.

"Ask Toolbar" is not malicious but it is considered malware. If it is not giving you any problems then you can leave it or uninstall Webroot and then re-install it but choose not to install the toolbar.

Disable SpySweeper so it does not block anything.

You can re-enable it after we are done.

To disable SpySweeper:

Open Spysweeper and click Options over to the left thenProgram Options and uncheck Load at windows startup
Over to the left click Shields and uncheckeverything.
UncheckHome page shield
UncheckAutomatically restore default without notification

.
----------

* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:services
Automatic LiveUpdate Scheduler
GameConsoleService
aawservice

:files
C:\Program Files\Symantec

:Commands
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Uninstall the Google Web Accelerator. Web Accelerators can sometimes have the opposite desired effect on a computer.

After uninstalling it run HijackThis and check for and 'Fix' these entries (if there):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost

.
Restart the computer and see if the performance improves.

----------

Quote

My Zune software will not recognize the player.

Uninstall Windows Media Player 11. Restart the computer and run CCleaner. Then restart the computer again and install WMP. Hopefully that will fix the Zune player.

FALLGUY · « **Reply #81 on:** May 31, 2010, 07:04:50 PM »

All processes killed
========== SERVICES/DRIVERS ==========
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
Service GameConsoleService stopped successfully!
Service GameConsoleService deleted successfully!
Error: Unable to stop service aawservice!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aawservice deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Symantec not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: moore family
->Temp folder emptied: 342156 bytes
->Temporary Internet Files folder emptied: 505390 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56235396 bytes
->Flash cache emptied: 3053 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: patti's place
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262808 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1968 bytes

Total Files Cleaned = 55.00 mb

OTM by OldTimer - Version 3.1.12.0 log created on 05312010_195519

Files moved on Reboot...

Registry entries deleted on Reboot...

FALLGUY · « **Reply #82 on:** May 31, 2010, 07:51:01 PM »

R1 was not listed. WMP would not uninstall. It said it was rolled back. The program listed WMP format runtime 11.
The computer is running faster.The Zune runs on Microsoft Zune hardware,not WMP. I had trouble updating Java and Adobe early on. Do you want me to try again? What is CCleaner?

evilfantasy · « **Reply #83 on:** May 31, 2010, 08:29:42 PM »

Quote from: FALLGUY on May 31, 2010, 07:51:01 PM

The Zune runs on Microsoft Zune hardware,not WMP.

I know but the files used to identify media players (all of them) are the ones that are included with WMP. I had a similar issue once with an MP3 player not being found by MediaMonkey and reinstalling WMP is what fixed it. I had to re-install it 3 times before it finally worked.

Quote

I had trouble updating Java and Adobe early on.

Let's clean up some then try the updates.

Quote

Do you want me to try again? What is CCleaner?

Configuring CCleaner.

If there are no more malware issues we can finish up now.

1. Double click OTM to launch it.
Vista and Windows 7 users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. When finished exit out of OTM.

----------

Use the Secunia Software Inspector to check for out of date software.

* Click Start Scanner
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.
* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Computer Hope Forum

News:

Author Topic: computer acting up (Read 34558 times)

FALLGUY

FALLGUY

FALLGUY

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

FALLGUY

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

FALLGUY

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

SuperDave

FALLGUY

FALLGUY

FALLGUY

FALLGUY

SuperDave

FALLGUY

FALLGUY

FALLGUY

SuperDave

FALLGUY

FALLGUY

FALLGUY

SuperDave

FALLGUY

SuperDave

SuperDave

FALLGUY

SuperDave

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY

FALLGUY

FALLGUY

FALLGUY

evilfantasy

FALLGUY

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY

evilfantasy

FALLGUY