Yahoo Msg will not open ....can anybody sort this issue out ? w/log

[SuperDave]

The ESET log doesn't show that the infections were removed. Please run it again. There should be a box just above the "Scan archives" box alread checked. Please ensure that this box remains checked and run the scan.

[miolner1]

I ran the scanner again and selected both boxes this time:

C:\Desktop\Flash_Disinfector.exe   probably a variant of Win32/Agent.BWFKHA trojan   cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\setupxv.exe.vir   probably a variant of Win32/TrojanDownloader.Banload.KDRCNRT trojan   cleaned by deleting - quarantined
C:\Program Files\RegistryFix7\UninstlDll.dll   Win32/Adware.ErrorClean application   cleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\Internet Services.exe   probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan   cleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exe   probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP15\A0006085.DLL   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP16\A0006125.DLL   Win32/Toolbar.AskSBar application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007280.exe   probably a variant of Win32/Agent.BWFKHA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007281.dll   Win32/Adware.ErrorClean application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007282.exe   probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007283.exe   probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan   cleaned by deleting - quarantined

[miolner1]

Dave, okay so progress update at the ready. Yahoo msg now opens fine....but there are some serious time delays now from the time I startup till my browser opens .....and with closing one webpage and opening another , the closing webpage takes longer to dissappear than before and also the activity light on my pc seems to be working really hard at something all the time....I mean all the time ......what do you think?

[SuperDave]

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

******************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

[miolner1]

The Procexp log as requested:

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0   98.46   0 K   28 K         
 Interrupts   n/a      0 K   0 K   Hardware Interrupts      
 DPCs   n/a      0 K   0 K   Deferred Procedure Calls      
 System   4      0 K   57,188 K         
  smss.exe   764      172 K   276 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
   csrss.exe   836      2,368 K   5,928 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
   winlogon.exe   860      6,760 K   4,048 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
    services.exe   904   1.54   1,956 K   2,824 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
     svchost.exe   1080      3,288 K   3,568 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost -k DcomLaunch
      igfxext.exe   668      1,508 K   2,396 K   igfxext Module   Intel Corporation   C:\WINDOWS\system32\igfxext.exe -Embedding
      COCIManager.exe   300      2,848 K   2,712 K   Camera Control Interface   Logitech Inc.   "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
      wmiprvse.exe   5968      3,092 K   8,140 K   WMI   Microsoft Corporation   C:\WINDOWS\system32\wbem\wmiprvse.exe
      SkypeNames2.exe   1500      888 K   3,408 K   SkypeNames   Skype Technologies S.A.   "C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe" -Embedding
     svchost.exe   1132      2,144 K   3,088 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost -k rpcss
     svchost.exe   1280      26,324 K   34,664 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
     svchost.exe   1348      1,868 K   3,208 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
     svchost.exe   1596      1,580 K   2,692 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
     spoolsv.exe   1892      3,320 K   3,268 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
     svchost.exe   720      1,456 K   2,400 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
     AOLacsd.exe   756      5,644 K   4,308 K   AOL Connectivity Service   AOL LLC   C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
     avgwdsvc.exe   788      4,824 K   2,544 K   AVG Watchdog Service   AVG Technologies CZ, s.r.o.   C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      avgrsx.exe   1528      15,672 K   14,068 K   AVG Resident Shield Service   AVG Technologies CZ, s.r.o.   avgrsx.exe
      avgnsx.exe   316      11,276 K   792 K   AVG Network scanner Service   AVG Technologies CZ, s.r.o.   avgnsx.exe
     LVPrcSrv.exe   1044      1,080 K   1,864 K   Logitech LVPrcSrv Module.   Logitech Inc.   "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
     McciCMService.exe   1492      2,140 K   2,084 K   mcci+McciCMService   Motive Communications, Inc.   "C:\Program Files\Common Files\Motive\McciCMService.exe"
     RegSrvc.exe   1688      824 K   1,456 K   RegSrvc Module   Intel Corporation   "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
     svchost.exe   1608      2,588 K   3,316 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k imgsvc
     wdfmgr.exe   168      1,656 K   1,100 K   Windows User Mode Driver Manager   Microsoft Corporation   C:\WINDOWS\system32\wdfmgr.exe
     VESMgr.exe   204      3,540 K   2,668 K   VAIO Event Service (Service Module)   Sony Corporation   "C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"
     VCSW.exe   248      3,096 K   3,280 K   VAIO Entertainment UPnP Client Adapter   Sony Corporation   "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe" -RunBySCM
     wanmpsvc.exe   352      916 K   340 K   Wan Miniport (ATW) Service   America Online, Inc.   "C:\WINDOWS\wanmpsvc.exe"
     YahooAUService.exe   456      6,420 K   6,712 K   AutoUpater Service Module   Yahoo! Inc.   "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
     avgemc.exe   536      4,252 K   868 K   AVG E-Mail Scanner   AVG Technologies CZ, s.r.o.   C:\PROGRA~1\AVG\AVG8\avgemc.exe
      avgcsrvx.exe   2260      8,912 K   3,292 K   AVG Scanning Core Module - Server Part   AVG Technologies CZ, s.r.o.    /pipeName=83687938-965e-4ed7-9ddd-566c19f0c761 /coreSdkOptions=0 /binaryPath="C:\Program Files\AVG\AVG8\"
     VzCdbSvc.exe   624      5,752 K   4,256 K   VAIO Entertainment Database Service   Sony Corporation   "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"
     VzFw.exe   824      4,524 K   4,408 K   VAIO Entertainment File Import Service   Sony Corporation   "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe"
     alg.exe   2556      1,292 K   1,980 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
    lsass.exe   916      4,112 K   1,456 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
explorer.exe   2680      22,192 K   19,532 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
 avgtray.exe   2960      3,688 K   796 K   AVG Tray Monitor   AVG Technologies CZ, s.r.o.   "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
 SearchProtection.exe   2988      3,792 K   1,524 K   Yahoo! Application   Yahoo! Inc   "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
 InstallService.exe   3008      1,524 K   432 K      Netscape Communications Corporation   "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
 aolsoftware.exe   3024      8,732 K   7,392 K   AOL   AOL LLC   "C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe"
 LWS.exe   3048      18,972 K   2,532 K   Camera Software   Logitech Inc.   "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
 Skype.exe   1380      28,152 K   16,292 K   Skype    Skype Technologies S.A.   "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  skypePM.exe   1328      16,188 K   3,804 K   Skype Extras Manager   Skype Technologies   "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
 ctfmon.exe   3336      1,152 K   2,228 K   CTF Loader   Microsoft Corporation   "C:\WINDOWS\system32\ctfmon.exe"
 SSScheduler.exe   3360      808 K   80 K   McAfee Security Scanner Scheduler   McAfee, Inc.   "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe"
 firefox.exe   2216      85,124 K   97,740 K   Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\firefox.exe"
 procexp.exe   5016      10,828 K   16,528 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 1 for ProcessExplorer.zip\procexp.exe"
Vid.exe   2804      619,868 K   14,132 K   Logitech Vid HD   Logitech Inc.   "C:\Program Files\Logitech\Vid HD\Vid.exe" -installmode
YahooMessenger.exe   4264      109,724 K   48,556 K   Yahoo! Messenger   Yahoo! Inc.   "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"
 iexplore.exe   1296      6,048 K   1,004 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   4668      22,604 K   912 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:14337
 iexplore.exe   3300      5,584 K   884 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   5916      13,372 K   700 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3300 CREDAT:14337
 iexplore.exe   1832      5,636 K   896 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   5808      13,336 K   548 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:14337
 iexplore.exe   5188      5,580 K   888 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   4904      13,512 K   544 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:14337
 iexplore.exe   3232      5,592 K   896 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   4068      13,580 K   544 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3232 CREDAT:14337
 iexplore.exe   4916      5,632 K   904 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   436      13,516 K   540 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4916 CREDAT:14337
 iexplore.exe   4000      5,536 K   1,824 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   3304      16,040 K   2,008 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4000 CREDAT:14337
 iexplore.exe   4208      5,600 K   1,756 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   5100      13,488 K   1,704 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4208 CREDAT:14337
waol.exe   1444      118,588 K   11,248 K   AOL Software   AOL, LLC.    -Brestart
 shellmon.exe   5716      656 K   2,632 K   waolmon   AOL, LLC.   "C:\Program Files\AOL 9.1\shellmon.exe"
 aoltpsd3.exe   4408      2,456 K   5,680 K   AOL TopSpeed   AOL LLC    -p11535 -q"11536,11537,11538,11539,11540,11541,11542,11543" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\Topspeed\3.0\vph.ph" -g"{9C6D947A-D1B5-4271-A40A-7EFA70080F11}" -e1

[miolner1]

A quick update for you . I booted up my pc this morning and some little gremlin must have got into my system last night. My yahoo msg will not open now and it was working perfectly yesterday. I did gather this info from the error msg box in yahoo :

Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server 98.136.48.32...
[VIP Raw] Connecting to Virtual IP server 67.195.186.241...
[VIP Raw] Connecting to Virtual IP server 68.180.217.15...
[VIP Raw] Connecting to Virtual IP server 76.13.15.38...
[VIP Raw] FAILED
 ***  'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***

Checking HTTP virtual IP servers...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.34...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.56...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.137...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.142...
[VIP Http] FAILED
 ***  'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***

What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on.. I wonder if the rereg of files performed yesterday had anything to do with it ?

 

[SuperDave]

Please re-run RootRepeal again and post the log as instructed in Reply # 9

[miolner1]

Rootrepeal log just run:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/09/17 11:16
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9BFE000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD0000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8AA7000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\user\application data\skype\etilqs_qfyjmfnvxg56fsf6sbxi
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\documents and settings\user\application data\skype\etilqs_ywj25zmdo50r3v004jnd
Status: Allocation size mismatch (API: 8192, Raw: 0)

==EOF==

[SuperDave]

Your copy of ComboFix has passed it's shelf life. Please delete it, download a new one and run another scan.

Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[miolner1]

ComboFix 10-09-17.04 - User 09/18/2010  16:09:28.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.402 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-18 to 2010-09-18  )))))))))))))))))))))))))))))))
.

2010-09-18 23:05 . 2010-09-18 23:05   --------   d-----r-   C:\32788R22FWJFW
2010-09-17 18:06 . 2010-09-17 18:06   42816   ----a-w-   c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 04:25 . 2010-09-17 04:25   --------   d-----w-   c:\documents and settings\User\Application Data\Registry Mechanic
2010-09-17 04:21 . 2010-08-05 15:46   37336   ----a-w-   c:\windows\system32\CleanMFT32.exe
2010-09-17 04:21 . 2010-09-17 04:21   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-15 21:28 . 2010-09-16 03:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-15 21:25 . 2010-09-16 03:11   --------   d-----w-   c:\windows\SxsCaPendDel
2010-09-12 00:29 . 2010-09-12 00:29   --------   d-----w-   c:\program files\ESET
2010-09-10 19:58 . 2010-09-10 19:58   0   ----a-w-   c:\documents and settings\User\settings.dat
2010-09-09 21:55 . 2009-10-07 08:47   266008   ----a-r-   c:\windows\system32\drivers\lvrs.sys
2010-09-09 21:55 . 2009-10-07 08:24   34068   ----a-r-   c:\windows\system32\Repository.reg
2010-09-09 21:55 . 2009-10-07 08:48   539160   ----a-r-   c:\windows\system32\LVUI2RC.dll
2010-09-09 21:55 . 2009-10-07 08:48   539160   ----a-r-   c:\windows\system32\LVUI2.dll
2010-09-09 21:55 . 2009-10-07 08:43   199192   ----a-r-   c:\windows\system32\lvci12101110.dll
2010-09-09 21:55 . 2009-10-07 08:43   416280   ----a-r-   c:\windows\system32\lvcodec2.dll
2010-09-09 21:55 . 2009-10-07 08:49   6756632   ----a-r-   c:\windows\system32\drivers\lvuvc.sys
2010-09-09 21:41 . 2010-09-09 21:41   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\LogiShrd
2010-09-09 21:39 . 2009-10-07 08:49   23832   ----a-r-   c:\windows\system32\drivers\lvuvcflt.sys
2010-09-09 21:39 . 2010-09-09 21:40   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-09-09 21:37 . 2010-09-09 21:55   --------   d-----w-   c:\program files\Common Files\LogiShrd
2010-09-09 21:37 . 2010-09-10 22:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\LogiShrd
2010-09-09 21:37 . 2010-09-16 03:11   --------   d-----w-   c:\program files\Logitech
2010-09-09 21:37 . 2008-04-13 18:39   5504   -c--a-w-   c:\windows\system32\dllcache\mstee.sys
2010-09-09 21:37 . 2008-04-13 18:39   5504   ----a-w-   c:\windows\system32\drivers\MSTEE.sys
2010-09-09 21:37 . 2008-04-13 18:46   10880   -c--a-w-   c:\windows\system32\dllcache\ndisip.sys
2010-09-09 21:37 . 2008-04-13 18:46   10880   ----a-w-   c:\windows\system32\drivers\NdisIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   15232   -c--a-w-   c:\windows\system32\dllcache\streamip.sys
2010-09-09 21:36 . 2008-04-13 18:46   15232   ----a-w-   c:\windows\system32\drivers\StreamIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   11136   -c--a-w-   c:\windows\system32\dllcache\slip.sys
2010-09-09 21:36 . 2008-04-13 18:46   11136   ----a-w-   c:\windows\system32\drivers\SLIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   19200   -c--a-w-   c:\windows\system32\dllcache\wstcodec.sys
2010-09-09 21:36 . 2008-04-13 18:46   19200   ----a-w-   c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-09 21:36 . 2008-04-13 18:46   85248   -c--a-w-   c:\windows\system32\dllcache\nabtsfec.sys
2010-09-09 21:36 . 2008-04-13 18:46   85248   ----a-w-   c:\windows\system32\drivers\NABTSFEC.sys
2010-09-09 21:36 . 2008-04-13 18:46   17024   -c--a-w-   c:\windows\system32\dllcache\ccdecode.sys
2010-09-09 21:36 . 2008-04-13 18:46   17024   ----a-w-   c:\windows\system32\drivers\CCDECODE.sys
2010-09-09 21:36 . 2008-04-13 18:45   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2010-09-09 21:36 . 2008-04-13 18:45   60032   ----a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2010-09-09 21:35 . 2008-04-14 00:12   53760   -c--a-w-   c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-14 00:12   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-13 18:45   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2010-09-09 21:35 . 2008-04-13 18:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2010-09-09 00:12 . 2010-09-09 00:12   --------   d-----w-   c:\program files\MetaStream
2010-09-07 23:48 . 2010-09-07 23:48   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-18 23:04   --------   d-----w-   c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-18 23:14   --------   d-----w-   c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-18 22:31   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:26 . 2010-09-08 00:28   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26   --------   d-----r-   c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 04:25 . 2008-08-03 02:45   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-16 00:18 . 2010-09-09 21:55   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-09-16 00:17 . 2010-09-09 21:39   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-09-15 21:32 . 2009-06-06 21:24   --------   d-----w-   c:\documents and settings\User\Application Data\Yahoo!
2010-09-15 21:28 . 2008-08-30 21:40   --------   d-----w-   c:\program files\Yahoo!
2010-09-14 02:30 . 2001-01-02 07:46   --------   d-----w-   c:\program files\RegistryFix7
2010-09-13 00:34 . 2010-09-17 19:18   58368   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
2010-09-13 00:34 . 2010-09-17 19:18   101376   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
2010-09-11 14:46 . 2001-02-23 06:38   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-09-07 23:26 . 2001-01-31 21:18   --------   d-----w-   c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\program files\COMODO
2010-09-07 01:10 . 2010-09-07 01:10   63488   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10   52224   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10   117760   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-05 23:42 . 2010-09-17 19:18   58368   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\FFExternalAlert.dll
2010-09-05 23:42 . 2010-09-17 19:18   101376   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\RadioWMPCore.dll
2010-08-25 04:31 . 2004-11-21 02:35   --------   d-----w-   c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-11-21 00:04   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-07-31 05:47 . 2010-07-31 05:47   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-22 15:49 . 2004-11-21 00:04   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 20:08   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00   57344   -c--a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35   50528   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-r-   c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   -c--a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23   278264   -c--a-w-   c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17   53248   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32   19456   -c--a-w-   c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32   19968   -c--a-w-   c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27   126976   -c--a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31   155648   -c--a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   -c--a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05   5406720   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52   54576   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19   28672   -c--a-w-   c:\windows\system32\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12   184320   ----a-w-   c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20   167936   ----a-w-   c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08   28672   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54   151552   ----a-w-   c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 17:17   5252408   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/16/2010 9:21 PM 583640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TranslatorBar 5.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2642707&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(5696)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-18  16:31:44 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-18 23:31
ComboFix2.txt  2010-09-11 05:26
ComboFix3.txt  2010-09-09 00:22
ComboFix4.txt  2010-09-08 18:27

Pre-Run: 41,830,486,016 bytes free
Post-Run: 42,044,772,352 bytes free

- - End Of File - - 3E5B0F3FE448F4C9FD26029C9B93F9C4

[SuperDave]

What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on

You said Firefox is working well but what browser is your AOL homepage on? Can you please give me a screenprint.

How to post screenshots or images

Have you tried uninstalling AOL and downloading a new version?

[miolner1]

Dave, I have resolved the issue with logging onto AOL by uninstalling and then installing the updated version. Now, the only issue left over isto do with the much increased wait time from the time I logon to windows till I can actually run any programs. Also, and more surprisingly is the time taken to open new browser windows in Firefox etc....I notice that the time taken for such processes is approx twice as much as before...

[SuperDave]

We should do some cleanup and then I will give you a couple of links to try to speed up your computer while booting. You should investigate how much RAM you're running and what programs start when you boot. Also check to see how much free space you have on your C: drive. You should have at least 15/% in order for your computer to run correctly. If all these fail to speed up your computer, perhaps, you should start a new thread in the appropriate software forum.

Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
**********************************

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************
Clean-up

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

*********************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

**********************************

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Safe Surfing!

[miolner1]

Super D, I have completed the steps outlined in the last post. However, it seems that there is a very long system lag issue from the time of logging on to windows to getting something to appear on screen takes close to 8 minutes. I know we have completed alot of processes to get yahoo msg up and running but this system lag is a bummer. Take for instance my AOL , at times it will just freeze on screen and requires a close down of program and reopen. What do you think can be done to rid the system of the lag?

Btw I did a system check and it seems I have adequate ram resources and no other issues were evident on the system performance diagnosis.

[SuperDave]

You could try this tool. If it doesn't improve I would suggest that you start a new thread in the proper Windows software forum.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.