HooDoo

I am new to the forum and need help to rid my PC of the Proof Defender malware. My machine runs Win XP SP2 (Windows Media Center) with a Pentium 4 processor. I use Avast antivirus. After visiting a forum that I thought was safe (dna-forums.org) I got a security warning that looked like a message from Microsoft "Security Center Alert", Windows firewall has blocked.... Do you want to block this suspicious software: Win32.Conflicker.C. Studiply, I took the bait and now the Proof Defender screen gives repeated warnings that I need to download the whole program, blocks the internet, blocks Malwarebytes from starting, persistently gives the Conflicker warning.

I would very much appreciate help from someone who has successfully cleaned Proof Defender from an XP system.

Thanks

Bob

DDS (Ver_09-10-13.01) - NTFSx86
Run by Robert at 15:13:37.20 on Thu 10/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2538 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! antivirus 4.8.1356 [VPS 091014-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
F:\amazon\amazon unbox\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HDTUNE~1\HDTune.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\emMON.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP Battery Backup Monitor\UPSMON_Service.Exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Robert\Application Data\Gmail\gorhv17911194.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\amazon\amazon unbox\ADVWindowsClientSystemTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\HP Battery Backup Monitor\UPSMON.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Robert\My Documents\Computer Stuff\gmer.exe
H:\dds.com
C:\Program Files\HP Battery Backup Monitor\UPSUSBInt2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = local.,;*.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Mobipocket Reader Notifications] c:\program files\mobipocket.com\mobipocket reader\readernotify.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Google Update] "c:\documents and settings\robert\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; Zune 3.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://knowledgewire.com/courses/WashingtonGroup/SAP_Program/responsibilities.asp?TopicIndex=3&PassVar="
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PVR Agent] c:\program files\v-stream\pvr plus\tvr\Scheduled.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\LMPDPSRV.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ClientGW]
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [HD Tune] c:\progra~1\hdtune~1\HDTune.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [emMON] emMON.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [EZGigMonitor.exe] c:\program files\apricorn\ez gig ii\EZGigMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\apricorn\ez gig ii\TimounterMonitor.exe
mRun: [Apricorn Scheduler Service] "c:\program files\common files\apricorn\schedule2\schedhlp.exe"
mRun: [WheelMouse] c:\program files\trust\gm-4600 gamer mouse\Amoumain.exe
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [TurboHddUsb] c:\program files\turbohddusb\TurboHddUsb.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UPSMON] c:\program files\hp battery backup monitor\UPSMON.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [realtekc] "c:\documents and settings\robert\application data\gmail\gorhv17911194.exe" 2
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\robert\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\amazon~1.lnk - f:\amazon\amazon unbox\ADVWindowsClientSystemTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpbatt~1.lnk - c:\program files\hp battery backup monitor\RUNUPSMON.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - c:\program files\travelaxe\Travelaxe.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: hertz.com
Trusted Zone: nationalcitymortgage.com
Trusted Zone: photographyinthepark.com
Trusted Zone: tdameritrade.com
Trusted Zone: urscorp.com
Trusted Zone: wsms.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {03DED275-9DA6-450E-8A34-26684B2DDC78} - hxxps://moveitdmz102.urscorp.com/COM/MOVEitUploadWizard4.5.0.ocx
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://pucweb1.state.nv.us/wx/client/IrcViewer.cab
DPF: {0C5CF442-582C-4357-B116-765DA99CAA8C} - hxxp://pucweb1.state.nv.us/wx/client/IrcViewer.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail113b.urscorp.com/iNotes6W.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} - hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://eroom.wgint.com/eRoomSetup/client.cab
DPF: {7758D9E1-B6E9-451A-A1DE-621F81940FB9} - hxxps://mail113b.urscorp.com/domcfg.nsf/pspwctl.cab
DPF: {89F1C7A1-B54C-406D-8CD6-901D277F6388} - hxxp://pucweb1.state.nv.us/wx/client/IrcResultSet.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8BBA76EE-6A19-4421-9035-7ED6BBC70C74} - hxxp://pucweb1.state.nv.us/wx/client/XSComponentCheck.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Clorox/Coupons.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxps://e1.urscorp.com/jde/axctls/jdewebctlsU.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://xlonhcld.xlontech.net/100348/qmpdev/qsp2ie06011811.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\5lthqyku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\robert\application data\mozilla\firefox\profiles\5lthqyku.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\robert\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-4-10 254320]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2007-2-22 61424]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-15 207280]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-23 114768]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-4-15 7040]
R1 ndasfat;NDAS FAT;c:\windows\system32\drivers\ndasfat.sys [2007-4-10 372720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-23 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-15 112592]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-8-6 216032]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2007-3-6 51584]
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2007-3-6 365312]
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2007-3-6 162432]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-1-20 14092]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2007-2-22 76144]
R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2007-2-22 187632]
S2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [2006-5-22 7787]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-4-15 17792]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-15 358600]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2009-10-15 08:14 1,636,304 a------- c:\windows\PCTBDCore.dll
2009-10-15 08:14 1,152,470 a------- c:\windows\UDB.zip
2009-10-15 08:14 767,952 a------- c:\windows\BDTSupport.dll
2009-10-15 08:14 165,840 a------- c:\windows\PCTBDRes.dll
2009-10-15 08:14 149,456 a------- c:\windows\SGDetectionTool.dll
2009-10-15 08:14 882 a------- c:\windows\RegSDImport.xml
2009-10-15 08:14 880 a------- c:\windows\RegISSImport.xml
2009-10-15 08:14 131 a------- c:\windows\IDB.zip
2009-10-15 08:11 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-15 08:11 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-10-15 08:11 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-15 08:11 87,784 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-15 08:11 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-15 08:11 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-15 08:11 70,408 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-15 08:11 7,383 a------- c:\windows\system32\drivers\pctplsg.cat
2009-10-15 08:10 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-15 08:10 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-15 08:10 <DIR> --d----- c:\docume~1\robert\applic~1\PC Tools
2009-10-15 08:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-15 07:35 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 07:35 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-14 23:11 <DIR> --d----- c:\docume~1\robert\applic~1\Malwarebytes
2009-10-14 23:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-14 08:20 <DIR> --d----- c:\docume~1\robert\applic~1\Gmail
2009-10-10 08:45 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-10-10 08:45 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-10-10 08:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-10-10 08:40 939,368 a----r-- c:\windows\system32\myflash.ocx
2009-10-06 10:10 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-10-04 10:59 <DIR> --d----- c:\program files\scannow.org
2009-09-28 09:20 <DIR> --d----- c:\program files\WebEx
2009-09-28 09:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2009-09-28 09:17 <DIR> --d----- c:\program files\Linksys
2009-09-25 23:57 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-25 23:57 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-25 23:55 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2009-09-25 23:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-09-25 23:51 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-18 17:32 <DIR> --d----- c:\temp\DMTemp
2009-09-17 23:20 <DIR> --d----- c:\program files\common files\DivX Shared
2009-09-17 17:37 <DIR> --d----- c:\program files\iPod
2009-09-17 17:37 <DIR> --d----- c:\program files\iTunes
2009-09-17 17:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 13:03 <DIR> --d----- c:\docume~1\robert\applic~1\HpUpdate
2009-09-16 13:03 <DIR> --d----- c:\windows\Hewlett-Packard

==================== Find3M ====================

2009-10-10 08:40 5 a------- c:\program files\eula.txt
2009-10-10 08:40 14 a------- c:\program files\version.txt
2009-09-24 15:51 87,996 a---h--- c:\windows\system32\mlfcache.dat
2009-09-15 12:26 188,668 a------- c:\windows\hpwins22.dat
2009-09-08 11:01 60,744 a------- c:\documents and settings\robert\g2mdlhlpx.exe
2009-09-04 13:17 447,216 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-04 13:16 58,592 a------- c:\windows\system32\ZuneBusEnum.exe
2009-09-02 00:29 74,240 a------- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 00:29 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 00:29 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 00:29 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2009-09-02 00:29 310,784 a------- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 00:29 147,456 a------- c:\windows\system32\ZuneMTPZ.dll
2009-09-02 00:28 40,832 a------- c:\windows\system32\drivers\zumbus.sys
2009-08-21 03:46 450,560 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-17 12:37 1,837,296 a------- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 12:37 1,461,992 a------- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-13 18:29 504 ac------ c:\documents and settings\robert\jobq.dat
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 03:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 03:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 10:00 1,509,888 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 10:00 3,069,440 a------- c:\windows\system32\dllcache\mshtml.dll
2008-09-03 16:47 96 ac------ c:\program files\piconfig.lx
2007-09-14 14:42 3,932 ac------ c:\docume~1\robert\applic~1\LMLayout.dat
2007-09-14 14:42 268 ac------ c:\docume~1\robert\applic~1\LMCPaper.dat
2007-02-15 18:35 2,320 ac------ c:\program files\_setup.xml
2006-02-27 08:53 57,344 ac------ c:\program files\remember1.doc
2006-01-26 17:12 774,144 ac------ c:\program files\RngInterstitial.dll
2008-07-13 19:13 88 ---shr-- c:\windows\system32\713882AB3D.sys
2008-07-13 19:13 3,974 a--sh--- c:\windows\system32\KGyGaAvL.sys
2003-05-11 16:35 7,839 ac-sh--- c:\windows\system32\drivers\aspmon.sys

============= FINISH: 15:15:42.65 ===============

Attached Files

Zipped File.zip (9.8 KB, 2 views)

HooDoo

I turned on the PC today so that I could possibly retrieve a document and got a blue screen message. Then I tried to boot into safe mode. Got another blue screen. Here are the message strings.

*** Stop: 0x0000007E (0x80000003, 0x805c24e8, 0xba4c32b4, 0xba4c2fb0)

Page_fault_in_nonpaged_area
*** STOP: 0x00000050 (0xc4b050000, 0x00000000, 0xc4b050000, 0x000000000)

I have been looking for the restore CD from Dell, but can't find it. I am using another PC to post this.

I hope that someone help me out with this. Thanks

Bob

Ried

Hello Bob, our apologies for the delay. Do you still require assistance?

HooDoo

Ried,

I have not solved the problem with the PC. I removed the two hard drives and was able to transfer the files to an external drive. I am considering reinstalling the two internal drives and trying to do a clean install of Windows XP media center. The last time I turned on the PC I got the blue screen messages as reported previously.

Do you recommend a clean install of Win XP?

I can't find the restore disk for the PC. I don't recall if Dell provided one. The model is Dimension 5150/E510 with Windows Xp MCE05U.

Thanks

Bob

Ried

Hello Bob,

Yes, given that you have already retrieved the backups you needed, a format and clean install of Windows would be the best thing to do going forward. While we may be able to clean the infections we see, we cannot always undo the damage it causes to the Operating System.

Dell should have provided you with the restore disc. If you cannot find it, contact Dell and see if they can ship you out another one for a nominal fee.