Explore topic-wise InterviewSolutions in .

Your welcome.

Safe SURFING...

A friend of mine has asked me for help on popups that appear on the taskbar when leaving sites. They use AVG, Spybot, and this Zonealarm thing which l NOTHING about. The taskbar is now showing a black "z" whereas it was in colour before and ANY trusted site l happen to post to them is blocked by Zonealarm.
Apart from suggesting they take up knitting instead, have any of you gurus out there some suggestions for me?
With thanks

PS. Also cannot download the free adaware program from filehippo.com because guess what, Zonealarm blocks the site!zone alarm will block a lot of sites and stop you doing things and downloading thats why i took it out , take it out you only need 1 antivirus , harryHarry my main man!
Thanks for that, and what a quick reply. (thanks also for tolerating my ignorance, but this goes a little way in explaining some of their problems).
But when l do a SEARCH on zonealarm some sites say it's an "all in one prevention" PACKAGE and some sites say it is just a "firewall" package. As l don't know what version they are USING, it starts to get confusing as to what it is actually does do!
Again, if they get RID of Zonealarm, use the MS supplied Firewall (which isn't the greatest but adequate) and just use AVG and Spybot, you think this will be sufficient?
Thanks againQuote from: willythecat on April 14, 2009, 03:37:49 PM

But when l do a search on zonealarm some sites say it's an "all in one prevention" package and some sites say it is just a "firewall" package. ]

Man your good!!!!! No more error messages and my sound card is working again! Thanks Sooooo much for all your help! So did I have a virus that was causing all of my problems and will Norton be able to protect my system in the future?No antivirus is bulletproof so anything can happen. Just be careful what you download.

Use the Secunia Software Inspector to check for out of DATE software.

• Click Start Now
  
• Check the box next to ENABLE THOROUGH system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Without being able to log on then you will have a hard time trying to reset a password. Unless you are familiar with Linux then you might be able to GET into Windows that way and reset or crack it but I'm not sure it would WORK or not. never done it myself.

See here for the UBCD -> http://www.ubcd4win.com/ (free)I'm not very familiar with Linux. How does the site u gave me work? I can't download it to the computer, because I can't get in and I can't find how to order the CD. You would have to burn it to a disk with another PC and then boot the other locked PC with it in the CD tray.

See here Extracting, setting up, and building UBCD4Win: http://www.ubcd4win.com/howto.htm

If you have any questions I suggest asking in the BSD, Linux, and Unix forum. I'm not SKILLED with Linux... I'm getting tired and frustrated, nothing is making any sense to me right now. I think I am going to LEAVE this until tomorrow and come back a little refresher. Thanks for all your help and patience. I will be back again tomorrow.No problem. If something comes to me I will post it. Hi,

I just you would like to know that I am back in my system now. What I did was restarted my computer. While it was rebooting, I hit F11. I did a backup of my files from there (hopefully it worked) and restored the manufacture settings. I am now in the process of restoring all my files.

If you like, I will let you know how it went.

Thanks again for all the help.

All my backup files where saved with a .stc extention. How do I retrieve the information?Thank you. Thank you, Thank you.
I have my files restored and I am back up and running.

Thank you thank you thank you.

Did I thank you?

Your welcome

What is a good freeware TOOL to REMOVE Norton AV? How do I remove it? It came pre-installed with my Vista.Here YA go: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039Kpac..Can I please jump in here? I don't mean to hijack this CONVERSATION, but I WENT to your link and it asks to name the product I have and they gave a long list of Norton products. ie..Norton 2003, 2004, etc. How can I find out which Norton one I have ? My Norton has expired, but I am having a horrible time uninstalling it. It just creates more and more problems trying to get rid of it. Can someone Help tell me In extremely simple terms? I am very computers illiterate?? PLEASE HELP ! Universal removal tool. http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

First be sure to go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name.

Ok guys (and or gals), I have produced the needed logs to GET rid of this cursed problem:

The application or DLL c:\windows\system 32\luneap.dll is not a valid windows image. Please check this against your installation diskette

I get this message before every executable file runs. Needles to say its a pain in the...well you know. Again I APPRECIATE any help I can get to remove this problem. If you're ever in New Orleans let me know, drinks on me!

Thanks...

[attachment deleted by admin]COULD you please just double check the spelling of the error message you provided as a quick search on google for the filename 'luneap.dll' gives zero results...?? Strange...

And have you checked to see the if file mentioned in the error message actually exists?Quote from: Custom-IT on April 14, 2009, 10:10:19 AM

Could you please just double check the spelling of the error message you provided as a quick search on google for the filename 'luneap.dll' gives zero results...?? Strange...

And have you checked to see the if file mentioned in the error message actually exists?

If you look at the below line from his HijackThis log you will see luneap.dll.

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,luneap.dll,gexixj.dll,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

Should I delete this? If so how? Thanks.....

Quote

Why RENAME HijackThis to "sniper.exe"?

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin DOWNLOADING the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and LET it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

I've recently experienced a lot of virus activity on my computer...Have downloaded multiple programs, but am currently USING RegCure and it is able to identify and remove malware and viruses. Also using Symatic Antivirus...both programs have cleaned anything found...but I'm still experiencing this re-routing problem..when i click on the link to a search result, it goes to another page, i have to go back and re-click for it to go to the intended page. I've followed the procedure for hijackthis (i read on another thread)...hopefully i'm doing the right thing by making a new thread..my apologies if i'm not following the correct procedure...i'm attaching the log file from hijack this (i read u wanted it attached rather than posted)...please help me..i'm so frustrated with all this crap on my comptuer!

[attachment deleted by admin]DO NOT use registry CLEANERS! They mess up PCs rather than fix them.

Please post the other two logs as requested. crap..ok uninstall it i assume? also, RUNNING the superantispyware...however malaware isn't working..i download it, and clicked yes for updates but its not opening when i open the file in my START menu...AND i tried to manually download the updates from the OTHE rthread, but it wont even load the page...i guess my computer is really messed up...............can we still get this thing fixed without the malware info??
thanks for your help!Quote from: ntilluck on April 15, 2009, 03:31:36 PM

crap..ok uninstall it i assume?

I've been RUNNING into a buffer overload problem recently on my laptop (i'm sure its DUE to spyware) so i downloaded a software called COMODO. I had problems installing it... and then... it just wouldnt' boot up anymore... it loads the SCREEN that says "LOADING Windows..." then it stays like that for hours on end... what can i do??

ThanksCan you get into safe mode or the recovery console.i can get it to teh BIOS Setup... anything i can do there?You could possibly have spyware.

can you explain what you downloaded or what you did before this started happening?


One more thing...

Do you have the Windows XP recovery CD?

Hello,

Over the past week, there has been a box popping up. The title of the box is: 16 bit MS-DOS Subsystem
Inside the box it reads:
C:\WINDOWS\Sysxvd.exe
C:\WINDOWS/system32/AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.

Then it gives 2 options: 'Close' 'Ignore'

After hitting either one of these, I get a message about my Windows Firewall being disabled. When I go to enable it, another window APPEARS and says that ICS has to been enabled. Once I click 'Ok', my firewall goes back to normal.

I'm pretty sure I've followed the directions as outlined in this forum. And thanks in advance for any and all help.

Here are my logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/16/2009 at 12:43 PM

Application Version : 4.26.1000

Core Rules Database Version : 3846
Trace Rules Database Version: 1801

Scan type : Complete Scan
Total Scan Time : 01:37:40

Memory items scanned : 450
Memory threats detected : 1
Registry items scanned : 6676
Registry threats detected : 8
File items scanned : 94100
File threats detected : 55

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
[SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-060F5E7E.pf

Adware.F1 Organizer
HKU\S-1-5-21-1214440339-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA}

Transponder Parasite Variant BHO
HKU\S-1-5-21-1214440339-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD}

Adware.IE Plugin Variant
HKU\S-1-5-21-1214440339-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}

Unclassified.Unknown Origin
HKU\S-1-5-21-1214440339-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489}

Adware.Avenue Media/Internet Optimizer
HKU\S-1-5-21-1214440339-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

Trojan.FavoriteMan Variant
HKU\S-1-5-21-1214440339-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}

Adware.IST/ISTBar (Slotch Bar)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest

Adware.Tracking Cookie
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Steve\Local Settings\Temp\Cookies\[emailprotected][1].txt

Adware.MyWay
C:\DOCUMENTS AND SETTINGS\STEVE\LOCAL SETTINGS\TEMP\MYSETP.EXE

Trojan.Agent/Gen-Keygen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{496747ED-AC55-448F-994C-647369E29722}\RP1830\A0144845.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Steve\Local Settings\Temp\Temporary Internet Files\Content.IE5\UHNS7Q0A\Twista%20-%20Kamikaze%20(2004)%20-%20Rap%20[www.torrentazos.com]%20by%20Markusss-rar[1].torrent
C:\Documents and Settings\Steve\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTRZHBV8\ivw[2].htm


Malwarebytes' Anti-Malware 1.36
Database version: 1989
Windows 5.1.2600 Service Pack 3

4/16/2009 1:19:02 PM
mbam-log-2009-04-16 (13-19-02).txt

Scan type: Quick Scan
Objects scanned: 109698
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Steve\Application Data\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\NetPumper\Steve.ini (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Guiles\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Guiles\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Guiles\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:52 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Steven Guiles\Desktop\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [abkqczn] C:\WINDOWS\system32\abgoum.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime TASK] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239502760031
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9746 bytes
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixComboFix 09-04-17.01 - Steven Guiles 04/16/2009 16:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.231 [GMT -4:00]
Running from: c:\documents and settings\Steven Guiles\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven Guiles\Application Data\inst.exe
c:\documents and settings\Steven Guiles\nah_yjew.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 17:00 . 2009-04-16 17:00--------d-----wc:\documents and settings\Steven Guiles\Application Data\Malwarebytes
2009-04-16 17:00 . 2009-04-06 19:3215504----a-wc:\windows\system32\drivers\mbam.sys
2009-04-16 17:00 . 2009-04-06 19:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 16:59 . 2009-04-16 16:59--------d-----wc:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-16 16:59 . 2009-04-16 17:00--------d-----wc:\program files\Malwarebytes' Anti-Malware
2009-04-16 15:01 . 2009-04-16 15:01--------d-----wc:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-04-16 15:01 . 2009-04-16 15:01--------d-----wc:\program files\SUPERAntiSpyware
2009-04-16 15:01 . 2009-04-16 15:01--------d-----wc:\documents and settings\Steven Guiles\Application Data\SUPERAntiSpyware.com
2009-04-16 15:00 . 2009-04-16 15:00--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-04-16 14:51 . 2009-04-16 14:51--------d-----wc:\program files\CCleaner
2009-04-16 12:39 . 2009-03-06 14:22284160-c----wc:\windows\system32\dllcache\pdh.dll
2009-04-16 12:39 . 2009-02-09 12:10401408-c----wc:\windows\system32\dllcache\rpcss.dll
2009-04-16 12:39 . 2009-02-06 11:11110592-c----wc:\windows\system32\dllcache\services.exe
2009-04-16 12:39 . 2009-02-09 12:10473600-c----wc:\windows\system32\dllcache\fastprox.dll
2009-04-16 12:39 . 2009-02-06 10:10227840-c----wc:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 12:39 . 2009-02-09 12:10453120-c----wc:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 12:39 . 2009-02-09 12:10729088-c----wc:\windows\system32\dllcache\lsasrv.dll
2009-04-16 12:39 . 2009-02-09 12:10714752-c----wc:\windows\system32\dllcache\ntdll.dll
2009-04-16 12:39 . 2009-02-09 12:10617472-c----wc:\windows\system32\dllcache\advapi32.dll
2009-04-16 12:38 . 2008-05-03 11:552560------wc:\windows\system32\xpsp4res.dll
2009-04-16 12:38 . 2009-03-27 06:581203922-c----wc:\windows\system32\dllcache\sysmain.sdb
2009-04-16 12:38 . 2008-04-21 12:08215552-c----wc:\windows\system32\dllcache\wordpad.exe
2009-04-14 15:12 . 2009-03-09 19:0615688----a-wc:\windows\system32\lsdelete.exe
2009-04-14 02:03 . 2009-04-14 02:034096--sha-wC:\Thumbs.db
2009-04-14 00:10 . 2009-03-09 19:0664160----a-wc:\windows\system32\drivers\Lbd.sys
2009-04-14 00:09 . 2009-04-14 00:09--------dc-h--wc:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-14 00:08 . 2009-04-14 00:10--------d-----wc:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-04-13 02:29 . 2009-04-13 02:29--------d-----wc:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2009-04-13 00:54 . 2009-04-13 11:2047360----a-wc:\documents and settings\Steven Guiles\Application Data\pcouffin.sys
2009-04-13 00:54 . 2009-04-13 00:5447360----a-wc:\windows\system32\drivers\pcouffin.sys
2009-04-13 00:54 . 2009-04-13 11:20--------d-----wc:\documents and settings\Steven Guiles\Application Data\Vso
2009-04-13 00:53 . 2008-10-16 18:0627496----a-wc:\windows\system32\mucltui.dll.mui
2009-04-13 00:53 . 2008-10-16 18:06268648----a-wc:\windows\system32\mucltui.dll
2009-03-21 14:06 . 2009-03-21 14:06989696-c----wc:\windows\system32\dllcache\kernel32.dll
2009-03-17 23:34 . 2009-03-17 23:34--------d-----wc:\program files\iPod
2009-03-17 23:34 . 2009-03-17 23:36--------d-----wc:\documents and settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 20:39 . 2005-08-18 03:2286828----a-wC:\hpfr3425.log
2009-04-16 20:39 . 2004-06-07 20:08519----a-wC:\hpfr3420.xml
2009-04-16 20:37 . 2007-12-18 04:19--------d-----wc:\program files\Mozilla Firefox 3 Beta 1
2009-04-16 17:24 . 2009-04-16 17:2322451----a-wC:\JavaRa.log
2009-04-16 17:23 . 2004-03-15 08:08--------d-----wc:\program files\Java
2009-04-16 17:21 . 2009-04-14 19:031315----a-wC:\aaw7boot.log
2009-04-16 14:28 . 2004-07-29 05:40--------d-----wc:\documents and settings\Steven Guiles\Application Data\Azureus
2009-04-14 20:40 . 2007-05-28 02:58--------d---a-wc:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-14 15:22 . 2004-07-29 05:39--------d-----wc:\program files\Azureus
2009-04-14 00:08 . 2004-04-05 08:07--------d-----wc:\program files\Lavasoft
2009-04-13 23:51 . 2004-08-26 01:06--------d-----wc:\documents and settings\Steven Guiles\Application Data\Lavasoft
2009-04-03 23:26 . 2003-11-19 19:56--------d-----wc:\program files\Winamp
2009-03-17 23:36 . 2008-11-27 04:58--------d-----wc:\program files\iTunes
2009-03-17 23:34 . 2007-07-04 15:17--------d-----wc:\program files\Common Files\Apple
2009-03-17 23:25 . 2002-08-06 20:07--------d-----wc:\program files\QuickTime
2009-03-09 09:19 . 2008-12-06 16:18410984----a-wc:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2001-08-18 12:00284160----a-wc:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-01-08 18:23826368----a-wc:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:5678336----a-wc:\windows\system32\ieencode.dll
2009-02-15 23:41 . 2007-02-28 01:04--------d-----wc:\program files\ESET
2009-02-09 12:10 . 2001-08-18 12:00729088------wc:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-05-31 06:29401408----a-wc:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2001-08-18 12:00714752------wc:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2001-08-18 12:00617472------wc:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2001-08-18 12:001846784------wc:\windows\system32\win32k.sys
2009-02-07 23:02 . 2001-08-18 12:002066048------wc:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2001-08-18 12:00110592------wc:\windows\system32\services.exe
2009-02-06 11:08 . 2001-08-18 12:002189056------wc:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2001-08-18 12:0035328------wc:\windows\system32\sc.exe
2009-02-03 19:59 . 2001-08-18 12:0056832----a-wc:\windows\system32\secur32.dll
2009-02-01 17:35 . 2009-02-01 17:3548583----a-wc:\documents and settings\Steven Guiles\Application Data\upd.exe
2008-07-31 00:51 . 2006-09-05 20:5635296----a-wc:\documents and settings\Steven Guiles\Application Data\GDIPFONTCACHEV1.DAT
2007-01-23 00:56 . 2004-07-30 06:5635296----a-wc:\documents and settings\Steven Guiles\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-25 17:51 . 2005-09-25 17:51774144----a-wc:\program files\RngInterstitial.dll
2004-07-22 05:00 . 2004-07-22 05:000-c-ha-wc:\documents and settings\Steven Guiles\hpothb07.dat
2004-05-14 22:41 . 2004-05-14 22:41151---ha-wc:\documents and settings\Steve\hpothb07.dat
2004-05-14 22:41 . 2004-05-14 22:41161---ha-wc:\documents and settings\Owner\hpothb07.dat
2004-05-14 22:34 . 2004-05-14 22:34164---ha-wc:\documents and settings\All Users\hpothb07.dat
2004-03-08 03:40 . 2003-02-17 05:0958128----a-wc:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-09-19 02:19 . 2008-09-19 02:2032768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-30 57344]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"DeadAIM"="c:\program files\AIM95\\DeadAIM.ocm" [2003-02-24 266313]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-30 40960]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 1451264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

c:\documents and settings\Steven Guiles\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steven Guiles^Start Menu^Programs^Startup^TDK Launcher.lnk]
path=c:\documents and settings\Steven Guiles\Start Menu\Programs\Startup\TDK Launcher.lnk
backup=c:\windows\pss\TDK Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2004-02-28 16:12144896----a-wc:\progra~1\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:121695232----a-wc:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18413696----a-wc:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2002-04-25 01:371544192----a-wc:\program files\support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 18:16741376----a-wc:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61112:TCP"= 61112:TCP:Port

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-18 3584]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-25 34824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-25 468224]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft Works Portfolio - c:\program files\Microsoft Works\WksSb.exe
HKLM-Run-RoxioEngineUtility - c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
HKLM-Run-abkqczn - c:\windows\system32\abgoum.exe
MSConfigStartUp-Adstartup - c:\windows\System32\Adstartup.exe
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-fash - c:\windows\fash.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-npbmcwpwwdy - c:\windows\System32\abgoum.exe
MSConfigStartUp-PopUpStopperFreeEdition - c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
MSConfigStartUp-RoxioAudioCentral - c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
MSConfigStartUp-RoxioEngineUtility - c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
MSConfigStartUp-TV Media - c:\program files\TV Media\Tvm.exe
MSConfigStartUp-wcmdmgr - c:\windows\wt\updater\wcmdmgrl.exe
MSConfigStartUp-Win Server Updt - c:\windows\wupdt.exe
MSConfigStartUp-73si36X - clustat.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Steven Guiles\Application Data\Mozilla\Firefox\Profiles\default.lv3\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 16:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\ins]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-04-16 16:57
ComboFix-quarantined-files.txt 2009-04-16 20:56

Pre-Run: 23,280,439,296 bytes free
Post-Run: 24,582,291,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

263--- E O F ---2009-04-16 12:53
Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete Nortonremoval tool from your Desktop.

Go to Add or Remove programs and uninstall:

• Java(TM) 6 Update 7
• Spybot - Search & Destroy 1.2 <-Way out of date!
  
• Viewpoint Manager (Remove Only)
• Viewpoint Media Player (Remove Only)
.
----------


• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Run CCleaner.

----------

How is the computer running now?

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Hello, here are my logs for SuperAntispyware, Malwarebytes' Anti-Malware, and HijackThis. If anything stands out as really harmful and/or can be easily remedied, I would greatly appreciate any advice. Thank you!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2009 at 06:00 PM

Application Version : 4.26.1000

Core Rules Database Version : 3843
Trace Rules Database Version: 1798

Scan type : Custom Scan
Total Scan Time : 01:25:17

Memory items scanned : 522
Memory threats detected : 1
Registry items scanned : 5646
Registry threats detected : 2
File items scanned : 61649
File threats detected : 85

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
[SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE

Adware.IWinGames
HKU\S-1-5-21-73586283-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Pancakes\Cookies\[emailprotected][1].txt




Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 SERVICE Pack 3

4/15/2009 1:44:58 AM
mbam-log-2009-04-15 (01-44-58).txt

Scan type: Quick Scan
Objects scanned: 88987
Time elapsed: 10 minute(s), 41 SECOND(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:32 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0500Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 144.26.152.92
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9855 bytes
why did you not clear all the cookies out I followed all the directions. And these are the logs I was directed to post.Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Jacquelyn at 22:26:13.42 on Wed 04/15/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.92 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0500Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Jacquelyn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [nah_Shell] c:\documents and settings\jacquelyn\nah_blrc.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Enterprise
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: []
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [V0500Mon.exe] c:\windows\V0500Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jacque~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\sophos\remote update\imonitor.exe
IE: Download All Links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jacque~1\applic~1\mozilla\firefox\profiles\nz3wteqg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\jacquelyn\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\jacquelyn\application data\mozilla\firefox\profiles\nz3wteqg.default\extensions\[emailprotected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-20 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-20 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-8 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\naveng.sys [2009-4-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\navex15.sys [2009-4-15 876144]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 STV102;WWL 102;c:\windows\system32\drivers\STV102.sys [2007-2-26 145996]
S3 STV102m;WWL 102m;c:\windows\system32\drivers\STV102m.sys [2007-2-26 9170]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2009-3-19 251264]

=============== Created Last 30 ================

2009-04-15 13:2032,592a-------c:\windows\system32\msonpmon.dll
2009-04-15 12:58--d-----c:\program files\Microsoft Visual Studio 8
2009-04-15 11:31284,160-c------c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:31401,408-c------c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:31110,592-c------c:\windows\system32\dllcache\services.exe
2009-04-15 11:31473,600-c------c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:31227,840-c------c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:30453,120-c------c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:30729,088-c------c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:30617,472-c------c:\windows\system32\dllcache\advapi32.dll
2009-04-15 11:30714,752-c------c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:272,560--------c:\windows\system32\xpsp4res.dll
2009-04-15 11:271,203,922-c------c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 11:27215,552-c------c:\windows\system32\dllcache\wordpad.exe
2009-04-15 01:53--d-----c:\program files\Trend Micro
2009-04-15 00:50--d-----c:\docume~1\jacque~1\applic~1\Malwarebytes
2009-04-15 00:4915,504a-------c:\windows\system32\drivers\mbam.sys
2009-04-15 00:4938,496a-------c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 00:49--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-15 00:49--d-----c:\program files\Malwarebytes' Anti-Malware
2009-04-14 16:16--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-14 16:16--d-----c:\program files\SUPERAntiSpyware
2009-04-14 16:16--d-----c:\docume~1\jacque~1\applic~1\SUPERAntiSpyware.com
2009-04-14 16:15--d-----c:\program files\common files\Wise Installation Wizard
2009-04-14 16:06--d-----c:\program files\CCleaner
2009-04-14 15:39--d-----c:\program files\JavaRa
2009-04-14 15:3869,512a-------c:\program files\JavaRa.zip
2009-04-14 15:32410,984a-------c:\windows\system32\deploytk.dll
2009-04-04 18:21--d-----c:\program files\LimeWire
2009-04-03 13:1275,776a-------c:\documents and settings\jacquelyn\nah_blrc.exe
2009-04-03 09:24210,352a-------c:\windows\system32\idmmbc.dll
2009-03-22 03:02--d-----c:\program files\common files\Software Update Utility
2009-03-22 03:01--d-----c:\docume~1\alluse~1\applic~1\acccore
2009-03-21 10:06989,696-c------c:\windows\system32\dllcache\kernel32.dll
2009-03-19 17:07--d-----c:\windows\CtDrvInstall
2009-03-19 17:06--d-----c:\program files\Dynex
2009-03-19 17:06--d-----c:\program files\Creative

==================== Find3M ====================

2009-04-15 13:5540,128a-------c:\docume~1\jacque~1\applic~1\wklnhst.dat
2009-04-05 14:2894,096a-------c:\docume~1\jacque~1\applic~1\GDIPFONTCACHEV1.DAT
2009-03-30 06:2820,963a-------c:\windows\system32\nvModes.dat
2009-03-06 10:22284,160a-------c:\windows\system32\pdh.dll
2009-03-02 20:18826,368a-------c:\windows\system32\wininet.dll
2009-02-20 14:0978,336--------c:\windows\system32\ieencode.dll
2009-02-09 08:10729,088--------c:\windows\system32\lsasrv.dll
2009-02-09 08:10401,408a-------c:\windows\system32\rpcss.dll
2009-02-09 08:10714,752--------c:\windows\system32\ntdll.dll
2009-02-09 08:10617,472--------c:\windows\system32\advapi32.dll
2009-02-09 07:131,846,784--------c:\windows\system32\win32k.sys
2009-02-07 19:022,066,048--------c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11110,592--------c:\windows\system32\services.exe
2009-02-06 07:082,189,056--------c:\windows\system32\ntoskrnl.exe
2009-02-06 06:3935,328--------c:\windows\system32\sc.exe
2009-02-03 15:5956,832a-------c:\windows\system32\secur32.dll

============= FINISH: 22:29:17.46 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/8/2006 1:48:19 AM
System Uptime: 4/15/2009 8:33:37 PM (2 hours ago)

Motherboard: Dell Computer Corporation | |
Processor: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 1589/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 23.497 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP644: 1/15/2009 3:51:17 PM - System Checkpoint
RP645: 1/15/2009 10:00:41 PM - Software Distribution Service 3.0
RP646: 1/16/2009 10:19:14 PM - System Checkpoint
RP647: 1/18/2009 5:22:36 PM - System Checkpoint
RP648: 1/21/2009 2:27:37 AM - Software Distribution Service 3.0
RP649: 1/22/2009 9:42:07 AM - System Checkpoint
RP650: 1/22/2009 3:20:05 PM - Software Distribution Service 3.0
RP651: 1/23/2009 3:48:13 PM - System Checkpoint
RP652: 1/25/2009 10:52:34 AM - Installed Pinnacle Instant DVD Recorder.
RP653: 1/25/2009 1:00:35 PM - Removed Pinnacle Instant DVD Recorder.
RP654: 1/25/2009 1:03:44 PM - Installed Pinnacle Studio 12.
RP655: 1/25/2009 1:20:14 PM - Installed Pinnacle Video Driver.
RP656: 1/26/2009 2:08:40 PM - System Checkpoint
RP657: 1/27/2009 2:57:24 PM - System Checkpoint
RP658: 1/27/2009 8:43:52 PM - Software Distribution Service 3.0
RP659: 1/29/2009 10:58:54 AM - System Checkpoint
RP660: 1/29/2009 3:06:35 PM - Software Distribution Service 3.0
RP661: 1/30/2009 2:00:01 PM - Installed QuickTime
RP662: 1/31/2009 4:54:53 PM - System Checkpoint
RP663: 2/2/2009 6:33:43 PM - Software Distribution Service 3.0
RP664: 2/3/2009 8:03:18 PM - System Checkpoint
RP665: 2/4/2009 9:16:46 PM - System Checkpoint
RP666: 2/5/2009 9:47:35 PM - System Checkpoint
RP667: 2/5/2009 10:01:27 PM - Software Distribution Service 3.0
RP668: 2/6/2009 10:16:01 PM - System Checkpoint
RP669: 2/8/2009 6:25:34 PM - System Checkpoint
RP670: 2/9/2009 4:56:04 PM - Software Distribution Service 3.0
RP671: 2/10/2009 5:41:57 PM - System Checkpoint
RP672: 2/11/2009 3:00:28 PM - Software Distribution Service 3.0
RP673: 2/12/2009 4:00:34 PM - System Checkpoint
RP674: 2/12/2009 10:01:00 PM - Software Distribution Service 3.0
RP675: 2/13/2009 12:53:35 AM - Windows Defender Checkpoint
RP676: 2/14/2009 1:15:11 PM - System Checkpoint
RP677: 2/15/2009 12:36:42 AM - Windows Defender Checkpoint
RP678: 2/15/2009 2:28:42 PM - Removed Pinnacle Studio 12.
RP679: 2/16/2009 10:02:21 AM - Software Distribution Service 3.0
RP680: 2/17/2009 1:55:57 PM - System Checkpoint
RP681: 2/18/2009 2:47:28 PM - System Checkpoint
RP682: 2/19/2009 12:36:54 PM - Software Distribution Service 3.0
RP683: 2/19/2009 11:29:56 PM - Windows Defender Checkpoint
RP684: 2/21/2009 6:35:01 PM - System Checkpoint
RP685: 2/22/2009 7:15:59 PM - System Checkpoint
RP686: 2/23/2009 4:41:40 PM - Software Distribution Service 3.0
RP687: 2/24/2009 4:54:44 PM - System Checkpoint
RP688: 2/25/2009 3:00:30 PM - Software Distribution Service 3.0
RP689: 2/26/2009 3:44:36 PM - System Checkpoint
RP690: 2/26/2009 10:00:44 PM - Software Distribution Service 3.0
RP691: 3/8/2009 3:00:35 AM - Software Distribution Service 3.0
RP692: 3/9/2009 6:24:19 PM - System Checkpoint
RP693: 3/9/2009 7:59:46 PM - Software Distribution Service 3.0
RP694: 3/9/2009 10:47:53 PM - Windows Defender Checkpoint
RP695: 3/10/2009 9:00:56 PM - Software Distribution Service 3.0
RP696: 3/11/2009 1:35:15 AM - Software Distribution Service 3.0
RP697: 3/12/2009 9:59:16 AM - System Checkpoint
RP698: 3/12/2009 9:00:44 PM - Software Distribution Service 3.0
RP699: 3/14/2009 3:08:25 PM - System Checkpoint
RP700: 3/15/2009 7:18:16 AM - Software Distribution Service 3.0
RP701: 3/16/2009 5:04:54 PM - System Checkpoint
RP702: 3/16/2009 5:20:26 PM - Software Distribution Service 3.0
RP703: 3/17/2009 6:07:23 PM - System Checkpoint
RP704: 3/18/2009 7:41:14 PM - System Checkpoint
RP705: 3/19/2009 9:17:40 PM - System Checkpoint
RP706: 3/19/2009 10:00:52 PM - Software Distribution Service 3.0
RP707: 3/20/2009 10:29:43 PM - System Checkpoint
RP708: 3/21/2009 11:30:54 PM - System Checkpoint
RP709: 3/23/2009 6:36:21 AM - System Checkpoint
RP710: 3/23/2009 5:23:22 PM - Software Distribution Service 3.0
RP711: 3/24/2009 5:45:20 PM - System Checkpoint
RP712: 3/25/2009 6:13:28 PM - System Checkpoint
RP713: 3/26/2009 12:36:56 PM - Software Distribution Service 3.0
RP714: 3/27/2009 12:39:55 PM - System Checkpoint
RP715: 3/29/2009 4:45:52 PM - System Checkpoint
RP716: 3/30/2009 3:52:13 PM - Software Distribution Service 3.0
RP717: 3/31/2009 5:05:47 PM - System Checkpoint
RP718: 4/1/2009 5:12:12 PM - System Checkpoint
RP719: 4/2/2009 9:55:06 AM - Software Distribution Service 3.0
RP720: 4/3/2009 11:04:54 AM - System Checkpoint
RP721: 4/4/2009 11:16:27 AM - System Checkpoint
RP722: 4/5/2009 1:06:51 PM - System Checkpoint
RP723: 4/6/2009 1:17:45 PM - Software Distribution Service 3.0
RP724: 4/7/2009 2:11:24 PM - System Checkpoint
RP725: 4/8/2009 2:15:58 PM - System Checkpoint
RP726: 4/9/2009 4:52:10 PM - System Checkpoint
RP727: 4/10/2009 5:23:57 PM - System Checkpoint
RP728: 4/11/2009 5:36:52 PM - System Checkpoint
RP729: 4/12/2009 6:06:52 PM - System Checkpoint
RP730: 4/13/2009 4:01:48 PM - Software Distribution Service 3.0
RP731: 4/14/2009 3:31:18 PM - Installed Java(TM) 6 Update 13
RP732: 4/14/2009 4:16:18 PM - Installed SUPERAntiSpyware Free Edition
RP733: 4/15/2009 12:50:25 PM - Installed Microsoft Office Enterprise 2007
RP734: 4/15/2009 1:20:30 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP735: 4/15/2009 2:40:02 PM - Software Distribution Service 3.0

==== Installed Programs ======================


µTorrent
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Premiere Elements 3.0
Adobe Premiere Elements 3.0 Templates
Adobe Reader 7.0
Adobe Shockwave Player
AiO_Scan
AIOMinimal
AiOSoftware
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
BCM V.92 56K Modem
Bonjour
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 70 User Registration
Canon CanoScan Toolbox 5.0
CanoScan LiDE 70
CCleaner (remove only)
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Dell Wireless WLAN Utility
Director
DNA
DocProc
Download Updater (AOL LLC)
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
Fax
FLV Player
FreeAgent Go Tools
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
Internet Download Manager
InterVideo XPack (DVD Only)
iTunes
Java(TM) 6 Update 13
LimeWire 5.1.2
Live! Cam Center
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
Overland
PhotoGallery
Pinnacle Video Driver
Post-it® Software Notes Lite
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
Roxio Burn Engine
Scan
ScanSoft OMNIPAGE SE 4.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SigmaTel AC97 Audio Drivers
SkinsHP1
SkinsHP2
Skype™ 4.0
Sophos Remote Update
SUPERAntiSpyware Free Edition
Symantec AntiVirus
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFax Merger version 2.2
WinPcap 3.0
WWL 102 v100 Installation Files

==== Event Viewer Messages From Past Week ========

4/12/2009 5:45:06 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller

==== End Of File ===========================
Go to Add or Remove Programs and uninstall:

• Sophos Remote Update

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

I'm stuck, viruses have taken over the os and I can't reformat hd CAUSE I can't get to a dos prompt or recovery console. I changed the boot sequence to cd/dvd, but when the screen says enter any key to boot from cd nothing happens and it goes straight to hard drive. I can't get in safe mode either and the login screen is asking for an administrative password which I don't know. Any suggestions??? What happens when you try to get into safe mode.

Also, post us a log of the HIJACKTHIS. Might help us reveal more detailed info about ure system.I won't go to safe mode anymore. It goes straight to normal login and says the computer is locked and needs an admin password. I set the boot sequence to cd/dvd, but it doesn't respond when it says press any key to boot from cd and still goes to normal login. Do you have a friend that you can TAKE the hard drive to, hook it to their system and have them format the drive?

Alan <>< Or try to make a .bat file with the format command.
If you don't know how post it here.Well I stuck the drive in ANOTHER computer we have as a slave and reformated it. Now I'm not sure if I can just put it back in the other computer and it will be ready to reinstall the operating system. We'll see.1)Go to start>run> then type in "notepad"
2)In the notepad window, type in "format c:"
3)Save the document as format.bat. Choose as all files.
4)Exit, then double click the format.bat. (It should look LIKE a .BAT) This should format your pc.

Your welcome.

Safe SURFING...

I've searched thru some of the other "tray icon" posts and mine seems like a UNIQUE behavior.

Vista/Sp1 -- I've lost my SPEAKER and INTERNET connectivity icons in the tray. (Where do these things go when they disappear? Is there a tray-icon boneyard somewhere?)

Both "systems" work through the CP but the icons are missing (several others are still there normally.)

COMODO Firewall went crazy two weeks ago and BLOCKED my internet access, blocking even "svchost" from connecting. I shut COMODO down for a day or two, then brought it BACK up and it worked just fine. (Not sure if this had anything to do with things or not - just mentioning that it happened about the same time.)

AVG8.0 is running fine, updates itself and scans daily.

How do I get my icons back?To retrieve the icons, right click on a blank space on the Taskbar. In the
menu that appears, SELECT 'Properties'. Next, select the 'Notification Area'
tab. Under the section headed 'System icons' there is a list of icons which
you can set to either always show (ticked box) or always hide (cleared box).
That's strange. I stumbled on the "Notification" tab yesterday, saw those two boxes unchecked and tried to check them. The system DENIED me. Today, following your instructions, I've got my icons back.

Many thanks, KARNAC... but *I* certainly didn't change them!You are most welcome.

All of my browers (IE, Firefox, and Opera) stop working spontaneously, and the only way I can get them to work is to do a HARD shutdown. My system will not allow me to do a SOFT shutdown, or reset when the browsers stop working. I am still able to use instant messengers when this happens. I had a virus a few DAYS AGO but I don't think it is completely gone, even though the virus was causing a completely different problem (see six POINTED star post) Here are the logs that were mentioned to post.

[attachment deleted by admin]

My logs: HJT & random/random

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daniel at 2009-04-17 11:37:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 8 GB (10%) free of 76 GB
Total RAM: 2939 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:26, on 17-4-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\mmc.exe
C:\Users\Daniel\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV HELPER - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updateservice (gupdate1c9babbdc6ff782) (gupdate1c9babbdc6ff782) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13183 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2008-11-06 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2008-11-06 211272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-25 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-25 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-25 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-06-24 509816]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"Norman ZANDA"=C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2009-02-11 187504]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-04-24 430080]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-05-09 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-29 96816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Snagit 9.lnk - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-06-12 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e700c04-eeca-11dd-8eda-806e6f6e6963}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77086f0b-f37f-11dd-ad13-005056c00008}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Servers\splash.hta *DVD*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc431f3d-04c9-11de-87c8-005056c00008}]
shell\AutoRun\command - wscript .\go.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc431f42-04c9-11de-87c8-005056c00008}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-04-17 11:37:01 ----D---- C:\rsit
2009-04-17 10:19:27 ----A---- C:\Windows\ntbtlog.txt
2009-04-17 10:05:28 ----D---- C:\SDFix
2009-04-17 09:55:57 ----D---- C:\Program Files\Trend Micro
2009-04-16 23:37:27 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-16 21:12:51 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-16 21:12:34 ----D---- C:\Program Files\iPod
2009-04-16 21:12:30 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 21:12:30 ----D---- C:\Program Files\iTunes
2009-04-08 13:46:36 ----D---- C:\Program Files\ASIO4ALL v2
2009-04-08 13:46:17 ----D---- C:\Program Files\VstPlugins
2009-04-08 13:46:17 ----A---- C:\Windows\system32\rewire.dll
2009-04-08 13:45:37 ----D---- C:\Program Files\Outsim
2009-04-08 13:42:15 ----D---- C:\Program Files\Image-Line
2009-04-05 11:05:08 ----D---- C:\Program Files\ToniArts
2009-03-31 12:26:07 ----RA---- C:\Windows\system32\msxml.dll
2009-03-31 12:26:02 ----RA---- C:\Windows\system32\xmltok.dll
2009-03-31 12:26:02 ----RA---- C:\Windows\system32\xmlparse.dll
2009-03-31 12:26:02 ----RA---- C:\Windows\system32\xmlinst.exe
2009-03-31 12:26:02 ----RA---- C:\Windows\system32\msxmlr.dll
2009-03-31 12:26:02 ----RA---- C:\Windows\system32\msxml3a.dll
2009-03-31 12:26:01 ----RA---- C:\Windows\system32\VB5DB.DLL
2009-03-31 12:25:19 ----D---- C:\Users\Daniel\AppData\Roaming\ubi.com
2009-03-31 12:25:18 ----A---- C:\Windows\patchw32.dll
2009-03-31 12:25:12 ----D---- C:\Program Files\Common Files\PocketSoft
2009-03-31 12:25:11 ----D---- C:\Program Files\ubi.com
2009-03-31 12:14:36 ----D---- C:\Program Files\Ubi Soft
2009-03-31 09:46:05 ----D---- C:\Program Files\Norman
2009-03-30 15:17:40 ----D---- C:\ProgramData\Messenger Plus!
2009-03-29 17:37:26 ----D---- C:\Program Files\Messenger Plus! Live
2009-03-24 18:30:39 ----D---- C:\Users\Daniel\AppData\Roaming\vlc
2009-03-24 18:29:05 ----D---- C:\Program Files\VideoLAN
2009-03-24 18:22:00 ----D---- C:\Program Files\SubDownloader2
2009-03-24 17:48:47 ----D---- C:\Users\Daniel\AppData\Roaming\mIRC
2009-03-24 17:48:46 ----D---- C:\Program Files\mIRC
2009-03-24 14:31:29 ----D---- C:\Users\Daniel\AppData\Roaming\Apple Computer
2009-03-24 14:31:05 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-24 14:30:14 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-24 14:29:40 ----D---- C:\Program Files\Bonjour
2009-03-24 14:27:58 ----D---- C:\Program Files\QuickTime
2009-03-24 14:27:55 ----D---- C:\ProgramData\Apple Computer
2009-03-24 14:27:13 ----D---- C:\Program Files\Apple Software Update
2009-03-24 14:25:47 ----D---- C:\Program Files\Common Files\Apple
2009-03-24 14:25:45 ----D---- C:\ProgramData\Apple
2009-03-22 00:35:20 ----D---- C:\Windows\Minidump
2009-03-21 11:57:50 ----D---- C:\Program Files\Lame for Audacity
2009-03-21 09:49:38 ----D---- C:\Program Files\Audacity

======List of files/folders modified in the last 1 months======

2009-04-17 11:37:04 ----D---- C:\Windows\Temp
2009-04-17 11:13:07 ----D---- C:\Windows\inf
2009-04-17 11:13:07 ----AD---- C:\Windows\System32
2009-04-17 11:13:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-17 11:08:32 ----D---- C:\ProgramData\VMware
2009-04-17 10:19:27 ----D---- C:\Windows
2009-04-17 10:06:45 ----D---- C:\Windows\system32\Tasks
2009-04-17 09:55:57 ----RD---- C:\Program Files
2009-04-16 23:38:27 ----SHD---- C:\Windows\Installer
2009-04-16 23:38:27 ----SHD---- C:\Config.Msi
2009-04-16 21:12:52 ----D---- C:\Windows\system32\catroot
2009-04-16 21:12:51 ----D---- C:\Windows\system32\drivers
2009-04-16 21:12:30 ----HD---- C:\ProgramData
2009-04-16 16:40:19 ----D---- C:\Users\Daniel\AppData\Roaming\VMware
2009-04-15 09:52:41 ----D---- C:\Windows\system32\catroot2
2009-04-11 18:49:26 ----D---- C:\Windows\system32\WDI
2009-04-11 17:41:37 ----D---- C:\Program Files\Google
2009-04-11 17:40:37 ----D---- C:\Windows\Tasks
2009-04-11 16:17:03 ----SHD---- C:\System Volume Information
2009-04-09 18:22:36 ----D---- C:\Windows\Prefetch
2009-04-05 11:05:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-01 16:02:32 ----SD---- C:\Users\Daniel\AppData\Roaming\Microsoft
2009-03-31 12:25:12 ----D---- C:\Program Files\Common Files
2009-03-31 12:13:18 ----D---- C:\Program Files\Common Files\InstallShield
2009-03-30 10:12:28 ----D---- C:\Program Files\Mozilla Firefox
2009-03-24 14:29:17 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ALE_NF;Norman Firewall ALE driver; \??\C:\Windows\system32\drivers\ale_nf.sys [2008-04-16 42552]
R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2008-10-10 53816]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-29 32304]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-29 54960]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-29 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-29 857392]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2008-10-02 22448]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]
R3 CmBatt;Stuurprogramma voor Microsoft ACPI-besturingsmethode-accu; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM PORT; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-29 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]
S1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 alhgnabc;alhgnabc; C:\Windows\system32\drivers\alhgnabc.sys []
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-02 62976]
S3 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS; C:\Windows\System32\Drivers\tosrfbd.sys [2006-11-21 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2006-11-02 53504]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\System32\Drivers\tosrfusb.sys [2006-10-28 40960]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2008-10-28 31280]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696]
R2 NPFSvc32;Norman Personal Firewall Service; C:\Program Files\Norman\npf\bin\npfsvc32.exe [2009-01-13 597104]
R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912]
R2 NVOY;Norman Resource Provider; C:\Program Files\Norman\npm\bin\nvoy.exe [2009-01-20 126008]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-22 185640]
R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-10-29 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-29 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-29 399920]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [2008-11-27 183352]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2009-02-05 195640]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]
S2 gupdate1c9babbdc6ff782;Google Updateservice (gupdate1c9babbdc6ff782); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-13 316664]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]

-----------------EOF-----------------


HJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJT HJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJT HJTHJTHJTHJTHJTHJTHJTHJT

info.txt logfile of random's system information tool 1.06 2009-04-17 11:37:35

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0013
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Geluiddemper v. cd/dvd-station-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0013 -removeonly
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IPZAZCMzK.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
IL-2 Sturmovik: Forgotten Battles-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} /l1033
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Device Emulator version 3.0 - ENU-->MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-->E:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1043}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly
Norman Security Suite-->MsiExec.exe /X{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}
Packet Tracer 5.0-->"C:\Program Files\Packet Tracer 5.0\unins000.exe"
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0013 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x13
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Realtek WiFi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}\Install.exe -uninst -l0x13
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snagit 9.1-->MsiExec.exe /I{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SubDownloader2-->"C:\Program Files\SubDownloader2\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0013 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0013 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0413
TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0413 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B}
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x13
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0013 -removeonly
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x13
Toshiba TEMPRO-->MsiExec.exe /X{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0413
TOSHIBA-handleidingen-->C:\Program Files\InstallShield Installation Information\{8A8EECC0-FECF-42BF-B414-D8E2F884E5AF}\setup.exe -runfromtemp -l0x0013 -removeonly
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TRDCReminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0413
TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0413
ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual Studio 2005 Tools for Office tweede editie runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Windows Live - HULPPROGRAMMA voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}
Windows Live Mail-->MsiExec.exe /I{B38B1F86-8202-482F-A289-A4806DFA498D}
Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Norman Security Suite ver. 7.00
FW: Persoonlijke firewall
AS: Windows Defender

======System event log======

Computer Name: Daan
Event Code: 537
Message: Kan geen compatibel TPM (Trusted Platform Module)-beveiligingsapparaat op deze computer vinden. Kan TBS niet starten.
Record Number: 43975
Source Name: Microsoft-Windows-TBS
Time Written: 20090417091156.807176-000
Event Type: Informatie
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Daan
Event Code: 7036
Message: De Security Center-service heeft nu de status wordt uitgevoerd.
Record Number: 43976
Source Name: Service Control Manager
Time Written: 20090417091158.000000-000
Event Type: Informatie
User:

Computer Name: Daan
Event Code: 7036
Message: De Windows Media Center Service Launcher-service heeft nu de status gestopt.
Record Number: 43977
Source Name: Service Control Manager
Time Written: 20090417091159.000000-000
Event Type: Informatie
User:

Computer Name: Daan
Event Code: 7036
Message: De Windows Update-service heeft nu de status wordt uitgevoerd.
Record Number: 43978
Source Name: Service Control Manager
Time Written: 20090417091208.000000-000
Event Type: Informatie
User:

Computer Name: Daan
Event Code: 7036
Message: De WinHTTP Web Proxy Auto-Discovery-service-service heeft nu de status gestopt.
Record Number: 43979
Source Name: Service Control Manager
Time Written: 20090417093058.000000-000
Event Type: Informatie
User:

=====Application event log=====

Computer Name: Daan
Event Code: 1
Message: Norman Message [2009/04/17 11:33:02]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 192.168.2.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'TDSSServ.Q'
Login information: User 'Daniel' on host 'DAAN'.
File infected: C:/Windows/explorer.exe
Virus repair error:
Virus name: 'TDSSServ.Q'. Repair failed.

Record Number: 13039
Source Name: NormanNPT
Time Written: 20090417093302.000000-000
Event Type: Fout
User:

Computer Name: Daan
Event Code: 1
Message: Norman Message [2009/04/17 11:33:02]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 192.168.2.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'TDSSServ.Q'
Login information: User 'Daniel' on host 'DAAN'.
File infected: C:/Windows/explorer.exe
Virus repair error:
Virus name: 'TDSSServ.Q'. Repair failed.

Record Number: 13040
Source Name: NormanNPT
Time Written: 20090417093302.000000-000
Event Type: Fout
User:

Computer Name: Daan
Event Code: 1
Message: Norman Message [2009/04/17 11:33:03]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 192.168.2.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'TDSSServ.Q'
Login information: User 'Daniel' on host 'DAAN'.
File infected: C:/Windows/explorer.exe
Virus repair error:
Virus name: 'TDSSServ.Q'. Repair failed.

Record Number: 13041
Source Name: NormanNPT
Time Written: 20090417093303.000000-000
Event Type: Fout
User:

Computer Name: Daan
Event Code: 1
Message: Norman Message [2009/04/17 11:33:04]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 192.168.2.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'TDSSServ.Q'
Login information: User 'Daniel' on host 'DAAN'.
File infected: C:/Windows/explorer.exe
Virus repair error:
Virus name: 'TDSSServ.Q'. Repair failed.

Record Number: 13042
Source Name: NormanNPT
Time Written: 20090417093304.000000-000
Event Type: Fout
User:

Computer Name: Daan
Event Code: 1
Message: Norman Message [2009/04/17 11:33:20]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 192.168.2.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'TDSSServ.Q'
Login information: User 'Daniel' on host 'DAAN'.
File infected: C:/Windows/explorer.exe
Virus repair error:
Virus name: 'TDSSServ.Q'. Repair failed.

Record Number: 13043
Source Name: NormanNPT
Time Written: 20090417093320.000000-000
Event Type: Fout
User:

=====Security event log=====

Computer Name: Daan
Event Code: 4624
Message: Er is een account aangemeld.

Onderwerp:
Beveiligings-id:S-1-5-18
Accountnaam:DAAN$
Accountdomein:WORKGROUP
Aanmeldings-id:0x3e7

Aanmeldingstype:2

Nieuwe aanmelding:
Beveiligings-id:S-1-5-21-1886378062-3032731309-4235970695-1000
Accountnaam:Daniel
Accountdomein:Daan
Aanmeldings-id:0x41630
Aanmeldings-GUID:{00000000-0000-0000-0000-000000000000}

Procesgegevens:
Proces-id:0x31c
Naam proces:C:\Windows\System32\winlogon.exe

Netwerkgegevens:
Naam van werkstation:DAAN
Netwerkadres van bron:127.0.0.1
Poort van bron:0

Gedetailleerde verificatiegegevens:
Aanmeldingsproces:User32
Verificatiepakket:Negotiate
Doorgezette services:-
Pakketnaam (alleen NTLM):-
Sleutellengte:0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 11599
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417091006.492976-000
Event Type: Controle geslaagd
User:

Computer Name: Daan
Event Code: 4624
Message: Er is een account aangemeld.

Onderwerp:
Beveiligings-id:S-1-5-18
Accountnaam:DAAN$
Accountdomein:WORKGROUP
Aanmeldings-id:0x3e7

Aanmeldingstype:2

Nieuwe aanmelding:
Beveiligings-id:S-1-5-21-1886378062-3032731309-4235970695-1000
Accountnaam:Daniel
Accountdomein:Daan
Aanmeldings-id:0x41644
Aanmeldings-GUID:{00000000-0000-0000-0000-000000000000}

Procesgegevens:
Proces-id:0x31c
Naam proces:C:\Windows\System32\winlogon.exe

Netwerkgegevens:
Naam van werkstation:DAAN
Netwerkadres van bron:127.0.0.1
Poort van bron:0

Gedetailleerde verificatiegegevens:
Aanmeldingsproces:User32
Verificatiepakket:Negotiate
Doorgezette services:-
Pakketnaam (alleen NTLM):-
Sleutellengte:0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 11600
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417091006.492976-000
Event Type: Controle geslaagd
User:

Computer Name: Daan
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:
Beveiligings-id:S-1-5-21-1886378062-3032731309-4235970695-1000
Accountnaam:Daniel
Accountdomein:Daan
Aanmeldings-id:0x41630

Bevoegdheden:SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 11601
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417091006.492976-000
Event Type: Controle geslaagd
User:

Computer Name: Daan
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam:\Device\HarddiskVolume2\Windows\System32\drivers\nvcv32mf.sys
Record Number: 11602
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417091029.752776-000
Event Type: Controle mislukt
User:

Computer Name: Daan
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam:\Device\HarddiskVolume2\Program Files\Norman\Npm\Bin\NmchInjDrv.sys
Record Number: 11603
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417091053.090376-000
Event Type: Controle mislukt
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;%NpmLib%
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"VS90COMNTOOLS"=E:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"NpmLib"=C:\Program Files\Norman\Npm\Bin
-------------------------------------------------------------------------------------------------------------------------------------------

I can't seem to get rid of TDSSserv because general removal methods( http://www.myantispyware.com/2008/11/05/how-to-remove-trojan-tdsserv/ ), because there aren't any listed drivers installed. My norman antivirus reports that c\windows\eplorer.exe is infected, which i obviously can't remove.

For anyone else with this problem: If explorer.exe gets quarantined, hit F8 and try to run a windows-bootup scan. This lets you restart again without you're windows going blind/black.
I also use Norman Virus Scan and received the same MSG. Telling me my Explorer.exe file was infected with the Trojan TDSSServ.Q file.
I tried using the Norman Malware Cleaner file that you run from "Safe" mode. But it didn't catch or clean it.
Has anybody figured out a way to clean out this Trojan without destroying the explorer.exe file?

A friend brought his g-way over to the house and said he had a virus....it will bring up the black logo screen and boot MENU f10 and bios settings f2 but will do NOTHING else. I noticed that it could only detect the mouse after I CHECKED the hard drive connections???

He told me that working with the mouse eventually come up, but I have been at it for over an hour with no luck................any ideas??Don't think this is completely due to a virus. Sounds like a hardware issue. that's what I was thinking; my train of thought would be mobo; I don't have my test tools with me, I'll have to go to the shop for them. I tried all of the usb ports and do not get any success at them randomly. the only way it will detect the mouse is at start up, if you unplug it and plug it back in, it will not read it. Another INDICATOR is nothing is detected on the keyboard (lights.etc cap locks) So, I am assuming no power GOING there at this time.

Does anybody KNOW what PowerReg Scheduler is? ViRobot found it and I had it deleted.Is is NORMALLY advised to REMOVE it. Among other THINGS it slows many computers down.

http://www.bleepingcomputer.com/startups/PowerReg_Scheduler-4135.html

We started noticing all the problems when about 25 IE windows were open on my wife's laptop last Saturday morning when we got up. Not sure what was downloaded that started all of this.

I've run thru all of the "Malware Removal Steps". I've attached the 3 logs you've requested to get this started.

At the moment I am unable to connect to the internet with IE. I can ping various websites just can't get the
browser to connect to any of them. Get dnserror. Having to post all of this on another computer.

Thanks for you help!



[recovering disk space -- attachment deleted by admin]Welcome to CH.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

• Link #1
  
• Link #2

• Run Fixwareout.
• Click Next
  
• then Install
  
• Make sure Run fixit is checked
  
• Click Finish.
  
• The fix will begin; follow the prompts.
• You will be asked to reboot your computer; please do so.
• Your system may TAKE longer than usual to load; this is normal.

• Go into Control Panel > Network Connections.
  
• Right click on your connection
  
• and click Properties.
  
• On the Properties page, highlight Internet Protocol(TCP/IP)
  
• Click Properties. This will bring up another page.
  
• Select Obtain DNS Server Automatically.
  
• Click the ok button. The page will close.
  
• Press ok on the page in front of you.
  
• Restart the computer.
  
• Reconnect to the Internet using Internet Explorer.
• Add the log from fixwareout in your next reply.
• It will be located at c:\fixwareout\report.txt

Open HijackThis and select

• Save it to your desktop.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Start
• Run
• type: CLEANMGR.EXE
  
• Press Enter.

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

There are some infected files in your email and one other location.

Download

• Save it to your desktop.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

You can try this first instead of reinstalling.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the BLUE progress bar goes away

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the CLOCK settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

I swear, I don't know how I got it. I keep deleting the thing and it keeps coming back. But every time it comes back, it comes back as 3 copies of Adware.RK.331776, with 2 being able to be deleted and 1 copy not being able to be deleted.

Current Date/Time: Friday, August 29, 2008
Windows XP Professional 5.1 Build 2600
BIOS: Default System BIOS
Processer: AMD Athlon(tm) XP 2100+, MMX, 3DNow, ~1.7GHz
Memory: 768MB RAM
Page File: 278MB used, 1215 MB available
DirectX VERSION: DirectX 9.0c (4.09.0000.0904)

I use ViRobot for spyware and virus protection.here look at this FOLLOW the directions and wait for Broni or ef or someone Download and rename TrendMicro HijackThis.exe (HJT)

• Double-CLICK on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.

• Close HijackThis and rename it.
  
• Go to C:\Program Files\Trend Micro\HijackThis.exe
  
• Right click on HijackThis.exe and select Rename.
  
• Type in sniper.exe and press Enter.
  
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)

• From the desktop open HijackThis.
• Important! If using Windows Vista, Right-click and Run As Administrator
  
• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Quote

just need to transfer it to this computer

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Start
• Run
• type: CLEANMGR.EXE
  
• Press Enter.

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

• Open Internet Explorer, click the Tools button, and then click Internet Options.
  
• Click the Connections tab.
  
• Click the first entry in the Dialup and Virtual Private Networks list, and then click Settings.
  
• Select the Automatically detect settings check box, and then click OK.
  
• Repeat the previous two steps for each entry in the Dialup and Virtual Private Networks list.
  
• Click the Lan Settings button in the Connections tab, and repeat steps 4-6. Click OK on the Connections tab.
  
• Close Internet Explorer, and then restart it.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
• Check the box in section 2, Fix Windows Installer.
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
• Check all boxes in Section 5, labeled Registration Center.
• Click Go
• OK any error messages if received, but WRITE them down and post them here.
• Restart the computer when done.

thank u so much for all your help =-). this program is still in my control panel its a monitor with a magnifying glass thru the screen. when i HOVER over it it says : displays all software that is running on your computer or REGISTERED to run automatically. that program was not there 2 DAYS ago lol Can you post a SCREENSHOT of it?

How to post screenshots or images

hello and thank you for helping me!
i was infected by virus burst (critical error virus with fake alerts )
it made my computer slow down and so many fake alerts appear when i wanted to open a window or using my IE to browsing internet, my default browser stopped working and each folder in mycomputer opens in it's own window however in options i marked it to be open in the same window ! I scanned my computer with malwarebytes anti malware and it cleaned all infected fill from registry and windows files i will attach the log ,
i still have the same problem but no fake alert any more,
here is my hijackthis log after scanning with malwarebytes anti malware,
can anyone help me to know what is the problem now? and if i still infected or not?
thank you for your attention..
good luck .



Logfile of Trend Micro HijackThis v2.0.2
SCAN saved at 01:04:59, on 9/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (file missing)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [DRCU] "C:\Program Files\Sony\DRCU\DRCU.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download all links with IDM - G:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - G:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download with IDM - G:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C45DD383-829D-4F6F-8952-464EB8FD9AEC}: NameServer = 217.218.155.105 217.218.127.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFD7BA14-A4D7-4615-A0F6-E675126AFC98}: NameServer = 172.16.1.3,172.16.1.42
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Internet Lock Service (INETLOCKSVC) - TopLang Software - C:\Program Files\Internet Lock\ILSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10119 bytes


************************
and here is my malwarebytes log



Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 6.0.6000

7:19:00 PM 8/25/2008
mbam-log-08-25-2008 (19-19-00).txt

Scan type: Quick Scan
OBJECTS scanned: 46859
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eee17712-987e-4424-a00c-9da0bc4e2078} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{88abc5c0-4fcb-11bb-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.


Your Java is out of date.

OLDER versions have vulnerabilities that malicious sites can use to infect your system.

Download JavaRa and unzip it to your desktop.

• Double-click on JavaRa.exe to start the program.
  
• Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up.
• Delete the JavaRa .zip .exe and .html files from the Desktop

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

• Double-click on drweb-cureit.exe and then click Start.
  
• An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button.
  
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  
• Copy and paste that log in the next reply

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

• Start
• Run
• type: CLEANMGR.EXE
  
• Press Enter.

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

• On the Desktop, right-click My Computer
  
• Click Properties
  
• Click the System Restore tab.
  
• Check Turn off System Restore
  
• Click Apply, and then click OK

• On the Desktop, right-click My Computer
  
• Click Properties
  
• Click the System Restore tab.
  
• UN-Check Turn off System Restore
  
• Click Apply, and then click OK

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Read your "Removing Malware "- excellent. Also your list of free SOFTWARE
(i.e. AVG , which I'm looking for. Problem: Constantly wherever I click,
even when following a Microsoft report#..... it seems about 90% of software is listed as compatible with XP or Vista. Have explored Microsoft
Help alone many times and this is still true. Are many of the softwares
also compatible with Win2000 but it just isn't being said?

(Trying to fix problem with no fix: "....not a valid Win32 document

ThanksWhich softwares are saying this?

Everything in the malware removal guide should work with Windows 2000. If all of them are saying this then it isn't your version of Windows, it is the malware that is blocking the installs.If I remember right - pretty much everything 32 bit should be OK with Win 2k .... in FACT I did run some 16 bit now I think on it when I ran 2k, but any supposed XP 32 bit app should be fine in 2k.

Open to correction here but - wasn't 2k based on the NT4 kernel.Quote

Open to correction here but - wasn't 2k based on the NT4 kernel

An icon appeared on my task bar for Installshield Update Manager. I didn't download it. I want to UNINSTALL it. Is there any removal tools out there for this unwanted program?This software came bundled with your computer.

It provides an easy WAY to update the software on your computer that uses it...

If you uninstall it, you will have to manually update the software that uses this program. However, if that's what you want to do...just locate the software in Add/Remove Programs...and uninstall it.

Be warned...those programs which use the software to update...will not be able to automatically update...after removal.It's not in Add/Remove programs. I would advise against removing it.

You can make it disappear from the TASKBAR by Right Clicking an empty space in the Taskbar, go to PROPERTIES, and then Customize.Look under Download and install the uninstall for Software Manager:

http://consumerdocs.installshield.com/selfservice/viewContent.do?externalId=Q111006&sliceId=1

I'm trying to run an on-line scan on my Toshiba laptop RUNNING Vista but Kaspersky is not designed for Vista 64 bit, Panda keeps giving me an error and Trend Micro has been trying to download files for over 1 hrs. Are there any others I could try?There ia a list of them here http://www.techsupportteam.org/forum/reviews/3184-trusted-security-tools-resources.html

Not sure which ONES are 64 bit compatible.Quote

Trend Micro has been trying to download files for over 1 hrs

It has come to our attention that a critical bug existed between Malwarebytes' Anti-Malware version 1.00 and version 1.25. If you ever removed anything using Malwarebytes' Anti-Malware during that time, please run the attached file. Your SecurityProviders value may have been corrupted.

The original values of the value should have looked like this.
file1.dll, file2.dll, file3.dll

When repairing the registry value, Malwarebytes' Anti-Malware may have RESET the values to the following.
file1.dll file2.dll file3.dll (note lack of commas)

This has already been repaired in version 1.26, however, those exposed to this bug must be repaired. Attached is a utility that will TELL you whether the registry value is corrupt and it will offer to fix it by adding the necessary commas. We apologize for the problems this may have caused and we hope to never have a repeat of this situation.

Simply DOWNLOAD the file to your desktop, unzip it, and run it.

This particular bug would only affect you if your computer was part of a LAN in a configuration that required it AUTHENTICATE itself to others. It has nothing to do with antivirus, or security otherwise.

Link

• (FIXED) Main window now brought to front when the scan finishes.
• (ADDED) Function to restore broken SecurityProviders. <- Bug fix
  
• (ADDED) Associations are now checked for malicious entries.
• (ADDED) Heuristics for common infections.
• (ADDED) New mirror to updates.

Your HJT log is clean.
As a LAST step, I'd like you to run CCleaner...

1. Download, and install CCleaner: http://www.ccleaner.com/

2. Read CCleaner instruction from here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

What is the situation with Task Manager?Task manager is enabled.....

I have run ccleaner also.......

SYSTEM is working in complete CONDITION....Very NICE ...Keep it that way I dont want to disturb you again ...... but i couldn't resist myself saying thank you to you....

Thank you so much for being ther..........You're very welcome

After doing a daily check on my computer a trojan was discovered.I fixed that PROBLEM,but after restarting the computer all of my desk icons are gone as well as the windows start up.I had to go through the back door to get on the net.Can anyone please tell me how I can fix that or even maybe how to back my computer up going through the back door? I really need some help.My 17 year old son lives in Ga.while I am here in Co.and using the computer is the only way I have been able to keep in touch with him. I would really appreciate it if someone can help me. What exactly do you mean by "the back door"?
What version of windows is this?
What protection software do you have installed? (Anti-virus, firewall, anti spyware etc.)
What are you seeing when windows loads? Just your background image and nothing else?I don't know alot about computers,but when I start my computer all I have is the background and nothing else on my desk top so I have to through program files to get on the net.I have a windows xp.I have defender pro on my computer and it said I had 3 trojans so I got RID of them.When I restarted my computer is when everything disappeared of my desk top.I have all the protection on it and for 3 years have not had any problems with it until yesterday.unfortunately,I was a little late learning about computers and got my first 1 3 years ago. My son in Ga. does not have a phone and that is how I have been keeping in touch with him. I am not sure of what I am doing at times and it is difficult when it comes to all the computer terms.lol I am almost ready to just take the computer to a shop because I don't know if I am capable of trying to fix this myself.Try this:
Press ctrl+alt+delete.
In the Task Manager select File
Select Run...
Type Explorer.exe and hit enter

Does this bring your icons and taskbar back?
(Note this isn't a permanent fix, just a test.)
yeah,all that comes up then.That is how I have been getting on the net.lol Do you know if I can back my computer up a few days without doing anymore damage and if so how do I get to the file I need to back it up? I really appreciate your help.When I go to hp recovery there is nothing there.Nothing happens.Quote

a trojan was discovered.I fixed that problem

Hi all, can anyone help me with a problem that i have encountered only this evening?
the problem is that I was downloading some freebies from various places when my firewall and a program called threatfire popped up and reported that i had contracted some sort of rootkit type virus and that it was trying to send my details out on the internet.
I followed the instructions that i was given and quarantined it (or so i thought) and then went to the quarantine file and permanently (I think) deleted it.
at that point my PC started to missbehave, the internet explorer, windows explorer, and other things started to close down and then re start. i also noticed that my antivirus software was no longer working, I had PC Tools Antivirus installed at the time, and it had been shutdown and it would not start again.
in the end i un-installed it and tried PC tools spyware doctor with antivirus. after running some scans of my PC and being satisfied that it was in good health i resumed my surfing.
then it all started up again, and now my screen keeps going black (as if turned off) for about 2 or 3 seconds and then coming back on. also i have had to install adobe flash player 4 times tonight in order to get to my e mail or a website, so i don't think the information is being kept by windows, with this going on i decided to try the system restore option in my accessories and system tools folder. guess what??? yep i could not system restore my PC, I tried 4 different times over the last 2 DAYS but it just said that the PC could not be restored to that time and i should try another restore point. none of them work, i tried the 1st one, 1 from Tuesday, and 2 from yesterday (wed, 19-12). my PC had a problem last week due to an unrelated incident regarding my telephone and the fact that it didn't work, not realising this i decided not to investigate it and just bang in the restore disc. partly cos of having loads of programs and partly cos of having no phone (internet) it has taken me 3 and a half days to get my PC back up and running, so you can see why i am so upset and why i am reluctant to use my restore disc again.
Can anyone MAKE me a suggestion on how i can resolve this PLEASE?
i would be so grateful for any help. also i don't know how to send a detailed file of what is going on, i noticed that a lot of ppl send these logs so that the ppl helping can get a better idea of what is going on, if anyone could give me instructions on how to create or just find such a log then i will of course send it to help.
Thankyou to you all in advance for your help, i look forward to kicking some virussy type *censored*.1. Run free online scan at: http://housecall.trendmicro.com/
The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
Post HouseCall log.

2. DOWNLOAD and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

SUPERAntiSpyware should be run in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make SURE the following are CHECKED (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Start Here...thanks for your help, unfortunately i can't send any logs as when i went online to do the last scan something started opening popups galore, when i finally got it under control i found half of my pc missing. i just lost 178 games, my photos, my music, all my application set up files, and all of my pc settings (wallpaper etc). I have just got back online but with a skelleton pc, so i am starting another system restore with my disc. I feel i have little choice. thankyou very much for your help and when all is fixed again i shall return here and see if i can help anyone else.
Thanks again.I feel sorry for you, but sometimes reinstall is the only option.
Thanks for posting back.

im about to have a breakdown.
i cant get onto any websites that need a password or info like that other than myspace and this one.
i cant get onto facebook, YAHOO, by THINGS online or anything.
please help me.What browser, WINDOWS version?

Here is Why I am getting paranoid about
Cyber Security.
Just do a GOOGLE on those two words and you will
find too much bad news. Here is just one:
http://www.edenprairienews.com/cyber-monday-tips-shoppers-6564
And that one is on the positive side!
Please tell me it is going to be OK. USE a good updated antivirus and FIREWALL and practice safe (sensible) COMPUTER use. Nothing is truly free, no matter what that email says...

Everything will be OK.

Hi, I just received my new laptop, and can I have any recommendations on what to do before surfing the net? THANK you.Everything listed below is free.

First I would install CCleaner. Run it occasionally to keep the clutter off of the disk.
Download CCleaner Slim and save it to your Desktop

When the file has been SAVED, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to MOVE them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before MAKING any changes.Exit CCleaner after it has completed it's process.

Next run PC Decrapifier and get rid of all of the bloatware installed. http://www.pcdecrapifier.com/

The rest are free security programs.

Antivirus
Remember to only install one antivirus!

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

Firewall
Remember only install ONE firewall

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) PC Tools Firewall Plus

Antispyware
To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to HELP keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

Hello here are my logs. What do I do Next? Any help will be greatly appreciated!

[Saving space - attachment deleted by admin]Sorry for the wait. Things are a little busy with the holiday season and upcoming finals.

You're looking pretty good so far, but there's ANOTHER thing we should try...
Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.Hi. Thanks for your help. I ran combofix and here is the log. You guys are really LIFESAVERS.

[Saving space - attachment deleted by admin]Based on these logs, you should be mostly clean now. But there is one more thing you should do...

Run a scan with HijackThis and place a check next to this entry if you find it:
O20 - AppInit_DLLs: qxnbqm.dll

Close all other windows and click on Fix Checked. Then close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Search for C:\WINDOWS\qxnbqm.dll and C:\WINDOWS\system32\qxnbqm.dll, and if you find either one, delete it.


Once you've followed these steps, post a new HijackThis log for me to look at.Hi CBMATT. I followed your INSTRUCTIONS and here is the log from hijack this.

[Saving space - attachment deleted by admin]Okay, it looks clean now. You need to GET a good anti-virus, however. You have some good protection programs, but you need a program such as AVG or Avast.

Now that you no longer need ComboFix, go ahead and uninstall it. Go to Start > Run and type in combofix /u (note the space) and click OK.

Also, let's clear your System Restore of infected Restore points...

Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are infected, but that's good news)

Turn OFF System Restore

• On the Desktop, right-click My Computer
  
• Click Properties
  
• Click the System Restore tab.
  
• Check Turn off System Restore
  
• Click Apply, and then click OK

• On the Desktop, right-click My Computer
  
• Click Properties
  
• Click the System Restore tab.
  
• UN-Check Turn off System Restore
  
• Click Apply, and then click OK

Hey guys, hope you can help me...

I visited the forum and followed the instructions up step 4 in the POST by evilfantasy about removing malware, attached are the logs from SUPER Antispy and Malwarebytes' Anti-Malware. But anyway, I ran Malwarebytes' Anti-Malware scan and it found 8 infected items; all the items listed had to do with registry files, and one with registry DATA. A friend of MINE said don't delete anything with registry files unless I know what I'm doing because I could do more harm than good, and I most certainly do not have a clue about this stuff...please help!

[attachment deleted by admin]No need to wait. Just remove infected items through Malwarebytes' Anti-Malware. NOTHING affect the system.

Malwarebytes' Anti-Malware have quarantine to store the infected items. You can revert the changes in any case.If the PROGRAMS are asking to delete something, let them do it.

Then post a HijackThis Log and one of our Malware Specialists will guide you on from there.

I've been wondering if SOMEONE has stolen some account passwords and been LOGGING into them. How would I KNOW for sure if this is happening? Are there signs to indicate that someones in your computer VIEWING personal information and stealing passwords. Could it be possible if I'm connected to an unsafe wireless NETWORK but with the firewall on that someone could be doing any of this?

If there's a thread with all these questions answered please link me. Thanks.

I have an Acer Aspire with AMD Athlon 64 X2 Dual Core Processor 5200+ with 3GB of ram and I'm running Vista on it. I do download alot of torrents but I don't know if its a memory issue or a virus. All the SUDDEN while I'm doing something on the computer the WHOLE screen locks up and i can do anything, not even pull up task manager, it makes me turn off and on my computer. My logs are all in the attachments, please help me out.

[Saving space - attachment deleted by admin]Well, for starters, I have to say that downloading torrents can often lead to infection. And yes, I realize that there are many legal and legitimate torrents, but I'm positive that most people aren't downloading these. Thankfully for you, I don't see anything wrong here. However, I like to err on the side of caution, so just to be certain, follow these steps...

Download ComboFix and SAVE it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the PROMPTS and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.Heres that log you told me to get.

[Saving space - attachment deleted by admin]I don't see any active infections, so go ahead and uninstall ComboFix. To do so, go to Start &GT; Run and type in combofix /u (note the space) and click OK.

I suspect that your problem may be a graphics issue or a corrupt program. I suggest heading over to our Windows section and describing your problem in as much detail as you can. They get a bit more traffic there, so hopefully someone will come along soon with some suggestions.

I'm having a problem with slowness and hangups... browsers keep closing suddenly.. both firefox 3.0 and IE 7. The clock won't update either, it says the RPC server is unavailable. I'm running Zonealarm Pro for a firewall.


Here are my logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/29/2008 at 09:46 PM

Application Version : 4.22.1014

Core Rules Database Version : 3656
Trace Rules Database Version: 1637

Scan type : Complete Scan
Total Scan Time : 00:37:05

Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 4875
Registry threats detected : 0
File items scanned : 18445
File threats detected : 0


Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 5.1.2600 Service Pack 2

11/29/2008 10:37:31 PM
mbam-log-2008-11-29 (22-37-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 100057
Time elapsed: 44 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)


LOGFILE of HijackThis v1.99.1
Scan saved at 10:48:02 PM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and SETTINGS\Raynelle\My Documents\My Programs\analyzeThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YAHOO! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN TRAY Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe





In all of your logs, there isn't any evidence of an infection, so I don't think that is the problem here. Does your browser close when you do certain things or go to certain sites, or does it close at random times?

As for your clock...is this a new issue? I've encountered very few computers that are actually able to connect to the time servers. The computer I currently own is the first one I've ever had that is able to do so.

However, with that said, it's possible that this could be related to your firewall. It could be the same for the browser issue. Just as a quick test, try DISABLING your firewall for a minute and then try updating the time. Any luck?

DON'T FORGET TO ENABLE YOUR FIREWALL AFTER TESTING THIS.

My computer has been running very slow. It sometimes takes 5 minutes for IE to open and each new window takes just as long. Other programs also seem to take forever to open and if I have several things open (Outlook and IE, for example) it may take even longer. I had thought that maybe all the junk my kids had downloaded was the problem, but they both left home recently and I removed all their files. No help.

Windows XP Home Version 2002
Service Pack 3
Gateway
Intel
Pentium 4 CPU 2.40GHz
2.39 GHz
256 MB of RAM

My logs are attatched, however my daughter used the computer in between steps 2 and 3. Don't know if it matters.

Thank you so very much!

[Saving space - attachment deleted by admin]Go to Add/Remove Programs and uninstall:
Ask.com
Ask Toolbar

or anything with Ask in the name.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: (no name) - {891B76B0-D49C-4D9B-BCB3-40C919F5FD62} - (no file)
- O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
- O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- O15 - Trusted ZONE: http://www.adobe.com
- O15 - Trusted Zone: http://www.drewdavisband.com
- O15 - Trusted Zone: http://*.turbotax.com
- O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
- O18 - Filter hijack: text/html - (no CLSID) - (no file)
- O20 - Winlogon Notify: ssqomlm - ssqomlm.dll (file missing)
- O23 - Service: McAfee Application Installer Cleanup (0038321227012829) (0038321227012829mcinstcleanup) - UNKNOWN owner - C:\WINDOWS\TEMP\003832~1.EXE (file missing)
- O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC and run the tool again to ensure everything has been removed.
• Delete Nortonremoval tool from your Desktop.

Windows is terrible about not freeing up RAM that should be on your free memory list.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------


• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
----------

Download

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

If you're concerned about those files, then try uploading them to VirusTotal. Head over to the site and in the little browse box, search for one of the files and scan it. When the scan has completed, do the same for the other file. Do they come up as infected? If so, post the results here. If not, then you probably don't have to worry about it. I don't THINK those files are there anymore. I'm quite confused. Not that I could LOOK for them if they were. I went to system32, couldn't find them. I tried uploading from the directory (c:\windows\system32\japanesename.exe) but it said it wasn't found.

By now, you must have probably learned to skip the first part. Basically, it's gone, or it only comes up when I'm running certain programs.Hmm, do you know which programs use these files? You can try using Process Explorer to see what it's tied to (only when the file is actually in use).

Also, can you translate the filenames? If not, then perhaps you can post a screenshot of the file in Task Manager and I'll see what I can do.Er, I don't particularly CHECK my processes that often, so I doubt I would catch the process while it's in operation. I guess I'll keep that in mind for later, because it's probably not that big of a problem.

Translating the file names... It's essentially like English viruses. Don't quite make sense, and not like I could translate them anyways. Thank you very much for your help, and I hope that there won't be any more problems.Well, at this point, the only thing I can suggest is to run regular scans with various anti-virus programs. Perhaps give Sophos Antirootkit a try as well. If these different programs don't PICK ANYTHING up, then there's a fairly good chance of that the files aren't malicious.

windows task manager is working but i cannot close it using the 'x' button, unless i hit alt-f4... here's the screenshot...



do you think its a virus?
i think it happened after my brother go to a 'friendster' page of one of his classmates eventhough i told him not to after we have experienced a weird script popping out after closing it yesterday, (the script has the teen200.com title and its like a window that keeps opening...)

i have deleted my avast antivirus and currently is in the process of downloading another antivirus software.

OS : Microsoft XP

any HELP and advice is much appreciated..
THANKS in advance.

Wait wait wait....

Double Click on the border of Task Manager.ooh~
i see, hehe..
(IM being PARANOID so much) heh~

im gonna go kill my brothers..
thanks.

Anytime.

I was showing a friend a move, and while playing it, the whole computer froze up.
And i mean froze up, nothing worked.
Now, i know for a fact, it couldn't have been spyware or viruses, but maybe an internal hardware problem?

After freezing up, i restarted the computer, via the external button.
After a successful reboot, i noticed that i had no ACTIVE internet connection.

I went into device manager and noticed my network adapter driver, had been uninstalled, or was not working correctly.
I quickly initiated system restore, only to notice it didn't fix any of my problems.

Only after i un-did the last restore, did my driver funnily return to where it should be?

What could have caused this to happen?

I have posted a hijack this log, but there is no need for a super log, because it will come up clean.


of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:21 PM, on 7/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Program Files\avast1thegood\aswUpdSv.exe
C:\Program Files\avast1thegood\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\avast1thegood\ashMaiSv.exe
C:\Program Files\avast1thegood\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-au.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast1thegood\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast1thegood\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast1thegood\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast1thegood\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8573 bytes


System Specs,

•CPU Family: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz Model 15, Stepping
•CPU MANUFACTURER: GenuineIntel
3GB of ram
Windows vista
And a wireless adapter, plugged into my PCI slot, which is connected to my wireless router.
Well, you may want to consider a third-party firewall, but aside from that, I don't see anything malicious. Have you viewed this particular video before? If so, has it ever given you problems?

It could've just been a random glitch. But in the future, I suggest using a program called VLC Media PLAYER for viewing videos (especially large ones). It significantly cuts down on resources and could help you avoid potential problems.Quote from: CBMatt on December 16, 2008, 06:41:09 PM