Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] Re: IE7 cannot connect with secure sites

This is a discussion on [SOLVED] Re: IE7 cannot connect with secure sites within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi...Corday of the Internet Explorer forum site suggested that I put the DDS file and Attach files on this forum.


 
 
Thread Tools Search this Thread
Old 05-22-2012, 03:46 AM   #1
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi...Corday of the Internet Explorer forum site suggested that I put the DDS file and Attach files on this forum. I could not download the ark.txt from the many GMER sites that I saw. The following was sent to Corday who suggested the re-direction to the Security centre.



Corday..thanks for your reply. I tried that MG download but ended up with IE and the message after a few seconds "Internet Explorer cannot display the webpage". I am unable to furnish any details regardind the ark.txt via the GMER download.
I have taken the liberty of putting down the DDS file and the Attach file as a piece of text..so here it is:
DDS:
DDS file…created Friday May 18, 2012
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Esther at 20:38:04 on 2012-05-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1331 [GMT 10:00]
.
============== Running Processes ===============
.C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\BoxKing\Power Management\Power Saved Management.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nikon\NkView5\NkvMon.exe
G:\P4B533-E Backup 40GB HDD Aug 27,2011\Winzip 8.1\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\esther\local settings\application data\fnetjobf\ntvgwokv.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [NtvGwokv] c:\documents and settings\esther\local settings\application data\fnetjobf\ntvgwokv.exe
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [HPWUTOOLBOX] c:\program files\hp\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Power Management] c:\program files\boxking\power management\Power Saved Management.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Driver Fetch] "c:\program files\driver fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi\console launcher\CTAPR2.exe" /r
mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview5\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - g:\p4b533-e backup 40gb hdd aug 27,2011\winzip 8.1\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 203.0.178.191 203.215.29.191
TCP: Interfaces\{152C5DF5-FF82-49D3-8F31-95A8EBFE2D35} : DhcpNameServer = 203.0.178.191 203.215.29.191
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\esther\application data\mozilla\firefox\profiles\jr0d6dfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert 2.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3208939&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=2&q=
FF - plugin: c:\documents and settings\esther\application data\mozilla\firefox\profiles\jr0d6dfw.default\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: WiseConvert 2.2 Community Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - %profile%\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: TotalRecipeSearch: [email protected]_14.com - c:\program files\totalrecipesearch_14\bar\1.bin
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2011-10-20 150568]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\nikon\wireless camera setup utility\NkPtpEnum.exe [2005-6-17 24064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-20 100368]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2009-3-13 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2009-3-13 1656960]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-6-17 17664]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate1ca0e5f58cf0648;Google Update Service (gupdate1ca0e5f58cf0648);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253600]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-12 32072]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\esther\locals~1\temp\uiwnwlgi.sys --> c:\docume~1\esther\locals~1\temp\uiwnwlgi.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-24 224896]
S3 SliceDisk5;SliceDisk5;\??\h:\a-ff find and mount\slicedisk.sys --> h:\a-ff find and mount\slicedisk.sys [?]
.
=============== Created Last 30 ================
.
2012-05-17 12:20:50 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-05-17 12:20:48 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-05-15 04:04:20 -------- d-----w- c:\documents and settings\esther\application data\SpeedyPC Software
2012-05-15 04:04:12 -------- d-----w- C:\IE 8
2012-05-14 01:12:45 -------- d-----w- C:\ERDNT
2012-05-13 12:41:55 -------- d-----w- c:\documents and settings\esther\application data\Curiolab
2012-05-13 11:22:46 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-05-13 11:22:45 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-13 11:22:45 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-13 10:55:42 -------- d-----w- c:\documents and settings\esther\application data\RegGenie
2012-05-13 10:47:13 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2012-05-13 09:44:26 -------- d-----w- c:\program files\Registry Easy
2012-05-13 09:22:08 -------- d-sh--w- c:\documents and settings\esther\PrivacIE
2012-05-13 09:20:38 -------- d-sh--w- c:\documents and settings\esther\IETldCache
2012-05-13 09:16:51 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-05-13 09:16:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-05-13 01:38:07 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2012-05-12 11:45:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-12 11:44:03 -------- d-----w- C:\Malwarebytes
2012-05-12 11:39:14 -------- d-----w- c:\documents and settings\esther\application data\Malwarebytes
2012-05-12 11:39:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-12 11:39:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 11:39:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-10 11:49:49 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-10 11:49:26 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-05-09 10:44:50 -------- d-----w- c:\documents and settings\esther\local settings\application data\WinZip
2012-05-05 09:54:21 -------- d-----w- c:\documents and settings\esther\local settings\application data\fnetjobf
2012-05-04 11:32:25 -------- d-----w- c:\documents and settings\esther\application data\SpeedMaxPc
2012-05-04 11:32:17 -------- d-----w- c:\program files\common files\SpeedMaxPc
2012-05-04 11:32:16 -------- d-----w- c:\program files\SpeedMaxPc
2012-05-04 11:32:16 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
.
==================== Find3M ====================
.
2012-04-12 11:11:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-12 11:11:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 10:53:46 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-01 01:25:04 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25:03 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 20:38:31.00 ===============

Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07-Mar-09 12:17:20 PM
System Uptime: 17-May-12 8:33:28 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-E
Processor: Intel Pentium III Xeon processor | LGA 775 | 2665/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 20.832 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 417 GiB total, 282.169 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP270: 21-Feb-12 4:28:25 PM - System Checkpoint
RP271: 21-Feb-12 5:42:52 PM - Software Distribution Service 3.0
RP272: 28-Feb-12 7:31:33 PM - System Checkpoint
RP273: 08-Mar-12 5:25:18 PM - System Checkpoint
RP274: 10-Mar-12 7:59:03 PM - System Checkpoint
RP275: 13-Mar-12 6:52:10 PM - System Checkpoint
RP276: 14-Mar-12 10:02:46 PM - Software Distribution Service 3.0
RP277: 16-Mar-12 8:41:44 PM - Advanced Driver Updater
RP278: 19-Mar-12 5:18:54 PM - System Checkpoint
RP279: 20-Mar-12 6:24:28 PM - System Checkpoint
RP280: 23-Mar-12 8:31:51 PM - System Checkpoint
RP281: 25-Mar-12 9:27:14 PM - Installed Panorama Maker
RP282: 25-Mar-12 9:28:24 PM - Installed QuickTime
RP283: 27-Mar-12 11:35:26 AM - System Checkpoint
RP284: 29-Mar-12 5:26:26 PM - System Checkpoint
RP285: 02-Apr-12 10:43:07 PM - Installed Ad-Aware
RP286: 03-Apr-12 10:31:55 AM - Ext.HDD
RP287: 05-Apr-12 8:17:13 PM - System Checkpoint
RP288: 05-Apr-12 9:25:30 PM - Restore Operation
RP289: 05-Apr-12 9:31:00 PM - Restore Operation
RP290: 05-Apr-12 9:35:03 PM - Restore Operation
RP291: 05-Apr-12 9:47:03 PM - Restore Operation
RP292: 05-Apr-12 10:09:08 PM - Advanced Driver Updater
RP293: 08-Apr-12 3:16:14 PM - System Checkpoint
RP294: 09-Apr-12 8:11:54 PM - System Checkpoint
RP295: 12-Apr-12 4:01:59 PM - Software Distribution Service 3.0
RP296: 18-Apr-12 4:48:28 PM - System Checkpoint
RP297: 25-Apr-12 5:55:51 PM - System Checkpoint
RP298: 02-May-12 3:48:53 PM - System Checkpoint
RP299: 04-May-12 10:37:43 PM - Restore Operation
RP300: 04-May-12 10:40:37 PM - Removed Ad-Aware
RP301: 04-May-12 10:43:18 PM - Removed Ad-Aware
RP302: 07-May-12 8:32:39 PM - System Checkpoint
RP303: 08-May-12 10:41:22 PM - Removed Adobe Reader X (10.1.3).
RP304: 10-May-12 7:44:58 PM - System Checkpoint
RP305: 12-May-12 7:22:26 PM - System Checkpoint
RP306: 13-May-12 7:17:50 PM - Installed Windows Internet Explorer 8.
RP307: 13-May-12 8:14:53 PM - Removed Symantec AntiVirus
RP308: 13-May-12 8:48:08 PM - RegGenie Safe Scan Backup
RP309: 15-May-12 210 PM - Restore Operation
RP310: 16-May-12 8:16:52 PM - System Checkpoint
RP311: 17-May-12 5:41:43 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe PhotoDeluxe Home Edition 4.0
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.3)
Advanced Driver Updater
AncestryView
Apple Application Support
Apple Software Update
ArcSoft Camera Suite 2.1
ArcSoft Panorama Maker 3
ArcSoft Panorama Maker 3.0
ASUS Gamer OSD
ASUS Smart Doctor
ASUS Utilities
ASUS VGA Driver
ASUS VideoSecurity Online
ASUSUpdate
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Creative Software AutoUpdate
DealPly
Express Gate
Express Gate Updater
Exterminate It!
Find and Mount 2.32
FloraSaver Screen Saver
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5550 series
HP Officejet Pro K550 Series
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Mega Codec Pack 7.2.0
Kazoo Player
learn2.com Player/Plugin (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Legacy USB Camera Driver Package
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 61xx
Marvell Miniport Driver
Mentor for Networking
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Publisher 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiniTool Partition Wizard Home Edition 6.0
Misc
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Premium
NETGEAR WG111v3 wireless USB 2.0 adapter
Nikon Message Center
Nikon View 5
Norton PartitionMagic
Norton PartitionMagic 8.0
OTB
Paint Shop Pro 7 Anniversary Edition
PictureProject
Power Management
QFHSdatasearch
QuickTime
Rate Books Search Application
Registry Easy v5.6
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Six Engine
Skins
Skype Toolbars
Skype™ 5.3
Sound Blaster X-Fi
SoundMAX
SpeedMaxPc
SpeedyPC Pro
SPIF225 USB to SATA Bridge 98 Driver Installer
Stellar Phoenix Windows Data Recovery - Home
Toolbox
UGuide
Ulead PhotoImpact 12
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WinDjView 1.0.1
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Wireless Camera Setup Utility
Yahoo! Install Manager
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
17-May-12 8:35:03 PM, error: System Error [1003] - Error code 100000d1, parameter1 f78a7000, parameter2 00000002, parameter3 00000008, parameter4 f78a7000.
16-May-12 9:07:02 PM, error: Service Control Manager [7034] - The ATK Keyboard Service service terminated unexpectedly. It has done this 1 time(s).
15-May-12 11:41:14 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
14-May-12 9:31:39 AM, error: System Error [1003] - Error code 100000d1, parameter1 f78bf000, parameter2 00000002, parameter3 00000008, parameter4 f78bf000.
13-May-12 8:15:24 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 16 time(s).
13-May-12 8:15:22 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 15 time(s).
13-May-12 8:15:20 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 14 time(s).
13-May-12 8:15:18 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 13 time(s).
13-May-12 8:15:16 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 12 time(s).
13-May-12 8:15:14 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 11 time(s).
13-May-12 8:15:12 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 10 time(s).
13-May-12 8:15:10 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 9 time(s).
13-May-12 8:15:08 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 8 time(s).
13-May-12 8:15:06 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 7 time(s).
13-May-12 8:15:04 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 6 time(s).
13-May-12 8:15:02 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 5 time(s).
13-May-12 8:15:00 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 4 time(s).
13-May-12 8:14:58 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 3 time(s).
13-May-12 8:14:56 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 2 time(s).
12-May-12 6:17:17 PM, error: mv61xx [9] - The device, \Device\Scsi\mv61xx1, did not respond within the timeout period.
12-May-12 10:02:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd PCIIde
12-May-12 10:01:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11-May-12 2:44:58 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11-May-12 2:44:58 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10-May-12 3:38:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
10-May-12 3:37:58 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
10-May-12 3:37:58 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
10-May-12 3:37:58 PM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).
10-May-12 3:37:58 PM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10-May-12 3:37:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10-May-12 3:37:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00221537F6FB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10-May-12 1:50:36 PM, error: Service Control Manager [7034] - The Symantec AntiVirus service terminated unexpectedly. It has done this 3 time(s).
10-May-12 1:50:24 PM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================


I could not work out how to make the attach.txt smaller in size, so had to do a copy and paste.

I trust that the information supplied may be of some use...I hope so....and hope that you can help me out of this mess. ...Ray
raringer is offline  
Sponsored Links
Advertisement
 
Old 05-27-2012, 12:31 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

SpeedMaxPc<<Please read this and this

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

SpeedyPC Pro<<Please read this and this

------------------------------------------------------

I need to see a gmer log in order to help you. You don't download the ark.txt from the gmer site.

You have to download gmer and run it and it will produce a log which you can name ark.txt and post in your next reply.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • First, gmer will run a short, initial scan.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------

Also...

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click Change parameters then under 'Additional options' check the 'Detect TDLFS file system' > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.7.37.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-28-2012, 06:17 AM   #3
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist...your reply is much appreciated in trying to solve my problem. I am currently having many problems partly as a result of a 3rd. party.. First of all I was getting frequent messages on the monitor "Stack error on line 0". I could not find a solution via Google. I assumed it had something to do with Int. Expl. so I disabled all the addons { I should have done one at a time!! } I cannot remember if I did anything else but probably restarted the PC. When I restarted the PC I could not get Int. Expl. to work and got repeated messages to the effect "Unable to connect" I changed the Windows Firewall to OFF from ON...but this did not help. I cannot access Internet Options from Control Panel in order to enable these addons. I then made Mozilla Firefox the default browser in order to access many items on the D/top that used to be opened by Int. Expl..
In your letter relating to Subscribe to this thread etc.. I clicked on Thread Tools but could not find the message "Subscribe to this thread" All I could think of was copying all that was written by Corday a you, chemist.... onto this new thread but no Blue writing ....but not sure if this is OK. Sorry! I would like Int. Expl. to be the default browser but cannot get it to work. I only have a small knowledge of what is going on so some of my queries may sound a bit stupid to you..
I had a look at Start---My Computer--Tools menu----file types. There is a mixture of Mozilla and Int. Expl. items in the "Open with" command....but I changed nothing. Do you think the Int. Expl. problem should be solved first because I still cannot access the GMER Rootkit Scanner site from the "here" that you wrote. Would it be possible to give me the actual address so that I could type it in Google or Mozilla?
I have uninstalled SpeedmaxPC and SpeedyPCPro as you said.
I hope that this thread ends up in the Trojan area but it might still end up in the Internet Explorer forum.
I trust that I have not stuffed this up....Ray
raringer is offline  
Sponsored Links
Advertisement
 
Old 05-28-2012, 06:36 AM   #4
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist...it looks as if my thread is in the correct forum but do not know if email notifications is OK. I cannot remember why I uninstalled my Virus checker. In retrospect I should have stopped it scanning rather than uninstalling the program. All I know now is that I cannot download even AVG free edition...even trying with Mozilla....so at the moment there is no Virus checker. I will re-read your letter again later as I think I have created more problems than I originally had....Ray
PS...Unfortunately I will not be able to access this Computer between June 1 and June 9 inclusive but hope to be around again after that to solve the many difficulties I am currently experiencing.
raringer is offline  
Old 05-28-2012, 11:37 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Ray. Here is the link for gmer:

https://www.gmer.net/download.php

And for tdsskiller:

https://support.kaspersky.com/downloads/utils/tdsskiller.exe

Alternatively, you can download the tools to USB drive on another computer and transfer them to the desktop of the infected computer.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-29-2012, 09:02 AM   #6
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist...many thanks for your swift reply... and the necessary info. regarding the downloads. I took it upon myself to remove the HDD and scan it on another PC. 3 Trojans and 2 infections of some sort were removed using AVG. On re-installing the HDD I found that Int. Expl. was functioning again....but got " stack error on line 0 " again. Of course, this does not stop Int. Expl. from working. However I still could not access the Internet Options from Control panel...so cannot enable the lost addons that I had earlier disabled. I am not sure how useful the DDS and attach.txt files will be as they were done several days before this current work. I hope you can follow this GMER as it looks somewhat different from the original. I look forward to your ideas..many thanks...Ray

This is the result of the tdsskiller.exe download
No infection found


This is the result of the GMER download
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-30 00:59:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\mv61xx1Port4Path0Target0Lun0 Seagate_ rev.SD1A
Running: 8f06gcsp.exe; Driver: C:\DOCUME~1\Esther\LOCALS~1\Temp\afadrkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF64F5000, 0x19D612, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD482A00]
init C:\WINDOWS\system32\drivers\t3filt.sys entry point in "init" section [0xACCF7130]
init C:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBF04E480]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[636] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040B7B0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- EOF - GMER 1.0.15 ----
raringer is offline  
Old 05-29-2012, 02:13 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ray. You're very welcome.

What happens when you click 'Internet Options' in your Control Panel?

Have you tried re-enabling IE add-ons directly?

Open IE > Tools > Manage Add-ons?

------------------------------------------------------

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

LiveUpdate 2.6 (Symantec Corporation)

------------------------------------------------------

Please download the Norton Removal Tool and Save it to your Desktop.
  • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if not prompted already.
  • Then delete Norton_Removal_Tool.exe from your desktop.
If you need the direct link > ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

------------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc delete Lavasoft Kernexplorer

A DOS window will open and close again, this is normal.

Repeat for the following:

sc delete Micorsoft Windows Service

------------------------------------------------------

Please download Temp File Cleaner and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run it then click 'Run' then 'Start'.
  • Your desktop will disappear, this is normal, it will return.
  • If prompted, click "Yes" to reboot.
If you need the direct link > https://oldtimer.geekstogo.com/TFC.exe

------------------------------------------------------

Any improvement in behavior?

I will need to see fresh logs from dds. Please run dds again and post the logs as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-30-2012, 06:11 AM   #8
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist..thanks for your reply. I will answer your queries in order. Internet Options...Left or Right clicking gets nothing.. Tried IE--> Tools--> Manage addons....I get the menu but nothing happens when I click on it to re-enable addons.
Uninstalled Live update...not sure if I did something wrong. After the restart I got the normal D/top and then over the top of it I got "Norton Support" followed by "re-installing your Norton Product after you run the "Norton Removal Tool. Then a list (in RED) of 8 items appears relating to Norton products. Also a message "Norton has found a problem which needs your attention" was part of the screen.
I did " sc delete Lavasoft Kernexplorer" and "sc delete Microsoft Windows Service".
I did "temp File Cleaner". I cannot say , for sure, that there is a behaviour difference. ..all things appear to be working OK...Google, IE and Mozilla are OK. I have Mozilla as the default browser because I could not access Int. Expl..a short while back I have forgotten how to make Int. Expl. the default browser instead of Mozilla... or do you think that I am better off with Mozilla?
I hope that what I have done is OK and may be of some help..(unless I have erred somewhere). Many thanks...Ray
----------------------
DDS file downloaded on May 30, 2012
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Esther at 21:18:07 on 2012-05-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1425 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\BoxKing\Power Management\Power Saved Management.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
G:\P4B533-E Backup 40GB HDD Aug 27,2011\Winzip 8.1\WZQKPICK.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\esther\local settings\application data\fnetjobf\ntvgwokv.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [NtvGwokv] c:\documents and settings\esther\local settings\application data\fnetjobf\ntvgwokv.exe
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [HPWUTOOLBOX] c:\program files\hp\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Power Management] c:\program files\boxking\power management\Power Saved Management.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Driver Fetch] "c:\program files\driver fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi\console launcher\CTAPR2.exe" /r
mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview5\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - g:\p4b533-e backup 40gb hdd aug 27,2011\winzip 8.1\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: skype.com\community
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 203.0.178.191 203.215.29.191
TCP: Interfaces\{152C5DF5-FF82-49D3-8F31-95A8EBFE2D35} : DhcpNameServer = 203.0.178.191 203.215.29.191
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\esther\application data\mozilla\firefox\profiles\jr0d6dfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert 2.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3208939&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=2&q=
FF - plugin: c:\documents and settings\esther\application data\mozilla\firefox\profiles\jr0d6dfw.default\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: WiseConvert 2.2 Community Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - %profile%\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: TotalRecipeSearch: [email protected]_14.com - c:\program files\totalrecipesearch_14\bar\1.bin
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2011-10-20 150568]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\nikon\wireless camera setup utility\NkPtpEnum.exe [2005-6-17 24064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-20 100368]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2009-3-13 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2009-3-13 1656960]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-6-17 17664]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate1ca0e5f58cf0648;Google Update Service (gupdate1ca0e5f58cf0648);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253600]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-12 32072]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\esther\locals~1\temp\uiwnwlgi.sys --> c:\docume~1\esther\locals~1\temp\uiwnwlgi.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-24 224896]
S3 SliceDisk5;SliceDisk5;\??\h:\a-ff find and mount\slicedisk.sys --> h:\a-ff find and mount\slicedisk.sys [?]
.
=============== Created Last 30 ================
.
2012-05-29 18:20:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-29 17:53:17 -------- d--h--w- C:\$AVG
2012-05-27 15:56:35 -------- d-----w- c:\documents and settings\esther\local settings\application data\PCHealth
2012-05-27 14:26:02 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2012-05-27 14:25:45 -------- d-----w- c:\documents and settings\esther\application data\SpeedyPC Software
2012-05-27 14:25:42 -------- d-----w- C:\IE 8
2012-05-27 13:37:58 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-27 13:37:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-23 08:28:58 -------- d-----w- c:\program files\Skype
2012-05-22 13:21:25 -------- d-----w- c:\program files\Microsoft
2012-05-17 12:20:50 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-05-17 12:20:48 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-05-14 01:12:45 -------- d-----w- C:\ERDNT
2012-05-13 12:41:55 -------- d-----w- c:\documents and settings\esther\application data\Curiolab
2012-05-13 11:22:45 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-13 10:55:42 -------- d-----w- c:\documents and settings\esther\application data\RegGenie
2012-05-13 10:47:13 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2012-05-13 09:22:08 -------- d-sh--w- c:\documents and settings\esther\PrivacIE
2012-05-13 09:20:38 -------- d-sh--w- c:\documents and settings\esther\IETldCache
2012-05-13 09:16:51 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-05-13 09:16:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-05-13 01:38:07 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2012-05-12 11:45:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-12 11:44:03 -------- d-----w- C:\Malwarebytes
2012-05-12 11:39:14 -------- d-----w- c:\documents and settings\esther\application data\Malwarebytes
2012-05-12 11:39:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-12 11:39:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 11:39:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-10 11:49:49 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-10 11:49:26 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-05-09 10:44:50 -------- d-----w- c:\documents and settings\esther\local settings\application data\WinZip
2012-05-05 09:54:21 -------- d-----w- c:\documents and settings\esther\local settings\application data\fnetjobf
2012-05-04 11:32:25 -------- d-----w- c:\documents and settings\esther\application data\SpeedMaxPc
2012-05-04 11:32:16 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
.
==================== Find3M ====================
.
2012-04-12 11:11:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-12 11:11:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 10:53:46 26112 ----a-w- c:\windows\system32\userinit.exe
.
============= FINISH: 21:18:39.67 ===============



DDS file
DDS file downloaded on May 30, 2012
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Esther at 21:18:07 on 2012-05-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1425 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\BoxKing\Power Management\Power Saved Management.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
G:\P4B533-E Backup 40GB HDD Aug 27,2011\Winzip 8.1\WZQKPICK.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\esther\local settings\application data\fnetjobf\ntvgwokv.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [NtvGwokv] c:\documents and settings\esther\local settings\application data\fnetjobf\ntvgwokv.exe
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [HPWUTOOLBOX] c:\program files\hp\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Power Management] c:\program files\boxking\power management\Power Saved Management.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Driver Fetch] "c:\program files\driver fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi\console launcher\CTAPR2.exe" /r
mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview5\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - g:\p4b533-e backup 40gb hdd aug 27,2011\winzip 8.1\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: skype.com\community
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 203.0.178.191 203.215.29.191
TCP: Interfaces\{152C5DF5-FF82-49D3-8F31-95A8EBFE2D35} : DhcpNameServer = 203.0.178.191 203.215.29.191
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\esther\application data\mozilla\firefox\profiles\jr0d6dfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert 2.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3208939&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=2&q=
FF - plugin: c:\documents and settings\esther\application data\mozilla\firefox\profiles\jr0d6dfw.default\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: WiseConvert 2.2 Community Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - %profile%\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: TotalRecipeSearch: [email protected]_14.com - c:\program files\totalrecipesearch_14\bar\1.bin
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2011-10-20 150568]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\nikon\wireless camera setup utility\NkPtpEnum.exe [2005-6-17 24064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-20 100368]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2009-3-13 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2009-3-13 1656960]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-6-17 17664]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate1ca0e5f58cf0648;Google Update Service (gupdate1ca0e5f58cf0648);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 253600]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-12 32072]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\esther\locals~1\temp\uiwnwlgi.sys --> c:\docume~1\esther\locals~1\temp\uiwnwlgi.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-24 224896]
S3 SliceDisk5;SliceDisk5;\??\h:\a-ff find and mount\slicedisk.sys --> h:\a-ff find and mount\slicedisk.sys [?]
.
=============== Created Last 30 ================
.
2012-05-29 18:20:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-29 17:53:17 -------- d--h--w- C:\$AVG
2012-05-27 15:56:35 -------- d-----w- c:\documents and settings\esther\local settings\application data\PCHealth
2012-05-27 14:26:02 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2012-05-27 14:25:45 -------- d-----w- c:\documents and settings\esther\application data\SpeedyPC Software
2012-05-27 14:25:42 -------- d-----w- C:\IE 8
2012-05-27 13:37:58 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-27 13:37:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-23 08:28:58 -------- d-----w- c:\program files\Skype
2012-05-22 13:21:25 -------- d-----w- c:\program files\Microsoft
2012-05-17 12:20:50 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-05-17 12:20:48 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-05-14 01:12:45 -------- d-----w- C:\ERDNT
2012-05-13 12:41:55 -------- d-----w- c:\documents and settings\esther\application data\Curiolab
2012-05-13 11:22:45 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-13 10:55:42 -------- d-----w- c:\documents and settings\esther\application data\RegGenie
2012-05-13 10:47:13 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2012-05-13 09:22:08 -------- d-sh--w- c:\documents and settings\esther\PrivacIE
2012-05-13 09:20:38 -------- d-sh--w- c:\documents and settings\esther\IETldCache
2012-05-13 09:16:51 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-05-13 09:16:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-05-13 01:38:07 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2012-05-12 11:45:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-12 11:44:03 -------- d-----w- C:\Malwarebytes
2012-05-12 11:39:14 -------- d-----w- c:\documents and settings\esther\application data\Malwarebytes
2012-05-12 11:39:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-12 11:39:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 11:39:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-10 11:49:49 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-10 11:49:26 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-05-09 10:44:50 -------- d-----w- c:\documents and settings\esther\local settings\application data\WinZip
2012-05-05 09:54:21 -------- d-----w- c:\documents and settings\esther\local settings\application data\fnetjobf
2012-05-04 11:32:25 -------- d-----w- c:\documents and settings\esther\application data\SpeedMaxPc
2012-05-04 11:32:16 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
.
==================== Find3M ====================
.
2012-04-12 11:11:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-12 11:11:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 10:53:46 26112 ----a-w- c:\windows\system32\userinit.exe
.
============= FINISH: 21:18:39.67 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07-Mar-09 12:17:20 PM
System Uptime: 30-May-12 9:11:17 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-E
Processor: Intel Pentium III Xeon processor | LGA 775 | 2666/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 16.386 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 417 GiB total, 282.675 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP273: 08-Mar-12 5:25:18 PM - System Checkpoint
RP274: 10-Mar-12 7:59:03 PM - System Checkpoint
RP275: 13-Mar-12 6:52:10 PM - System Checkpoint
RP276: 14-Mar-12 10:02:46 PM - Software Distribution Service 3.0
RP277: 16-Mar-12 8:41:44 PM - Advanced Driver Updater
RP278: 19-Mar-12 5:18:54 PM - System Checkpoint
RP279: 20-Mar-12 6:24:28 PM - System Checkpoint
RP280: 23-Mar-12 8:31:51 PM - System Checkpoint
RP281: 25-Mar-12 9:27:14 PM - Installed Panorama Maker
RP282: 25-Mar-12 9:28:24 PM - Installed QuickTime
RP283: 27-Mar-12 11:35:26 AM - System Checkpoint
RP284: 29-Mar-12 5:26:26 PM - System Checkpoint
RP285: 02-Apr-12 10:43:07 PM - Installed Ad-Aware
RP286: 03-Apr-12 10:31:55 AM - Ext.HDD
RP287: 05-Apr-12 8:17:13 PM - System Checkpoint
RP288: 05-Apr-12 9:25:30 PM - Restore Operation
RP289: 05-Apr-12 9:31:00 PM - Restore Operation
RP290: 05-Apr-12 9:35:03 PM - Restore Operation
RP291: 05-Apr-12 9:47:03 PM - Restore Operation
RP292: 05-Apr-12 10:09:08 PM - Advanced Driver Updater
RP293: 08-Apr-12 3:16:14 PM - System Checkpoint
RP294: 09-Apr-12 8:11:54 PM - System Checkpoint
RP295: 12-Apr-12 4:01:59 PM - Software Distribution Service 3.0
RP296: 18-Apr-12 4:48:28 PM - System Checkpoint
RP297: 25-Apr-12 5:55:51 PM - System Checkpoint
RP298: 02-May-12 3:48:53 PM - System Checkpoint
RP299: 04-May-12 10:37:43 PM - Restore Operation
RP300: 04-May-12 10:40:37 PM - Removed Ad-Aware
RP301: 04-May-12 10:43:18 PM - Removed Ad-Aware
RP302: 07-May-12 8:32:39 PM - System Checkpoint
RP303: 08-May-12 10:41:22 PM - Removed Adobe Reader X (10.1.3).
RP304: 10-May-12 7:44:58 PM - System Checkpoint
RP305: 12-May-12 7:22:26 PM - System Checkpoint
RP306: 13-May-12 7:17:50 PM - Installed Windows Internet Explorer 8.
RP307: 13-May-12 8:14:53 PM - Removed Symantec AntiVirus
RP308: 13-May-12 8:48:08 PM - RegGenie Safe Scan Backup
RP309: 15-May-12 210 PM - Restore Operation
RP310: 16-May-12 8:16:52 PM - System Checkpoint
RP311: 17-May-12 5:41:43 PM - Software Distribution Service 3.0
RP312: 18-May-12 11:39:38 AM - Software Distribution Service 3.0
RP313: 20-May-12 8:58:15 PM - System Checkpoint
RP314: 22-May-12 11:11:01 PM - Removed Skype Click to Call
RP315: 22-May-12 11:11:14 PM - Removed Skype™ 5.9
RP316: 22-May-12 11:36:55 PM - Removed Skype Click to Call
RP317: 22-May-12 11:42:23 PM - Removed Skype™ 5.9
RP318: 22-May-12 11:48:56 PM - Software Distribution Service 3.0
RP319: 23-May-12 5:25:51 PM - Software Distribution Service 3.0
RP320: 27-May-12 8:53:24 PM - Restore Operation
RP321: 27-May-12 9:38:43 PM - Restore Operation
RP322: 27-May-12 10:16:02 PM - Software Distribution Service 3.0
RP323: 27-May-12 11:34:03 PM - Restore Operation
RP324: 28-May-12 12:30:07 AM - Restore Operation
RP325: 28-May-12 1:47:56 AM - Software Distribution Service 3.0
RP326: 30-May-12 9:49:53 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe PhotoDeluxe Home Edition 4.0
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.3)
Advanced Driver Updater
AncestryView
Apple Application Support
Apple Software Update
ArcSoft Camera Suite 2.1
ArcSoft Panorama Maker 3
ArcSoft Panorama Maker 3.0
ASUS Gamer OSD
ASUS Smart Doctor
ASUS Utilities
ASUS VGA Driver
ASUS VideoSecurity Online
ASUSUpdate
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Bing Bar
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Creative Software AutoUpdate
DealPly
Express Gate
Express Gate Updater
Find and Mount 2.32
FloraSaver Screen Saver
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5550 series
HP Officejet Pro K550 Series
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Mega Codec Pack 7.2.0
Kazoo Player
learn2.com Player/Plugin (Uninstall Only)
Logitech Legacy USB Camera Driver Package
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 61xx
Marvell Miniport Driver
Mentor for Networking
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Publisher 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiniTool Partition Wizard Home Edition 6.0
Misc
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Premium
NETGEAR WG111v3 wireless USB 2.0 adapter
Nikon Message Center
Nikon View 5
Norton PartitionMagic
Norton PartitionMagic 8.0
OTB
Paint Shop Pro 7 Anniversary Edition
PictureProject
Power Management
QFHSdatasearch
QuickTime
Rate Books Search Application
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Six Engine
Skins
Sound Blaster X-Fi
SoundMAX
SPIF225 USB to SATA Bridge 98 Driver Installer
Stellar Phoenix Windows Data Recovery - Home
Toolbox
UGuide
Ulead PhotoImpact 12
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WinDjView 1.0.1
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Wireless Camera Setup Utility
Yahoo! Install Manager
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30-May-12 9:13:07 PM, error: System Error [1003] - Error code 1000000a, parameter1 04000015, parameter2 0000001c, parameter3 00000000, parameter4 804fa292.
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The NkPtpEnumP2 service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The ATK Keyboard Service service terminated unexpectedly. It has done this 1 time(s).
30-May-12 8:40:20 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
30-May-12 4:02:45 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00221537F6FB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
28-May-12 10:58:39 AM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
28-May-12 10:29:26 AM, error: System Error [1003] - Error code 100000d1, parameter1 f78c7000, parameter2 00000002, parameter3 00000008, parameter4 f78c7000.
27-May-12 9:35:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the BBUpdate service to connect.
27-May-12 9:35:45 PM, error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27-May-12 9:35:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
27-May-12 9:15:00 PM, error: System Error [1003] - Error code 100000d1, parameter1 f78bf000, parameter2 00000002, parameter3 00000008, parameter4 f78bf000.
27-May-12 9:10:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd PCIIde
27-May-12 9:10:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
27-May-12 10:39:32 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 000000ff, parameter3 00000001, parameter4 80545ed2.
26-May-12 5:55:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
26-May-12 5:55:24 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00221537F6FB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
raringer is offline  
Old 05-30-2012, 12:27 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ray. Have you tried installing IE8?

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-31-2012, 05:33 AM   #10
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist...many thanks for your reply. I downloaded Combofix and the log results are here

ComboFix 12-05-31.01 - Esther 31-May-12 22:04:53.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1135 [GMT 10:00]
Running from: c:\documents and settings\Esther\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\430C6D84.TMP
c:\documents and settings\All Users\Application Data\TEMP\D1B5B4F1.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
c:\documents and settings\Esther\Local Settings\Application Data\bnwcogbi.log
c:\documents and settings\Esther\Local Settings\Application Data\dgqybffl.log
c:\documents and settings\Esther\Local Settings\Application Data\fnetjobf\ntvgwokv.exe
c:\documents and settings\Esther\Local Settings\Application Data\hugogofj.log
c:\documents and settings\Esther\Local Settings\Application Data\kxcajnyo.log
c:\documents and settings\Esther\Local Settings\Application Data\oxyxumhp.log
c:\documents and settings\Esther\Local Settings\Application Data\pkrmshkl.log
c:\documents and settings\Esther\Local Settings\Application Data\qlseouai.log
c:\documents and settings\Esther\Local Settings\Application Data\tetvajjm.log
c:\documents and settings\Esther\WINDOWS
c:\program files\TotalRecipeSearch_14
c:\program files\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14html.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8FFTBPR.DLL
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8PATCH.DLL
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8UNPAT.DLL
c:\program files\TotalRecipeSearch_14\bar\Cache\0002FE1D.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\000338D4.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00042D27
c:\program files\TotalRecipeSearch_14\bar\Cache\00047953.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00747E05
c:\program files\TotalRecipeSearch_14\bar\Cache\00748681.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\0074875C.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\007487AA.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00748875.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00748950.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\007489AD.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\007489EC.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00748A2A.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00748A69.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00748A98.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00748AD6.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\0074990F.jhtml
c:\program files\TotalRecipeSearch_14\bar\Cache\0074C01F
c:\program files\TotalRecipeSearch_14\bar\Cache\0074D3B7.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\files.ini
c:\program files\TotalRecipeSearch_14\bar\History\search3
c:\program files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Settings\prevcfg2.htm
c:\program files\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\program files\TotalRecipeSearch_14\bar\Settings\s_w1.dat
c:\program files\TotalRecipeSearch_14\bar\Settings\s_w1.dat.bak
c:\program files\TotalRecipeSearch_14\bar\Settings\s_w2.dat
c:\program files\TotalRecipeSearch_14\bar\Settings\s_w2.dat.bak
c:\program files\TotalRecipeSearch_14\bar\Settings\setting3.htm
c:\program files\TotalRecipeSearch_14\bar\Settings\setting3.htm.bak
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100023737.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100023739.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100024344.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100025727.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100025731.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100065004.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties200821740.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties206980340.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\Radio.html
c:\program files\TotalRecipeSearch_14EI
c:\windows\RegGenieOnUninstall.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TOTALRECIPESEARCH_14SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-29 17:53 . 2012-05-29 17:53 -------- d-----w- C:\$AVG
2012-05-27 15:56 . 2012-05-27 15:56 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\PCHealth
2012-05-27 14:26 . 2012-05-27 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-05-13 12:41 . 2012-05-13 12:41 -------- d-----w- c:\documents and settings\Esther\Application Data\Curiolab
2012-05-13 11:22 . 2012-05-28 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-05-13 10:55 . 2012-05-13 10:55 -------- d-----w- c:\documents and settings\Esther\Application Data\RegGenie
2012-05-13 09:22 . 2012-05-13 09:22 -------- d-sh--w- c:\documents and settings\Esther\PrivacIE
2012-05-13 09:21 . 2012-05-13 09:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-13 09:20 . 2012-05-13 09:20 -------- d-sh--w- c:\documents and settings\Esther\IETldCache
2012-05-13 09:16 . 2012-03-01 01:25 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-05-13 09:16 . 2012-03-01 01:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-05-13 01:38 . 2012-05-27 14:25 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2012-05-12 11:45 . 2012-05-28 00:14 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-12 11:44 . 2012-05-12 11:44 -------- d-----w- C:\Malwarebytes
2012-05-12 11:39 . 2012-05-12 11:39 -------- d-----w- c:\documents and settings\Esther\Application Data\Malwarebytes
2012-05-12 11:39 . 2012-05-12 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-12 11:39 . 2012-05-27 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-12 11:39 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 11:49 . 2012-05-10 11:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-05-10 11:49 . 2012-05-27 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-05-09 10:44 . 2012-05-19 11:10 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\WinZip
2012-05-05 09:54 . 2012-05-29 17:53 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\fnetjobf
2012-05-04 12:35 . 2012-05-04 12:35 -------- d-----w- c:\documents and settings\TEMP
2012-05-04 11:32 . 2012-05-04 11:32 -------- d-----w- c:\documents and settings\Esther\Application Data\SpeedMaxPc
2012-05-04 11:32 . 2012-05-28 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 11:11 . 2012-04-12 11:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 11:11 . 2011-05-15 10:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 10:53 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2007-01-04 481200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWUTOOLBOX"="c:\program files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 352256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Power Management"="c:\program files\BoxKing\Power Management\Power Saved Management.exe" [2008-03-07 733184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPIRun"="SPIRun.dll" [2006-11-29 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-06-26 380928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [N/A]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-25 113664]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-13 1527808]
WinZip Quick Pick.lnk - g:\p4b533-e backup 40gb hdd aug 27,2011\Winzip 8.1\WZQKPICK.EXE [2011-8-27 495432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2008-05-15 01:42 5958656 ----a-w- c:\program files\ASUS\Six Engine\SixEngine.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [20-Oct-11 3:02 PM 150568]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13-Feb-12 9:19 PM 193816]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [17-Jun-05 10:11 AM 24064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20-Oct-11 3:01 PM 100368]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [13-Mar-09 4:47 AM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [13-Mar-09 4:47 AM 1656960]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [17-Jun-05 10:11 AM 17664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate1ca0e5f58cf0648;Google Update Service (gupdate1ca0e5f58cf0648);c:\program files\Google\Update\GoogleUpdate.exe [27-Jul-09 12:10 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-Apr-12 9:11 PM 253600]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13-Feb-12 9:19 PM 240408]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-Jul-09 12:10 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12-May-12 9:45 PM 32072]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [24-Apr-07 8:11 AM 224896]
S3 SliceDisk5;SliceDisk5;\??\h:\a-ff find and mount\slicedisk.sys --> h:\a-ff find and mount\slicedisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:11]
.
2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc4f31be9af09e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 02:09]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 02:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: skype.com\community
TCP: DhcpNameServer = 203.0.178.191 203.215.29.191
FF - ProfilePath - c:\documents and settings\Esther\Application Data\Mozilla\Firefox\Profiles\jr0d6dfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert 2.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3208939&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: WiseConvert 2.2 Community Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - %profile%\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKCU-Run-OpAgent - OpAgent.exe
HKCU-Run-NtvGwokv - c:\documents and settings\Esther\Local Settings\Application Data\fnetjobf\ntvgwokv.exe
HKLM-Run-ScanSoft OmniPage 16-reminder - c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe
HKLM-Run-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
HKLM-Run-Driver Fetch - c:\program files\Driver Fetch\2.1.0.0\DriverFetch.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
HKLM-Run-Acrobat Assistant 8.0 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
Notify-NavLogon - (no file)
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
AddRemove-Find and Mount_is1 - h:\a-ff find and mount\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2012-05-31 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-2139871995-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-31 22:17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-31 12:17
.
Pre-Run: 18,024,349,696 bytes free
Post-Run: 17,669,091,328 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B6450B97D6E327AA371592E8456AFF1C

Hi chemist...I hope that the info. supplied will be useful. I have to be away from home from tomorrow to June 9 inclusive and will not be in a position to access anything. My apologies. Please keep this thread open as it is important and has also taken up a considerable amount of your time. I'd appreciate tha and look forward to being active on this thread once again. Many thanks...Ray
raringer is offline  
Old 05-31-2012, 11:46 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ray. Please tell us how your system is behaving. Still problems with IE?

You need an antivirus installed and running on your system.

Download, install, update an antivirus then do a full system scan.

As a suggestion > Microsoft Security Essentials - Free Antivirus for Windows

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Folder::
c:\documents and settings\Esther\Local Settings\Application Data\fnetjobf
c:\documents and settings\All Users\Application 
c:\documents and settings\Esther\Application Data\SpeedMaxPc
c:\documents and settings\All Users\Application Data\SpeedMaxPc
c:\program files\ascentive

Firefox::
FF - ProfilePath - c:\documents and settings\Esther\Application Data\Mozilla\Firefox\Profiles\jr0d6dfw.default\
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com

ClearJavaCache::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Driver::
Lavasoft Kernexplorer
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 6 Update 29

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-06-2012, 09:50 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, raringer? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2012, 03:16 AM   #13
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist..thanks for your reply...and I'm back again. In answer to a previous question regarding IE8...No, I have not tried downloading it as yet. I would prefer to tackle the instructions you provided me with in the morning as I will likely run out of time otherwise. I will do some of it tonight and save it. I hope that this is OK....many thanks...Ray
raringer is offline  
Old 06-09-2012, 09:17 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ray. You're welcome.

That's fine. It would actually be better if you finished those last instructions before trying to install IE8.

Post when done.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2012, 01:31 AM   #15
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist...thanks for your reply. I hope that what follows is OK.

Combofix.txt log done Jun 10, 2012
ComboFix 12-06-09.02 - Esther 10-Jun-12 13:51:19.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1381 [GMT 10:00]
Running from: c:\documents and settings\Esther\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Esther\My Documents\CFScript.txt\cfscript.txt.doc
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-09 10:41 . 2012-05-07 23:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4447C926-48A1-489D-9F7C-EE1D486B2933}\mpengine.dll
2012-06-09 10:41 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-09 10:35 . 2012-06-09 10:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 04:33 . 2012-06-09 22:53 -------- d-----w- c:\documents and settings\Esther\Tracing
2012-06-06 04:30 . 2010-04-27 21:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-06 04:29 . 2012-06-06 04:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-06-06 04:29 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-06-06 04:28 . 2012-06-06 04:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-06 04:27 . 2012-06-06 04:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-06 04:26 . 2012-06-06 04:30 -------- d-----w- c:\program files\Windows Live
2012-06-06 04:16 . 2012-06-06 04:16 -------- d-----w- c:\program files\Common Files\Windows Live
2012-06-06 04:10 . 2012-06-06 04:10 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\WMTools Downloaded Files
2012-05-29 17:53 . 2012-05-29 17:53 -------- d-----w- C:\$AVG
2012-05-27 15:56 . 2012-05-27 15:56 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\PCHealth
2012-05-27 14:26 . 2012-05-27 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-05-13 12:41 . 2012-05-13 12:41 -------- d-----w- c:\documents and settings\Esther\Application Data\Curiolab
2012-05-13 11:22 . 2012-05-28 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-05-13 10:55 . 2012-05-13 10:55 -------- d-----w- c:\documents and settings\Esther\Application Data\RegGenie
2012-05-13 09:22 . 2012-05-13 09:22 -------- d-sh--w- c:\documents and settings\Esther\PrivacIE
2012-05-13 09:21 . 2012-05-13 09:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-13 09:20 . 2012-05-13 09:20 -------- d-sh--w- c:\documents and settings\Esther\IETldCache
2012-05-13 09:16 . 2012-03-01 01:25 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-05-13 09:16 . 2012-03-01 01:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-05-13 01:38 . 2012-05-27 14:25 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2012-05-12 11:45 . 2012-05-28 00:14 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-12 11:44 . 2012-05-12 11:44 -------- d-----w- C:\Malwarebytes
2012-05-12 11:39 . 2012-05-12 11:39 -------- d-----w- c:\documents and settings\Esther\Application Data\Malwarebytes
2012-05-12 11:39 . 2012-05-12 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-12 11:39 . 2012-05-27 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-12 11:39 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-12 11:11 . 2012-04-12 11:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 11:11 . 2011-05-15 10:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 10:53 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-20 10:44 . 2012-03-20 10:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2007-01-04 481200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWUTOOLBOX"="c:\program files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 352256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Power Management"="c:\program files\BoxKing\Power Management\Power Saved Management.exe" [2008-03-07 733184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPIRun"="SPIRun.dll" [2006-11-29 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-06-26 380928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [N/A]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-25 113664]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-13 1527808]
WinZip Quick Pick.lnk - g:\p4b533-e backup 40gb hdd aug 27,2011\Winzip 8.1\WZQKPICK.EXE [2011-8-27 495432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2008-05-15 01:42 5958656 ----a-w- c:\program files\ASUS\Six Engine\SixEngine.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [20-Oct-11 3:02 PM 150568]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13-Feb-12 9:19 PM 193816]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [17-Jun-05 10:11 AM 24064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20-Oct-11 3:01 PM 100368]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [13-Mar-09 4:47 AM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [13-Mar-09 4:47 AM 1656960]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [17-Jun-05 10:11 AM 17664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate1ca0e5f58cf0648;Google Update Service (gupdate1ca0e5f58cf0648);c:\program files\Google\Update\GoogleUpdate.exe [27-Jul-09 12:10 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-Apr-12 9:11 PM 253600]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13-Feb-12 9:19 PM 240408]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-Jul-09 12:10 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12-May-12 9:45 PM 32072]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [24-Apr-07 8:11 AM 224896]
S3 SliceDisk5;SliceDisk5;\??\h:\a-ff find and mount\slicedisk.sys --> h:\a-ff find and mount\slicedisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:11]
.
2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc4f31be9af09e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 02:09]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 02:09]
.
2012-06-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: skype.com\community
TCP: DhcpNameServer = 203.0.178.191 203.215.29.191
FF - ProfilePath - c:\documents and settings\Esther\Application Data\Mozilla\Firefox\Profiles\jr0d6dfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3208939&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: WiseConvert 2.2 Community Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - %profile%\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-10 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-2139871995-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-10 13:55:21
ComboFix-quarantined-files.txt 2012-06-10 03:55
ComboFix2.txt 2012-06-10 01:49
ComboFix3.txt 2012-05-31 12:17
.
Pre-Run: 17,211,322,368 bytes free
Post-Run: 17,191,964,672 bytes free
.
- - End Of File - - 7D504A84477DDC317CB7C4C2EF293D33
==============================================
==============================================
Malwarebytes scan Jun 10, 2012
Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.06.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Esther :: HOME-E02CAE9EEA [administrator]

10-Jun-12 3:04:22 PM
mbam-log-2012-06-10 (15-04-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234175
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ESET file log
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd71cd1492b43541b7b88839d08383f3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 07:04:32
# local_time=2012-06-10 05:04:32 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 92 0 6231181 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=297609
# found=40
# cleaned=40
# scan_time=5239
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood51.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\Downloads\RegistryEasy_Lite.exe a variant of Win32/Adware.RegistryEasy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\P4B533-E 120GB backup Aug 8, 2011\Netgear\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14html.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP309\A0112073.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP309\A0112075.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP324\A0118293.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP324\A0118295.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP325\A0119044.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP325\A0119046.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120442.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120447.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120448.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120451.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120456.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120461.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Anne's Dragons\Search&Destroy\NOADWARE.EXE multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Anne's Dragons\Search&Destroy\NoAdware\is-S58T0.tmp Win32/NoAdware application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Search&Destroy\NOADWARE.EXE multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Search&Destroy\NoAdware\is-S58T0.tmp Win32/NoAdware application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Konica Minolta G530..Allison's\Add-aware\Ccleaner\dealply-ie.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E 120GB backup Aug 8, 2011\Netgear\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E Motherboard #2\Search&Destroy\noadware.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14datact.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14skin.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

=================================================================

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd71cd1492b43541b7b88839d08383f3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 07:04:32
# local_time=2012-06-10 05:04:32 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 92 0 6231181 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=297609
# found=40
# cleaned=40
# scan_time=5239
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood51.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\Downloads\RegistryEasy_Lite.exe a variant of Win32/Adware.RegistryEasy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\P4B533-E 120GB backup Aug 8, 2011\Netgear\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Esther\My Documents\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14html.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP309\A0112073.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP309\A0112075.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP324\A0118293.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP324\A0118295.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP325\A0119044.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP325\A0119046.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120442.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120447.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120448.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120451.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120456.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D429B8DD-3221-4390-8DF6-7B317990321F}\RP327\A0120461.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Anne's Dragons\Search&Destroy\NOADWARE.EXE multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Anne's Dragons\Search&Destroy\NoAdware\is-S58T0.tmp Win32/NoAdware application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Search&Destroy\NOADWARE.EXE multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
G:\Anne's Dragons\Search&Destroy\NoAdware\is-S58T0.tmp Win32/NoAdware application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Konica Minolta G530..Allison's\Add-aware\Ccleaner\dealply-ie.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E 120GB backup Aug 8, 2011\Netgear\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E 120GB backup Aug 8, 2011\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\P4B533-E Motherboard #2\Search&Destroy\noadware.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14datact.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\ZZZZ..C drive backup May 14. 2012\Program Files\TotalRecipeSearch_14\bar\1.bin\14skin.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
========================================

I always have trouble finding or saving anything to the desktop. Does the info. that is saved come up as an icon? I have not tried anything on the PC regarding behaviour...but will let you know asap.. Please let me know what, if anything, is missing. Many thanks for your help....Ray
raringer is offline  
Old 06-10-2012, 11:38 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ray. You're welcome. Let me know how the machine behaves. Are you able to connect to secure sites now?

If you re-read my instructions, you were supposed to un-tick 'Remove found threats' before the ESET scan. No worries though.

------------------------------------------------------

To download to your desktop in Firefox, go Tools > Options > Main > Downloads > 'Save files to' > Browse > Desktop > OK > OK.

Since you ran ComboFix twice that last time, I need to see the previous log.

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Qoobox\ComboFix2.txt

A text file should open. Please post the contents of that file in your next reply.

-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-11-2012, 04:10 AM   #17
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist..many thanks for the reply. Sorry for not getting that instruction right...I don't know why. I hope that this ComboFix is OK. I thought that the 2 logs looked similar but somehow thought that somewhere there was some difference. I have MSE installed and is switched ON. Thanks for the d/top saving method. I'll try a similar style for IE as an exercise. Please let me know if there is anything else that is required. Many thanks....Ray


ComboFix 12-06-09.02 - Esther 10-Jun-12 11:39:53.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1240 [GMT 10:00]
Running from: c:\documents and settings\Esther\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-09 10:41 . 2012-05-07 23:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4447C926-48A1-489D-9F7C-EE1D486B2933}\mpengine.dll
2012-06-09 10:41 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-09 10:35 . 2012-06-09 10:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 04:33 . 2012-06-09 22:53 -------- d-----w- c:\documents and settings\Esther\Tracing
2012-06-06 04:30 . 2010-04-27 21:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-06 04:29 . 2012-06-06 04:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-06-06 04:29 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-06-06 04:28 . 2012-06-06 04:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-06 04:27 . 2012-06-06 04:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-06 04:26 . 2012-06-06 04:30 -------- d-----w- c:\program files\Windows Live
2012-06-06 04:16 . 2012-06-06 04:16 -------- d-----w- c:\program files\Common Files\Windows Live
2012-06-06 04:10 . 2012-06-06 04:10 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\WMTools Downloaded Files
2012-05-29 17:53 . 2012-05-29 17:53 -------- d-----w- C:\$AVG
2012-05-27 15:56 . 2012-05-27 15:56 -------- d-----w- c:\documents and settings\Esther\Local Settings\Application Data\PCHealth
2012-05-27 14:26 . 2012-05-27 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-05-13 12:41 . 2012-05-13 12:41 -------- d-----w- c:\documents and settings\Esther\Application Data\Curiolab
2012-05-13 11:22 . 2012-05-28 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-05-13 10:55 . 2012-05-13 10:55 -------- d-----w- c:\documents and settings\Esther\Application Data\RegGenie
2012-05-13 09:22 . 2012-05-13 09:22 -------- d-sh--w- c:\documents and settings\Esther\PrivacIE
2012-05-13 09:21 . 2012-05-13 09:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-13 09:20 . 2012-05-13 09:20 -------- d-sh--w- c:\documents and settings\Esther\IETldCache
2012-05-13 09:16 . 2012-03-01 01:25 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-05-13 09:16 . 2012-03-01 01:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-05-13 01:38 . 2012-05-27 14:25 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2012-05-12 11:45 . 2012-05-28 00:14 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-12 11:44 . 2012-05-12 11:44 -------- d-----w- C:\Malwarebytes
2012-05-12 11:39 . 2012-05-12 11:39 -------- d-----w- c:\documents and settings\Esther\Application Data\Malwarebytes
2012-05-12 11:39 . 2012-05-12 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-12 11:39 . 2012-05-27 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-12 11:39 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-12 11:11 . 2012-04-12 11:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 11:11 . 2011-05-15 10:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 10:53 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-20 10:44 . 2012-03-20 10:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( [email protected]_12.11.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-10 01:45 . 2012-06-10 01:45 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
+ 2010-04-16 12:12 . 2010-04-16 12:12 48464 c:\windows\system32\sirenacm.dll
+ 2008-04-14 12:00 . 2012-06-07 06:37 81346 c:\windows\system32\perfc009.dat
+ 2012-06-06 04:30 . 2010-04-27 21:44 54760 c:\windows\system32\DRVSTORE\fssfltr_F64381C38F211E3160A660B196A6A585F80604F9\fssfltr_tdi.sys
+ 2012-06-06 04:29 . 2012-06-06 04:29 98816 c:\windows\Installer\123556.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 22016 c:\windows\Installer\123537.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 27136 c:\windows\Installer\123524.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 83456 c:\windows\Installer\12350c.msi
+ 2012-06-06 04:26 . 2012-06-06 04:26 58880 c:\windows\Installer\123506.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 61272 c:\windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
+ 2012-06-06 04:27 . 2012-06-06 04:27 80395 c:\windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}\MsblIco.Exe
+ 2012-06-06 04:27 . 2012-06-06 04:27 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2012-06-06 04:39 . 2012-06-06 04:39 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\ff0e98a47a1aaa29100976e9e2cc430a\WindowsLiveWriter.ni.exe
+ 2012-06-06 04:39 . 2012-06-06 04:39 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5d4d60e3cb7f6b19d1dc6452e735a360\WindowsLive.Writer.Api.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
+ 2010-04-16 14:04 . 2010-04-16 14:04 306032 c:\windows\WLXPGSS.SCR
+ 2007-12-03 16:56 . 2007-12-03 16:56 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
+ 2007-12-03 16:56 . 2007-12-03 16:56 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
+ 2007-12-03 08:58 . 2007-12-03 08:58 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
+ 2008-04-14 12:00 . 2008-07-11 08:55 347648 c:\windows\system32\windowscodecsext.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 712704 c:\windows\system32\windowscodecs.dll
+ 2008-04-14 12:00 . 2008-07-11 08:55 712704 c:\windows\system32\windowscodecs.dll
+ 2008-04-14 12:00 . 2012-06-07 06:37 464946 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 12:00 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2012-06-06 04:30 . 2012-06-06 04:30 549888 c:\windows\Installer\12357a.msi
+ 2012-06-06 04:30 . 2012-06-06 04:30 969728 c:\windows\Installer\123574.msi
+ 2012-06-06 04:29 . 2012-06-06 04:29 569344 c:\windows\Installer\12356e.msi
+ 2012-06-06 04:29 . 2012-06-06 04:29 727040 c:\windows\Installer\123562.msi
+ 2012-06-06 04:29 . 2012-06-06 04:29 483328 c:\windows\Installer\12355c.msi
+ 2012-06-06 04:29 . 2012-06-06 04:29 778752 c:\windows\Installer\12354f.msi
+ 2012-06-06 04:29 . 2012-06-06 04:29 463872 c:\windows\Installer\123549.msi
+ 2012-06-06 04:28 . 2012-06-06 04:28 891904 c:\windows\Installer\123543.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 735744 c:\windows\Installer\12353d.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 429056 c:\windows\Installer\123531.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 155648 c:\windows\Installer\12352a.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 140288 c:\windows\Installer\12351e.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 202752 c:\windows\Installer\123518.msi
+ 2012-06-06 04:27 . 2012-06-06 04:27 149504 c:\windows\Installer\123512.msi
+ 2012-06-06 04:26 . 2012-06-06 04:26 107008 c:\windows\Installer\123500.msi
+ 2012-06-09 10:35 . 2012-06-09 10:35 301056 c:\windows\Installer\120cbe8.msi
+ 2012-06-06 04:29 . 2012-06-06 04:29 132096 c:\windows\Installer\{EE39FFBD-544E-49E4-A999-6819828EAE91}\WLXPhotoGalleryIcon.exe
+ 2012-06-09 10:36 . 2012-06-09 10:36 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-06-09 10:36 . 2012-06-09 10:36 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-06-09 10:36 . 2012-06-09 10:36 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-06-09 10:36 . 2012-06-09 10:36 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-06-09 10:36 . 2012-06-09 10:36 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-06-06 04:39 . 2012-06-06 04:39 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\218b4362202a2f432bb3714221ff2aa4\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fb438f62f426ff28b4a9949d699051b8\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccc14b04d082666155d2c355ef1f6563\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c954ba830b50bd4a6cf0ee094e2ea928\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c627e81fcd97ecd7c70b7eedf7928713\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bdeb63577afc142cf5b377b9e2565660\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\baacfa565b2f46f4501cd89b067a8a47\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ab181ae110294c0c572059dea0a4332c\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\809bd32a5211d9cd4115fba88f370a74\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6d9c4d236bacb711597c5aca6c04200e\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\678f35b523dbb63a4f247c1ffdf359cd\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\313958002b6415baf438056e452f23c3\WindowsLive.Writer.Passport.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29e8f27943707613416f76a0357c8f41\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\228e3d0a57dc24f37a2b2259104749c1\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b316a40898d5a62af81ed70a3b708d0\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\130bc8fe5ff6eb69e4c7f0ba24fba59a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\d74a2a15b12d1d7c33eb64df4879cf7e\WindowsLive.Client.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
+ 2012-06-06 04:28 . 2012-06-06 04:28 236392 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2009-03-06 16:58 . 2012-06-07 06:33 1582760 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-09 10:36 . 2012-06-09 10:36 1826304 c:\windows\Installer\120cbee.msi
+ 2012-06-06 04:39 . 2012-06-06 04:39 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ed14765fc0f1a92b9211a088455799fc\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\724479ec2aae6cebefd965ac1bacdce6\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5b93d79ffd230432a9448c110a76d6b6\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-06 04:39 . 2012-06-06 04:39 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7afb1abdbb8ba32cf578ff8ea4e45d99\System.Data.OracleClient.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2007-01-04 481200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWUTOOLBOX"="c:\program files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 352256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Power Management"="c:\program files\BoxKing\Power Management\Power Saved Management.exe" [2008-03-07 733184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPIRun"="SPIRun.dll" [2006-11-29 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-06-26 380928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [N/A]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-25 113664]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-13 1527808]
WinZip Quick Pick.lnk - g:\p4b533-e backup 40gb hdd aug 27,2011\Winzip 8.1\WZQKPICK.EXE [2011-8-27 495432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2008-05-15 01:42 5958656 ----a-w- c:\program files\ASUS\Six Engine\SixEngine.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [20-Oct-11 3:02 PM 150568]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13-Feb-12 9:19 PM 193816]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [17-Jun-05 10:11 AM 24064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [20-Oct-11 3:01 PM 100368]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [13-Mar-09 4:47 AM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [13-Mar-09 4:47 AM 1656960]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [17-Jun-05 10:11 AM 17664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate1ca0e5f58cf0648;Google Update Service (gupdate1ca0e5f58cf0648);c:\program files\Google\Update\GoogleUpdate.exe [27-Jul-09 12:10 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-Apr-12 9:11 PM 253600]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13-Feb-12 9:19 PM 240408]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-Jul-09 12:10 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12-May-12 9:45 PM 32072]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [24-Apr-07 8:11 AM 224896]
S3 SliceDisk5;SliceDisk5;\??\h:\a-ff find and mount\slicedisk.sys --> h:\a-ff find and mount\slicedisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:11]
.
2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc4f31be9af09e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 02:09]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 02:09]
.
2012-06-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: skype.com\community
TCP: DhcpNameServer = 203.0.178.191 203.215.29.191
FF - ProfilePath - c:\documents and settings\Esther\Application Data\Mozilla\Firefox\Profiles\jr0d6dfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3208939&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3208939&SearchSource=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: TotalRecipeSearch: [email protected]_14.com - %profile%\extensions\[email protected]_14.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: WiseConvert 2.2 Community Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - %profile%\extensions\{b81767e1-672d-4da1-b5cc-d277185815a6}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-10 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-2139871995-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6476)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\Rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2012-06-10 11:49:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 01:49
ComboFix2.txt 2012-05-31 12:17
.
Pre-Run: 17,188,868,096 bytes free
Post-Run: 17,226,485,760 bytes free
.
- - End Of File - - 02946C1FA4804628DBB022E5FE445F58
raringer is offline  
Old 06-11-2012, 04:35 AM   #18
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist. I forgot to answer your request. I just tried 3 secure https:// sites and Skype and could access them all OK. That part is fine. I was getting this notification on the monitor " Stack overflow at line: 0 " before contacting TSF and it still appears...but at long intervals . I don't know what it means or whether it is important to know. I really cannot tell if the PC is better or just the same. Whatever it is doing seems just fine for me. Many thanks...Ray
raringer is offline  
Old 06-11-2012, 11:00 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ray. Please describe any remaining problems.

Are you still having trouble with IE? If so, try installing IE8. Let me know.

-----------------------------------------------------

Delete this folder > C:\$AVG

-----------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc delete Lavasoft Kernexplorer

A DOS window will open and close again, this is normal.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-12-2012, 05:15 AM   #20
Registered Member
 
Join Date: Jan 2009
Posts: 123
OS: XP



Hi chemist. Many thanks for your reply. I have deleted "AVG" file and the "lavasoft".
I still cannot access Int.Options fromIE7 Tools menu or from Int.Options in Control Panel in order to re-enable Add-ons..Also I get no result when I click on Tools and then "Manage add-ons".
The IE7 browser seems to do everything I normally use it for. It just runs without add-ons. I tried suggestions from Google in order to make the IE7 browser the default browser but with no luck as all the ones I tried required going through Int.Options...which, of course, I can't do. I don't know if it is already the default browser !
I haven't tried installing IE8-----but can I try re-installing IE7 from a Microsoft website without risking any data loss or any part of Outlook Express, for example? Is there any good reason to go with IE8 rather than IE7?
I hope so far so good. Many thanks...Ray
raringer is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
SLOW PC
My PC is running very very slow and keeps freezing. I do not have access to a Windows Install disc. Can you help? Thanks! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by SCOTT at 17:48:06 on 2011-12-27 Microsoft Windows XP...
Dusty77 Virus/Trojan/Spyware Help 11 01-09-2012 04:09 PM
NEED HELP: Cannot connect SSL sites through a proxy
I've been on this for a about a week now.. I've tried a lot of stuff but nothing really worked.. I am using a USB Modem from HUAWEI Technologies to use internet when im not on a wifi zone.. The Internet Speed is kinda slow (512 kbps), so I configured my browser to go through a proxy to make it a...
NateDigby Networking Support 3 04-17-2011 09:56 PM
AOL blocked secure sites (https) and why?
I noticed my client who has three computers in the network via a wireless router and all computers cannot connect to any secure sites (https). All computers have different operating system like XP, Vista and 7. I know it isn't to do with the computers and I had a feeling that AOL is to blame....
MrRoberts Networking Support 1 02-07-2011 11:17 AM
Can't access certain sites
I'm unable to access some sites and frankly i have no idea why. One of the sites in question is: ProxyFire Basically i checked one day and i got an unable to connect message from Firefox. I assumed it was down and left it. A week later i tried again, same error message. I decided to check: Down...
alexalex246 Windows 7 , Windows Vista Support 13 02-03-2011 08:03 AM
Why won't my laptop connect to my network/internet
My computer won't connect to my network. I goto my list of wireless networks, chose my home network and press connect. Then a prompt comes up and says " Windows is unable to connect to the selected network. The network may no longer be in range. Please refresh the list of available networks, and...
BBradshaw Laptop Support 1 01-29-2011 02:28 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:40 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts