Algg.exe removal

[Sjgreenfield]

My wifes laptop has been extremly slow opening webpages. I use e-anthology spyware scan and it found and removed a trojan last week. This however did not solve the problem. Google links are redirected on occasion and speed is extremly slow opening webpages. I found algg.exe running on startup so came here to determine best course of action. I have went through the 5 step process and my logs are as follows

Activescan
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-19 12:20:25
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4005.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@mediaplex[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@tucows[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@xiti[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/click,VaUDANP8AwBetAcAi7wCAAAADmQAABAAAQAGFgIAIQKMrgEAMj8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpOY0cAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D12imr4j82%2FM%3D619213.11559320.12052900.11209823%2FD%3Dmail%2FS%3D150550153%3AMON%2FY%3DYAHOO%2FEXP%3D1197697610%2FA%3D4942990%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mg1.mail.yahoo.com%2Fdc%2Ffc%3Fl%3Dmon%2Cmnw%3A%21fchandoff%2Csw1%3A%21fchandoff%2Csw2%3A%21fchandoff%2Csw3%3A%21fchandoff%26bg%3Dffffff%26f%3D150550153%26p%3Dmail_candygram%26id%3D25%26cb]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/click,VaUDANP8AwBetAcAi7wCAAAADmQAABAAAQAGFgIAIQKMrgEAMj8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpOY0cAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D12imr4j82%2FM%3D619213.11559320.12052900.11209823%2FD%3Dmail%2FS%3D150550153%3AMON%2FY%3DYAHOO%2FEXP%3D1197697610%2FA%3D4942990%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mg1.mail.yahoo.com%2Fdc%2Ffc%3Fl%3Dmon%2Cmnw%3A%21fchandoff%2Csw1%3A%21fchandoff%2Csw2%3A%21fchandoff%2Csw3%3A%21fchandoff%26bg%3Dffffff%26f%3D150550153%26p%3Dmail_candygram%26id%3D25%26cb]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\Low\renae@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@server.iad.liveperson[3].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.server.iad.liveperson.net/hc/74455559]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\Low\renae@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@media.adrevolver[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\Low\renae@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@searchportal.information[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\1fxrr76k.default\cookies.txt[.target.com/]
00249874 application/alfacleaner HackTools No 0 Yes No c:\users\renae\appdata\roaming\skinux
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@www3.addfreestats[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@citi.bridgetrack[1].txt
00412211 Adware/SecurityToolbar Adware No 0 Yes No c:\windows\system32\algg.exe
00412229 Adware/SecurityToolbar Adware Yes 1 Yes No C:\Windows\system32\311496\311496.dll
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Cookies\renae@enhance[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location �� y��Y
s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �� y��Y
s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================


HJT scan log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:27 PM, on 10/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: 311496 helper - {95325092-62FC-473B-B32A-AE613278855B} - C:\Windows\system32\311496\311496.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [wblogon] C:\Windows\System32\algg.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsupdate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsupdate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files\Common Files\eAcceleration\eacsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7803 bytes



I don't even use Mozilla on that pc anymore so the tracking cookies could be deleted?
thanks in advance for any help.

[Sjgreenfield]

I have cleared all temp folders and internet files then rebooted to make the logs easier to read, sorry for all the clutter on the first scan reports. Below are the new scans and 3 screenshots of what may be causing issues. Please advise on removal as my antivirus does not find anything wrong.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-19 19:45:38
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4005.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00249874 application/alfacleaner HackTools No 0 Yes No c:\users\renae\appdata\roaming\skinux
00412211 Adware/SecurityToolbar Adware Yes 1 Yes No C:\Windows\System32\algg.exe
00412229 Adware/SecurityToolbar Adware Yes 1 Yes No C:\Windows\system32\311496\311496.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location �q�l(�s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �q�l(�s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:41 PM, on 10/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\algg.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: 311496 helper - {95325092-62FC-473B-B32A-AE613278855B} - C:\Windows\system32\311496\311496.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [wblogon] C:\Windows\System32\algg.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsupdate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsupdate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files\Common Files\eAcceleration\eacsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7712 bytes

[TheBruce1]

Hello and welcome to TSF

• Download RSIT by random/random and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

========
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

[Sjgreenfield]

Hello Thebruce,

Thank you for getting to my post, the wife is starting to get angry without a laptop :)

Here are the logs you asked for

Logfile of random's system information tool 1.04 (written by random/random)
Run by Renae at 2008-10-21 12:49:42
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 64 GB (63%) free of 102 GB
Total RAM: 2045 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:25 PM, on 10/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\algg.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Renae\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Renae.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: 311496 helper - {95325092-62FC-473B-B32A-AE613278855B} - C:\Windows\system32\311496\311496.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [wblogon] C:\Windows\System32\algg.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsupdate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsupdate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files\Common Files\eAcceleration\eacsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7832 bytes

======Scheduled tasks folder======

C:\Windows\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-09-11 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95325092-62FC-473B-B32A-AE613278855B}]
311496 Class - C:\Windows\system32\311496\311496.dll [2008-10-13 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
C:\Program Files\Applications\iebt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - Internet Service - C:\Program Files\Applications\iebr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-04 857648]
"SunJavaUpdateSched"=c:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-09-11 77824]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"SoftwareStation"=C:\Program Files\eAcceleration\Station\station.exe [2008-04-15 173392]
"webscan"=C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe [2007-12-19 771504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NapsterShell"=C:\Program Files\Napster\napster.exe [2008-05-29 323216]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-06-27 405504]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-04 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-04 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-04 81920]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-10-04 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"smile"=C:\Program Files\Applications\wcs.exe []
"start"=C:\Program Files\Applications\iebtm.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"wblogon"=C:\Windows\System32\algg.exe [2008-10-13 20480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9055973b-8402-11dc-afe1-001c2387ad5d}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-21 12:49:42 ----D---- C:\rsit
2008-10-19 13:08:02 ----D---- C:\Program Files\Trend Micro
2008-10-19 13:01:10 ----A---- C:\Windows\system32\EncDec.dll
2008-10-19 13:01:08 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-19 12:49:58 ----D---- C:\ie-spyad_zo
2008-10-19 12:39:29 ----D---- C:\ProgramData\TEMP
2008-10-19 12:39:21 ----D---- C:\Program Files\SpywareBlaster
2008-10-19 11:30:56 ----D---- C:\Program Files\Panda Security
2008-10-16 17:39:55 ----D---- C:\Users\Renae\AppData\Roaming\Skinux
2008-10-16 17:38:17 ----D---- C:\Program Files\QuickTime
2008-10-16 17:38:16 ----D---- C:\ProgramData\Apple Computer
2008-10-16 17:36:01 ----D---- C:\Program Files\Common Files\Kodak
2008-10-16 17:35:55 ----D---- C:\Program Files\Kodak
2008-10-16 17:35:55 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-16 17:33:06 ----D---- C:\ProgramData\Kodak
2008-10-15 20:14:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 20:14:08 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 20:13:11 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 20:13:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 20:13:07 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 20:13:05 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 20:13:05 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-15 20:13:04 ----A---- C:\Windows\system32\mstime.dll
2008-10-15 20:13:03 ----A---- C:\Windows\system32\urlmon.dll
2008-10-13 07:49:10 ----A---- C:\Windows\system32\algg.exe
2008-10-13 07:48:49 ----D---- C:\Windows\system32\311496
2008-10-10 03:00:42 ----A---- C:\Windows\system32\msshooks.dll
2008-10-10 03:00:41 ----A---- C:\Windows\system32\msscb.dll
2008-10-10 03:00:38 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-10 03:00:38 ----A---- C:\Windows\system32\propsys.dll
2008-10-10 03:00:38 ----A---- C:\Windows\system32\propdefs.dll
2008-10-10 03:00:38 ----A---- C:\Windows\system32\msstrc.dll
2008-10-10 03:00:38 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-10 03:00:38 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-10 03:00:38 ----A---- C:\Windows\system32\msshsq.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\wsepno.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\srchadmin.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\offfilt.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-10 03:00:37 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\tquery.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-10 03:00:36 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-10 03:00:36 ----A---- C:\Windows\system32\mssvp.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\mssrch.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-10 03:00:36 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-10 03:00:35 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-10 03:00:35 ----A---- C:\Windows\system32\mssph.dll
2008-10-09 08:10:48 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-09 08:10:47 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-09 08:10:46 ----A---- C:\Windows\system32\emdmgmt.dll
2008-10-09 08:10:46 ----A---- C:\Windows\system32\dataclen.dll
2008-10-09 08:10:46 ----A---- C:\Windows\system32\cdd.dll
2008-10-09 08:10:45 ----A---- C:\Windows\system32\wshext.dll
2008-10-09 08:10:45 ----A---- C:\Windows\system32\wscript.exe
2008-10-09 08:10:45 ----A---- C:\Windows\system32\vbscript.dll
2008-10-09 08:10:45 ----A---- C:\Windows\system32\scrrun.dll
2008-10-09 08:10:45 ----A---- C:\Windows\system32\scrobj.dll
2008-10-09 08:10:45 ----A---- C:\Windows\system32\jscript.dll
2008-10-09 08:10:45 ----A---- C:\Windows\system32\cscript.exe
2008-10-09 03:10:20 ----D---- C:\PerfLogs

======List of files/folders modified in the last 1 months======

2008-10-21 12:49:54 ----D---- C:\Windows\Prefetch
2008-10-21 12:49:45 ----D---- C:\Windows\Temp
2008-10-21 00:00:13 ----SHD---- C:\System Volume Information
2008-10-19 19:00:19 ----D---- C:\Windows\rescache
2008-10-19 18:54:33 ----D---- C:\Windows\system32\drivers
2008-10-19 18:53:45 ----SD---- C:\Windows\Downloaded Program Files
2008-10-19 18:46:48 ----D---- C:\Windows\System32
2008-10-19 18:46:48 ----D---- C:\Windows\inf
2008-10-19 18:46:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-19 18:11:52 ----D---- C:\Program Files\Mozilla Firefox
2008-10-19 13:23:48 ----D---- C:\Windows\Microsoft.NET
2008-10-19 13:23:35 ----RSD---- C:\Windows\assembly
2008-10-19 13:08:02 ----RD---- C:\Program Files
2008-10-19 13:05:29 ----D---- C:\Windows\winsxs
2008-10-19 13:03:50 ----D---- C:\Windows\system32\catroot
2008-10-19 13:03:49 ----D---- C:\Windows\system32\catroot2
2008-10-19 13:02:05 ----D---- C:\Windows\ehome
2008-10-19 13:00:12 ----D---- C:\Windows
2008-10-19 12:39:29 ----HD---- C:\ProgramData
2008-10-19 10:46:53 ----SHD---- C:\Windows\Installer
2008-10-19 10:46:50 ----D---- C:\Program Files\Adobe
2008-10-19 10:45:39 ----D---- C:\Windows\Tasks
2008-10-16 17:38:34 ----D---- C:\Program Files\Internet Explorer
2008-10-16 17:37:24 ----D---- C:\Windows\Help
2008-10-16 17:36:41 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-10-16 17:36:01 ----D---- C:\Program Files\Common Files
2008-10-16 17:35:32 ----D---- C:\Windows\system32\Tasks
2008-10-16 0352 ----D---- C:\Windows\system32\migration
2008-10-16 0352 ----D---- C:\Program Files\Windows Mail
2008-10-15 20:14:34 ----D---- C:\ProgramData\Microsoft Help
2008-10-15 20:05:27 ----D---- C:\Windows\system32\Msdtc
2008-10-15 20:05:24 ----D---- C:\Windows\system32\wbem
2008-10-15 20:04:48 ----D---- C:\Windows\system32\config
2008-10-15 20:04:34 ----D---- C:\Windows\system32\spool
2008-10-15 20:04:26 ----D---- C:\Windows\registration
2008-10-15 20:04:26 ----D---- C:\Program Files\Napster
2008-10-14 01:47:11 ----D---- C:\Windows\system32\WDI
2008-10-10 03:10:11 ----D---- C:\ProgramData\NVIDIA
2008-10-10 0353 ----D---- C:\Windows\system32\en-US
2008-10-10 0353 ----D---- C:\Windows\PolicyDefinitions
2008-10-09 04:03:34 ----D---- C:\Windows\Logs
2008-10-09 03:18:52 ----SHD---- C:\Boot
2008-10-09 03:18:32 ----ASH---- C:\Program Files\desktop.ini
2008-10-09 03:11:14 ----D---- C:\Program Files\Windows Sidebar
2008-10-09 03:11:14 ----D---- C:\Program Files\Windows Photo Gallery
2008-10-09 03:11:14 ----D---- C:\Program Files\Windows Media Player
2008-10-09 03:11:14 ----D---- C:\Program Files\Windows Journal
2008-10-09 03:11:14 ----D---- C:\Program Files\Windows Collaboration
2008-10-09 03:11:14 ----D---- C:\Program Files\Windows Calendar
2008-10-09 03:11:14 ----D---- C:\Program Files\Movie Maker
2008-10-09 03:11:13 ----D---- C:\Windows\servicing
2008-10-09 03:11:13 ----D---- C:\Program Files\Windows Defender
2008-10-09 03:11:13 ----D---- C:\Program Files\Common Files\System
2008-10-09 03:11:09 ----D---- C:\Windows\MSAgent
2008-10-09 03:11:09 ----D---- C:\Windows\L2Schemas
2008-10-09 03:11:09 ----D---- C:\Windows\IME
2008-10-09 03:11:09 ----D---- C:\Windows\DigitalLocker
2008-10-09 03:11:05 ----D---- C:\Windows\system32\XPSViewer
2008-10-09 03:11:05 ----D---- C:\Windows\system32\ko-KR
2008-10-09 03:11:05 ----D---- C:\Windows\system32\da-DK
2008-10-09 03:11:05 ----D---- C:\Windows\system32\com
2008-10-09 03:11:03 ----D---- C:\Windows\system32\sysprep
2008-10-09 03:11:03 ----D---- C:\Windows\system32\oobe
2008-10-09 03:11:03 ----D---- C:\Windows\system32\it-IT
2008-10-09 03:11:03 ----D---- C:\Windows\system32\el-GR
2008-10-09 03:11:03 ----D---- C:\Windows\system32\de-DE
2008-10-09 03:11:02 ----D---- C:\Windows\system32\sv-SE
2008-10-09 03:11:02 ----D---- C:\Windows\system32\ru-RU
2008-10-09 03:11:02 ----D---- C:\Windows\system32\ias
2008-10-09 03:11:02 ----D---- C:\Windows\system32\fr-FR
2008-10-09 03:11:02 ----D---- C:\Windows\system32\AdvancedInstallers
2008-10-09 03:11:01 ----D---- C:\Windows\system32\SLUI
2008-10-09 03:11:01 ----D---- C:\Windows\system32\setup
2008-10-09 03:11:01 ----D---- C:\Windows\system32\pt-PT
2008-10-09 03:11:01 ----D---- C:\Windows\system32\hu-HU
2008-10-09 03:11:01 ----D---- C:\Windows\system32\he-IL
2008-10-09 03:11:01 ----D---- C:\Windows\system32\fi-FI
2008-10-09 03:11:01 ----D---- C:\Windows\system32\cs-CZ
2008-10-09 03:11:00 ----D---- C:\Windows\system32\zh-TW
2008-10-09 03:11:00 ----D---- C:\Windows\system32\zh-CN
2008-10-09 03:11:00 ----D---- C:\Windows\system32\ro-RO
2008-10-09 03:11:00 ----D---- C:\Windows\system32\pl-PL
2008-10-09 03:11:00 ----D---- C:\Windows\system32\manifeststore
2008-10-09 03:11:00 ----D---- C:\Windows\system32\ja-JP
2008-10-09 03:11:00 ----D---- C:\Windows\system32\es-ES
2008-10-09 03:11:00 ----D---- C:\Windows\system32\en
2008-10-09 03:10:59 ----D---- C:\Windows\system32\tr-TR
2008-10-09 03:10:59 ----D---- C:\Windows\system32\nb-NO
2008-10-09 03:10:58 ----D---- C:\Windows\system32\nl-NL
2008-10-09 03:10:58 ----D---- C:\Windows\system32\ar-SA
2008-10-09 03:10:54 ----D---- C:\Windows\system32\pt-BR
2008-10-09 03:10:54 ----D---- C:\Windows\system32\migwiz
2008-10-09 03:10:30 ----D---- C:\Windows\AppPatch
2008-10-09 03:10:22 ----D---- C:\Windows\Boot
2008-10-09 03:10:21 ----D---- C:\Windows\system32\Boot
2008-10-08 22:39:01 ----A---- C:\Windows\system32\ifxcardm.dll
2008-10-08 22:38:59 ----A---- C:\Windows\system32\axaltocm.dll
2008-10-07 14:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-04-29 12672]
R2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-05-09 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-05-09 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-05-09 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-29 8192]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2007-05-11 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-29 206848]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 7628608]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-06-27 326656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-04 182456]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-29 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 eac_notifysvc;eAcceleration Notification Service; C:\Program Files\eAcceleration\Framework\eac_svc.exe [2008-09-03 111952]
R2 eac_productsvc;eAcceleration Product Manager Service; C:\Program Files\eAcceleration\Framework\eac_productsvc.exe [2008-03-24 263504]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-06-27 94208]
R2 StopSign Update Manager;StopSign Update Manager; C:\Program Files\Common Files\eAcceleration\eacsvc.exe [2008-04-15 103760]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-29 386560]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-10-21 12:50:27

======Uninstall list======

-->"C:\Program Files\Acceleration Software\Anti-Virus\ws_uninst.exe" -s
-->"C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
-->C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll
-->C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll
-->C:\PROGRA~1\COMMON~1\EACCEL~1\SysSnap\syssnap.exe -UnregServer
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AstroPop Deluxe 1.0-->C:\Program Files\PopCap Games\AstroPop Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\AstroPop Deluxe\Install.log"
Avery Wizard 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5EC9AD36-5167-470E-B0F9-CB3EA12F442E}
Bejeweled 2 Deluxe 1.1-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Brother MFC-7420-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F88E125-DA31-475D-B1F4-6D45A7E90650}\setup.exe" -l0x9 -removeonly /uninst
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chuzzle Deluxe 1.01-->C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Insaniquarium Deluxe 1.1-->C:\Program Files\PopCap Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Insaniquarium Deluxe\Install.log"
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_320002_3197129\Setup.exe /APR-REMOVE
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Midland LifeSolutions-->"C:\Program Files\InstallShield Installation Information\{7DCA138A-7A6A-4244-9953-933739BF384E}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Monopoly-->C:\Windows\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Peggle Deluxe 1.01-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
StopSign by eAcceleration-->C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AddRemove
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WinCleaner OneClick Cleanup Version 11-->"C:\Program Files\Business Logic Corporation\WinCleaner\unins000.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

[TheBruce1]

Hello again

Quote:

the wife is starting to get angry without a laptop :)

Tell her to get on with the housework it will ease the stress

=========

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

StopSign by eAcceleration<----eAcceleration's Stop-Sign anti-malware scanner was listed on this page primarily because of the company's history of employing deceptive advertising and drive-by-downloads (1, 2, 3, 4). The company was also known for removing and/or disabling competing apps. These objectionable business practices were employed primarily during the years 2002-2003.
http://www.spywarewarrior.com/rogue_anti-spyware.htm

We recommend you remove this application

==========

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C:\Combofix.txt
Hijackthis Log

Any reason why there is no virus protection installed?

[Sjgreenfield]

The first step is to remove Stop-sign. I tried the usuall way through add/remove programs in control panel. It goes through the steps to remove all, says they were uninstalled, but still appear in the program list and function just as they always have. They are clearly still on pc even after several tries to uninstall from control panel, and a reboot. You asked in previous post why there was no anti-virus, I assumed stop sign was all that was needed. Please advise on how to remove.

[TheBruce1]

Hello again

Try these steps outline in the link below:
http://www.eacceleration.com/helpdes..._eanth#trouble

[Sjgreenfield]

Ok I finally got rid of e-anthology, had to reinstall and then uninstall. I rebooted ran the rest of the needed programs. Logs are as follows...

ComboFix 08-10-19.04 - Renae 2008-10-21 17:18:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1360 [GMT -5:00]
Running from: C:\Users\Renae\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Renae\Documents\My Documents.url
C:\Windows\System32\311496
C:\Windows\System32\311496\311496.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.

2008-10-21 17:22 . 2008-10-21 17:24 <DIR> d-------- C:\Windows\System32\311496
2008-10-21 12:49 . 2008-10-21 12:50 <DIR> d-------- C:\rsit
2008-10-19 13:08 . 2008-10-19 13:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-19 13:01 . 2008-08-05 04:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-19 13:01 . 2008-08-05 04:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-19 13:01 . 2008-08-05 04:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-19 13:01 . 2008-08-05 04:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-19 13:01 . 2008-08-05 04:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-19 12:49 . 2008-10-19 12:49 <DIR> d-------- C:\ie-spyad_zo
2008-10-19 12:39 . 2008-10-19 12:39 <DIR> d-------- C:\Users\All Users\TEMP
2008-10-19 12:39 . 2008-10-19 12:39 <DIR> d-------- C:\ProgramData\TEMP
2008-10-19 12:39 . 2008-10-19 12:41 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-19 11:30 . 2008-10-19 11:30 <DIR> d-------- C:\Program Files\Panda Security
2008-10-19 11:30 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-19 10:27 . 2008-10-19 10:27 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-16 17:39 . 2008-10-16 17:39 <DIR> d-------- C:\Users\Renae\AppData\Roaming\Skinux
2008-10-16 17:38 . 2008-10-16 17:38 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-10-16 17:38 . 2008-10-16 17:38 <DIR> d-------- C:\ProgramData\Apple Computer
2008-10-16 17:38 . 2008-10-16 17:38 <DIR> d-------- C:\Program Files\QuickTime
2008-10-16 17:36 . 2008-10-16 17:36 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-10-16 17:35 . 2008-10-16 17:37 <DIR> d-------- C:\Program Files\Kodak
2008-10-16 17:33 . 2008-10-16 17:39 <DIR> d-------- C:\Users\All Users\Kodak
2008-10-16 17:33 . 2008-10-16 17:39 <DIR> d-------- C:\ProgramData\Kodak
2008-10-15 23:02 . 2008-09-17 21:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 23:02 . 2008-08-26 20:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 20:14 . 2008-09-18 00:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 20:14 . 2008-09-18 00:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 20:13 . 2008-10-01 20:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 20:13 . 2008-10-01 22:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-13 07:49 . 2008-10-13 07:48 20,480 --a------ C:\Windows\System32\algg.exe
2008-10-09 08:10 . 2008-04-26 03:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-10-09 03:10 . 2008-10-09 03:10 <DIR> d-------- C:\PerfLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 22:36 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-10-16 08:06 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 01:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-16 01:04 --------- d-----w C:\Program Files\Napster
2008-10-10 08:10 --------- d-----w C:\ProgramData\NVIDIA
2008-10-09 08:18 174 --sha-w C:\Program Files\desktop.ini
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Journal
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Defender
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Calendar
2008-10-09 01:15 27,335 ----a-w C:\Users\Renae\AppData\Roaming\nvModes.dat
2008-09-11 01:23 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-09-10 08:00 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 22:53 --------- d-----w C:\Program Files\Midland LifeSolutions
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-05 21:20 566 ----a-w C:\Users\Renae\AppData\Roaming\wklnhst.dat
2008-01-08 02:44 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-11-08 16:26 0 ----a-w C:\Program Files\error.dat
2007-09-20 03:53 60,968 ----a-w C:\Users\Renae\12 V.exe
2008-04-05 13:41 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-05 13:41 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-05 13:41 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-18 16:59 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-18 16:59 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-18 16:59 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95325092-62FC-473B-B32A-AE613278855B}]
2008-10-21 17:24 15872 --a------ C:\Windows\system32\311496\311496.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"wblogon"="C:\Windows\System32\algg.exe" [2008-10-13 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-11 77824]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2008-05-29 323216]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{601E4AF4-6AF7-4212-9216-D94D9E349A45}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{E2B83947-2793-4E6F-AA42-FB214C62BF7A}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{EB532267-5388-423A-863D-1064D6798BA9}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5FDB614C-D0D7-4E2F-B1E3-73FE3EC783E7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{ACD7C31D-7019-42F5-8F44-E463BCBF0399}"= TCP:10421:SingleClick Discovery Protocol
"{1109ED9A-A386-4360-830E-3D814DD291FF}"= UDP:139:NetBIOS File/Printer Sharing
"{BADE1318-27AC-411B-BAB6-A2119BBD627E}"= TCP:10426:SingleClick ICC
"{521C9299-3D6E-4613-8BB8-F190DA54918B}"= UDP:445:Microsoft Directory Services
"{F665230F-46A6-4E15-BD50-0009466C4903}"= TCP:138:NetBIOS Datagram Service
"{8F9A1694-599E-4A13-8E26-68CAE367C498}"= TCP:137:NetBIOS Name Service
"{3031927E-AC47-4945-8466-076491837CCA}"= UDP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{13035D60-4D36-4D7F-B098-FAE4481E8346}"= TCP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{3B2D52D2-CC64-45C3-B822-5C4D7435D816}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7056702C-ED61-46CB-9429-A50B54A893D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FE6BCD6B-FC36-47B5-9DF5-DEDCAB6A4506}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{6B3C2560-ACFA-4841-88C7-DAED688B82BB}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{55AE661F-8C76-4883-9C47-AADB853DCF91}"= TCP:10421:SingleClick Discovery Protocol
"{C6BA0932-29F8-4867-BE0C-0F1B9FEF72BD}"= TCP:10426:SingleClick ICC
"TCP Query User{BEA91859-5AD1-4C0E-B4CB-C91F0927EF37}C:\\program files\\napster\\napster.exe"= UDP:C:\program files\napster\napster.exe:Napster
"UDP Query User{C2586E9D-1D3A-4569-92ED-970FB644F858}C:\\program files\\napster\\napster.exe"= TCP:C:\program files\napster\napster.exe:Napster
"TCP Query User{769E4E48-BBD0-4D2B-AC18-DB19D4AAF6BF}C:\\program files\\napster\\napster.exe"= UDP:C:\program files\napster\napster.exe:Napster
"UDP Query User{3FEF2707-2622-4069-BCEB-88E7C2D4C057}C:\\program files\\napster\\napster.exe"= TCP:C:\program files\napster\napster.exe:Napster
"{D8608B40-4A01-453E-8275-CF7EE6DBBA1C}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{AFA7BA91-B079-47D1-8217-07F9A8C5761E}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{4EDA68E3-CDB9-4C90-A7D0-499137DA0FFE}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{22254421-8C53-4BBD-9031-0944523EF320}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{16A3EEA6-5423-4914-AB4B-67F1E42C65C2}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{57F78A5F-4167-429F-BE21-4C093A0644D7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9055973b-8402-11dc-afe1-001c2387ad5d}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 C:\Windows\Tasks\EasyShare Registration Task.job
- C:\Windows\system32\rundll32.exe [2006-11-02 04:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://windiwsfsearch.com
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
R0 -: HKLM-Main,Search Bar = hxxp://windiwsfsearch.com/ie6.html
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://windiwsfsearch.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 17:24:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\BCMWLTRY.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-21 17:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-21 22:27:51

Pre-Run: 68,606,607,360 bytes free
Post-Run: 68,332,232,704 bytes free

190 --- E O F --- 2008-10-19 1805






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:37 PM, on 10/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\algg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [wblogon] C:\Windows\System32\algg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5457 bytes

[TheBruce1]

Hello again

Download ATF-Cleaner by Atribune to your desktop. Do not run just yet, we will shorlty

========

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O13 - Gopher Prefix:

Please remember to close all other windows, including browsers then click Fix checked.

=========

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\Windows\System32\algg.exe
Folder::
C:\Windows\System32\311496
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wblogon"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95325092-62FC-473B-B32A-AE613278855B}]

Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

=========

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==========

I see no evidence of an AntiVirus program on your system. This must be resolved. Go Here for downloading and installing instructions, update then run a full scan, post the log from that scan in your reply.

You can choose an antivirus of your own if you wish.

==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
C:\Combofix.txt
Avira Scan Report
Hijackthis Log

How is your system running now.

[Sjgreenfield]

I have finished all of the steps requested. There were a few issues..

The ATF cleaner
I was supposed to check and clean prefetch but it was greyed out and had (disabled) next to it. I cleaned the rest and moved on.

About the antivirus software. I have a lifetime membership to eAntholgy and have used that as my anti-virus for a couple years. Apparently the program wasn't doing it's job. After doing a Google search of the company it appears they may not be the best to do buisness with, so I have deleted them from my machines and installed AntiVir as sugested. The report found a couple issues, as you will see in the log, I have them quarantined. What should be my action now, delete them?

The system appears to be running smothly, webpages loading almost instantly, no odd programs upon startup.

Lastly, my desktop is severly cluttered now what programs can be deleted and what needs to be saved?

Here are the logs requested..

ComboFix 08-10-19.04 - Renae 2008-10-21 18:18:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1314 [GMT -5:00]
Running from: C:\Users\Renae\Desktop\ComboFix.exe
Command switches used :: C:\Users\Renae\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\algg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\311496
C:\Windows\System32\311496\311496.dll
C:\Windows\System32\algg.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.

2008-10-21 12:49 . 2008-10-21 12:50 <DIR> d-------- C:\rsit
2008-10-19 13:08 . 2008-10-19 13:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-19 13:01 . 2008-08-05 04:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-19 13:01 . 2008-08-05 04:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-19 13:01 . 2008-08-05 04:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-19 13:01 . 2008-08-05 04:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-19 13:01 . 2008-08-05 04:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-19 12:49 . 2008-10-19 12:49 <DIR> d-------- C:\ie-spyad_zo
2008-10-19 12:39 . 2008-10-19 12:39 <DIR> d-------- C:\Users\All Users\TEMP
2008-10-19 12:39 . 2008-10-19 12:39 <DIR> d-------- C:\ProgramData\TEMP
2008-10-19 12:39 . 2008-10-19 12:41 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-19 11:30 . 2008-10-19 11:30 <DIR> d-------- C:\Program Files\Panda Security
2008-10-19 11:30 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-19 10:27 . 2008-10-19 10:27 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-16 17:39 . 2008-10-16 17:39 <DIR> d-------- C:\Users\Renae\AppData\Roaming\Skinux
2008-10-16 17:38 . 2008-10-16 17:38 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-10-16 17:38 . 2008-10-16 17:38 <DIR> d-------- C:\ProgramData\Apple Computer
2008-10-16 17:38 . 2008-10-16 17:38 <DIR> d-------- C:\Program Files\QuickTime
2008-10-16 17:36 . 2008-10-16 17:36 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-10-16 17:35 . 2008-10-16 17:37 <DIR> d-------- C:\Program Files\Kodak
2008-10-16 17:33 . 2008-10-16 17:39 <DIR> d-------- C:\Users\All Users\Kodak
2008-10-16 17:33 . 2008-10-16 17:39 <DIR> d-------- C:\ProgramData\Kodak
2008-10-15 23:02 . 2008-09-17 21:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 23:02 . 2008-08-26 20:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 20:14 . 2008-09-18 00:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 20:14 . 2008-09-18 00:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 20:13 . 2008-10-01 20:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 20:13 . 2008-10-01 22:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-09 08:10 . 2008-04-26 03:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-10-09 03:10 . 2008-10-09 03:10 <DIR> d-------- C:\PerfLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 22:36 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-10-16 08:06 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 01:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-16 01:04 --------- d-----w C:\Program Files\Napster
2008-10-10 08:10 --------- d-----w C:\ProgramData\NVIDIA
2008-10-09 08:18 174 --sha-w C:\Program Files\desktop.ini
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Journal
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Defender
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-09 08:11 --------- d-----w C:\Program Files\Windows Calendar
2008-10-09 03:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-10-09 03:38 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-09 01:15 27,335 ----a-w C:\Users\Renae\AppData\Roaming\nvModes.dat
2008-09-11 01:23 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-09-10 08:00 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 22:53 --------- d-----w C:\Program Files\Midland LifeSolutions
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-05 21:20 566 ----a-w C:\Users\Renae\AppData\Roaming\wklnhst.dat
2008-01-08 02:44 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-11-08 16:26 0 ----a-w C:\Program Files\error.dat
2007-09-20 03:53 60,968 ----a-w C:\Users\Renae\12 V.exe
2008-04-05 13:41 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-05 13:41 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-05 13:41 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-18 16:59 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-18 16:59 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-18 16:59 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-21_17.26.45.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-21 22:23:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-21 22:23:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-21 22:24:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-21 23:22:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-21 23:22:34 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-21 22:11:24 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 23:09:42 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-21 22:11:24 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 23:09:42 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-21 22:11:24 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 23:09:42 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-21 22:15:53 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-21 22:29:54 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-21 22:15:53 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-21 22:29:54 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-21 22:13:05 10,918 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4096926657-2598034714-1241299382-1000_UserData.bin
+ 2008-10-21 22:25:32 11,466 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4096926657-2598034714-1241299382-1000_UserData.bin
- 2008-10-21 22:13:05 59,578 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 22:25:32 59,594 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-11 77824]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2008-05-29 323216]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{601E4AF4-6AF7-4212-9216-D94D9E349A45}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{E2B83947-2793-4E6F-AA42-FB214C62BF7A}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{EB532267-5388-423A-863D-1064D6798BA9}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5FDB614C-D0D7-4E2F-B1E3-73FE3EC783E7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{ACD7C31D-7019-42F5-8F44-E463BCBF0399}"= TCP:10421:SingleClick Discovery Protocol
"{1109ED9A-A386-4360-830E-3D814DD291FF}"= UDP:139:NetBIOS File/Printer Sharing
"{BADE1318-27AC-411B-BAB6-A2119BBD627E}"= TCP:10426:SingleClick ICC
"{521C9299-3D6E-4613-8BB8-F190DA54918B}"= UDP:445:Microsoft Directory Services
"{F665230F-46A6-4E15-BD50-0009466C4903}"= TCP:138:NetBIOS Datagram Service
"{8F9A1694-599E-4A13-8E26-68CAE367C498}"= TCP:137:NetBIOS Name Service
"{3031927E-AC47-4945-8466-076491837CCA}"= UDP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{13035D60-4D36-4D7F-B098-FAE4481E8346}"= TCP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{3B2D52D2-CC64-45C3-B822-5C4D7435D816}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7056702C-ED61-46CB-9429-A50B54A893D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FE6BCD6B-FC36-47B5-9DF5-DEDCAB6A4506}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{6B3C2560-ACFA-4841-88C7-DAED688B82BB}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{55AE661F-8C76-4883-9C47-AADB853DCF91}"= TCP:10421:SingleClick Discovery Protocol
"{C6BA0932-29F8-4867-BE0C-0F1B9FEF72BD}"= TCP:10426:SingleClick ICC
"TCP Query User{BEA91859-5AD1-4C0E-B4CB-C91F0927EF37}C:\\program files\\napster\\napster.exe"= UDP:C:\program files\napster\napster.exe:Napster
"UDP Query User{C2586E9D-1D3A-4569-92ED-970FB644F858}C:\\program files\\napster\\napster.exe"= TCP:C:\program files\napster\napster.exe:Napster
"TCP Query User{769E4E48-BBD0-4D2B-AC18-DB19D4AAF6BF}C:\\program files\\napster\\napster.exe"= UDP:C:\program files\napster\napster.exe:Napster
"UDP Query User{3FEF2707-2622-4069-BCEB-88E7C2D4C057}C:\\program files\\napster\\napster.exe"= TCP:C:\program files\napster\napster.exe:Napster
"{D8608B40-4A01-453E-8275-CF7EE6DBBA1C}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{AFA7BA91-B079-47D1-8217-07F9A8C5761E}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{4EDA68E3-CDB9-4C90-A7D0-499137DA0FFE}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{22254421-8C53-4BBD-9031-0944523EF320}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{16A3EEA6-5423-4914-AB4B-67F1E42C65C2}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{57F78A5F-4167-429F-BE21-4C093A0644D7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9055973b-8402-11dc-afe1-001c2387ad5d}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 C:\Windows\Tasks\EasyShare Registration Task.job
- C:\Windows\system32\rundll32.exe [2006-11-02 04:45]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 18:22:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-21 18:24:02
ComboFix-quarantined-files.txt 2008-10-21 23:23:59
ComboFix2.txt 2008-10-21 22:27:56

Pre-Run: 68,125,499,392 bytes free
Post-Run: 67,877,748,736 bytes free

185 --- E O F --- 2008-10-19 1805


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:16 PM, on 10/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5271 bytes




Avira AntiVir Personal
Report file date: Tuesday, October 21, 2008 18:51

Scanning for 1701701 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: RENAE-PC

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 20:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 10/19/2008 23:49:12
ANTIVIR3.VDF : 7.0.7.70 111104 Bytes 10/21/2008 23:49:14
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/21/2008 23:49:31
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/21/2008 23:49:30
AESCN.DLL : 8.1.1.3 123252 Bytes 10/21/2008 23:49:29
AERDL.DLL : 8.1.1.2 438644 Bytes 10/21/2008 23:49:28
AEPACK.DLL : 8.1.2.4 369014 Bytes 10/21/2008 23:49:26
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 10/21/2008 23:49:25
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/21/2008 23:49:24
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/21/2008 23:49:21
AEGEN.DLL : 8.1.0.41 319861 Bytes 10/21/2008 23:49:20
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/21/2008 23:49:18
AECORE.DLL : 8.1.2.6 172406 Bytes 10/21/2008 23:49:17
AEBB.DLL : 8.1.0.3 53618 Bytes 10/21/2008 23:49:15
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/21/2008 23:49:14
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, October 21, 2008 18:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'napster.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hnm_svc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\Windows\System32\algg.exe.vir
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '49656dac.qua'!
C:\Qoobox\Quarantine\C\Windows\System32\311496\311496.dll.vir
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '492f6d72.qua'!
Begin scan in 'D:\' <RECOVERY>


End of the scan: Tuesday, October 21, 2008 19:23
Used time: 32:20 Minute(s)

The scan has been done completely.

18434 Scanning directories
200516 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
200512 Files not concerned
1258 Archives were scanned
2 Warnings
2 Notes

[TheBruce1]

Hello again

Quote:

I was supposed to check and clean prefetch but it was greyed out and had (disabled) next to it. I cleaned the rest and moved on.

Vista does not use PreFetch, instead it is now called SuperFetch.

Quote:

I have a lifetime membership to eAntholgy and have used that as my anti-virus for a couple years. Apparently the program wasn't doing it's job. After doing a Google search of the company it appears they may not be the best to do buisness with, so I have deleted them from my machines and installed AntiVir as sugested. The report found a couple issues, as you will see in the log, I have them quarantined. What should be my action now, delete them?

If you put a search for StopSign by eAcceleration into Google, this is what you come up with.
http://www.google.com/search?q=StopS...q=t&rls=%3A%3A

Always research before buying and never believe advertising.

You can delete those entries in quarantine.

Quote:

Lastly, my desktop is severly cluttered now what programs can be deleted and what needs to be saved?

Remove programs you longer use or hardly ever use or have no need for anymore.

========

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

• Comodo Personal Firewall
• ZoneAlarm

.

==========

If there are no further problems, continue below.

==========

Delete RSIT from your desktop, also delete this folder c:\rsit. Uninstall Hijackthis via add/remove, you can keep ATF-Cleaner if you wish.

==========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

==========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages:

* Content category
* Phishing scam detection
* Site reputation
* Page reputation

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.
Note:Only compatible with Firefox 1.5 and higher.

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.

• Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List.

Download and installation instructions for IE-Spyad™ Here

-----------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.

[Sjgreenfield]

I must thank you for all the help, your directions were very easy to follow and extremly helpfull. I was unaware of all the things needed to protect my pc, now hopefully there will be no more issues. I currently have Avira AntiVir, ZoneAlarm, Hostsman, Winpatrol, WOT, and SpywareBlaster all running. I have also changed my Web browser to Firefox. I will have my wife read the article on PC safety before giving her laptop back and update my desktop PC as well.

Thank you again, your time and help is much appreciated.

[TheBruce1]

Quote:

I currently have Avira AntiVir, ZoneAlarm, Hostsman, Winpatrol, WOT, and SpywareBlaster all running.

Good, this will offer greater protection

Quote:

I have also changed my Web browser to Firefox.

You should also install a couple of security related addons for Firefox, such as Noscript and AdBlockPlus, these will also help cut down on the amount of junk that can be stored on your system.

Quote:

Thank you again, your time and help is much appreciated.

You`re welcome, surf safely

[Sjgreenfield]

Something happened sometime during this process that has caused Windows Update to not work. When clicking it through the start menu it opens the Update window then just hangs there blank screen. After several minutes it goes into not responding and allows me to end task. Could one of these programs newly installed be blocking it from connecting? I have tried shutting down firewall, antivirus, and even tried setting my default browser back to IE from firefox. Not sure if this is the correct forum but thought maybe something in this thread had to do with the issue.

[TheBruce1]

Hello again

Click Start,Run, type sysdm.cpl, and then press OK.

Click on Automatic Updates tab
Set to Automatic(Recommended)
Click Apply and then OK.

What happens?

[Sjgreenfield]

Hello again thanks for continuing to help on this issue, After starting run typing sysdm.cpl it opens a window. That windows does not have an automatic updates tab. see screen1 screenshot. When I opne Windows Update itself from start menu it opens up blank window then hangs there blank for several minutes. see screen2 System restore does not open either I made a post in the vista forums because I was not sure you would read this post anymore here is a link to that. http://www.techsupportforum.com/micr...ml#post1771864

[TheBruce1]

Click start> run> type(or copy/paste command)

WUAUCPL.CPL

Does the Windows Update Tab appear?

Go to this link below:
http://www.update.microsoft.com/wind....aspx?ln=en-us

Does the page still remain blank?

Click start> run> type>cmd> type in DOS window.

ipconfig/flushdns

Hit Enter

Then type Exit>then press the Enter button to exit DOS screen.

Also check you firewall settings.
http://www.markusjansson.net/eza.html

[Sjgreenfield]

Run program, type WUAUCPL.CPL hit enter gives me the following error
"Windows can not find wuaucpl.cpl make sure you typed the name correctly then try again"

The website does open the window but it remains blank and stalls just as before.

Using the run program and typing ipconfig/flushdns also gives me the same error message "Windows cannot find. Make you you typed the name correctly and try again." I tried typing just ipconfig and for a split second i saw the dos window open but it dissapeared and i can not see it anywhere.

[TheBruce1]

Hello again



Try flushing DNS this way.

1.Click Start
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:

ipconfig /flushdns

7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

Does IE hang on any other websites or is it just when going to the windows updates page?

[Sjgreenfield]

ok Comand prompt opened up typed in ipconfig /dnsflush

Windows IP Configuration

Could not flush the DNS resolver cache: Function failed during execution

IE doesn't seem to be hanging up anywhere else, all websites appear to load correctly. Although It does say done, but with errors on page on bottom of screen on some pages.