Amelanchier

An adobe Flash Updater kept trying to install a start-up program, even after my Spybot and WinPatrol caught it and I kept saying "no" to the changes.

I also had a similar problem with removing a program I have had for a while now. I forget what this freeware/shareware was called, but it is a content blocker I have had for a while. It does its job well, but I have always been a little suspicious of it. Also my wife initially had the password, but now neither one of us remembers it, so we can't really open the program. I tried to delete it, but it is not going anywhere. The file is named rnamfler or naomf.exe.

I have also had some lethargy at start-up and shut-down that makes me suspicious, but it could just be too many start-up programs. There is always an error message at start-up about HP toolbox, a program I had tried to delete last year. At shut down, there are always HP toolbox and naomf.exe error messages like "HP toolbox not responding" or "naomf.exe dll initialization failed" - I have ignored them for too long.

Other random issues include: firefox and chrome browsers freezing up or not working, email access denied (only one email), not being able to remove ArcGIS or ArcGIS Tutorial, McAffe not updating or scanning, and slowness and freezing up when I am using programs like photoshop, illustrator and AutoCAD (my 2 GB RAM may just not be enough to run multiple high-memory-use programs at once?)

I am hoping to clean up viruses and clutter, and get back to a clean and efficient system, as my laptop and design software are critical to my work, and I can't afford another new system. I am hoping you can guide me to a more self-sustaining routine with only a few good programs I can use for anti-malware, content blocking, backing up and managing data.

Hopefully this time I can make sure the fix is a permanent one, and I won't ever have to bother you folks again :)


DDS (Ver_09-03-16.01) - NTFSx86
Run by tgillesp at 21:03:53.59 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1281 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\Program Files\rnamfler\naomf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\rnamfler\radprcmp.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\tgillesp\Local Settings\Temporary Internet Files\Content.IE5\1R9GBM4S\dds[1].pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M685-E
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Whitney2_S2P] c:\program files\samsung\samsung scx-4725 series\spanel\rcp\Scan2pc.exe
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [wrna3ls] c:\program files\rnamfler\naomf.exe
StartupFolder: e:\docume~1\tgillesp\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212550075234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212550038375
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c8/v22.137/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\tgillesp\applic~1\mozilla\firefox\profiles\ctpk5m23.default\
FF - plugin: e:\documents and settings\tgillesp\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2007-10-16 144704]
R0 ViPrt;VIA IDE Controller PORT Driver;c:\windows\system32\drivers\ViPrt.sys [2006-6-28 58368]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2007-10-16 54608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-10-27 72680]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-10-27 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-10-27 171272]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-8-28 98304]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-04-20 16:29 28,544 ac------ c:\windows\system32\drivers\pavboot.sys
2009-04-20 15:57 <DIR> -cd----- c:\windows\1032F58FD31942C1A25F2D3C9A26705B.TMP
2009-04-20 15:51 <DIR> -cd----- c:\windows\1F34839E48264B64B1B342E5AE8DEC5A.TMP
2009-04-15 13:47 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:47 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:47 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:47 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:47 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:47 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:47 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:47 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 13:47 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 13:44 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 13:44 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 13:44 2,560 -c------ c:\windows\system32\xpsp4res.dll
2009-03-24 14:52 <DIR> -cd----- c:\program files\Readiris10
2009-03-24 14:52 479,232 ac------ c:\windows\ssndii.exe
2009-03-24 14:51 <DIR> -cd----- c:\windows\Samsung
2009-03-24 14:49 <DIR> -cd----- c:\windows\system32\drivers\Samsung
2009-03-24 14:49 41,984 -c------ c:\windows\system32\drivers\DGIVECP.SYS
2009-03-24 14:49 <DIR> -cd----- c:\program files\Samsung

==================== Find3M ====================

2009-04-20 16:17 17,408 ac------ c:\windows\system32\rpcnetp.exe
2009-04-20 16:17 47,104 a------- c:\windows\system32\rpcnet.dll
2009-03-06 09:22 284,160 ac------ c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 ac------ c:\windows\system32\wininet.dll
2009-02-20 13:09 78,336 ac------ c:\windows\system32\ieencode.dll
2009-02-10 16:45 35,840 ac------ c:\windows\system32\diag2.dll
2009-02-09 07:10 729,088 ac------ c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 ac------ c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 ac------ c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 ac------ c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2009-02-06 06:11 110,592 ac------ c:\windows\system32\services.exe
2009-02-06 06:06 2,145,280 ac------ c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 ac------ c:\windows\system32\sc.exe
2009-02-06 05:32 2,023,936 ac------ c:\windows\system32\ntkrnlpa.exe
2009-02-03 14:59 56,832 ac------ c:\windows\system32\secur32.dll
2008-07-14 14:11 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071420080715\index.dat

============= FINISH: 21:04:29.78 ===============

Attached Files

ark.zip (3.6 KB, 2 views)

Amelanchier

*bumping* the thread