infected; logs posted

[ken545]

Hi,

Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint , it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.


Start OTS.

Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
[Registry - All]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:6522
[Files/Folders - Created Within 30 Days]
NY -> 32788R22FWJFW -> C:\32788R22FWJFW
[Purity]
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

[PRprince305]

with all the logs on my desktop i think i got the logs mixed up, if so let me know


All Processes Killed
[Win32 Services - Safe List]
Error: No service named Viewpoint Manager Service was found to stop!
Service\Driver key Viewpoint Manager Service not found.
File C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe not found.
[Registry - All]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: AppData

User: Daya
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81065296 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24898 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1099 bytes

Total Files Cleaned = 77.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.35.0 fix logfile created on 08182010_232633

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[ken545]

Looks good, since you had problems with GMER, run this one

Please download Rooter Rootkit Detector to your Desktop

• Doubleclick it to start the tool.
• A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
• Post the report for me to see.

[PRprince305]

as soon as i hit scan it crashes

[ken545]

Try GMER again but do it this way, I need to see the report. If it gives you problems you can try running it in safemode, instructions at the end of this post.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.





Instructions for Safemode if needed

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

[PRprince305]

while gomer was running a dds log popped up but i never ran dds, so hers all 3 logs


DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Daya at 15:08:49.68 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4030.3171 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Users\Daya\Desktop\gmer.exe
C:\Users\Daya\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://forums.spybot.info/showthread.php?t=58926&page=2
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~2\arcsoft\videod~1\ARCURL~1.DLL
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uRun: [Aim6]
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [Google Update] "c:\users\daya\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] "c:\program files (x86)\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Google Updater] "c:\program files (x86)\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
dRun: [msnmsgr] "c:\program files (x86)\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Search - c:\program files (x86)\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: facebook.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: AIM Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} -
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun-x64: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daya\appdata\roaming\mozilla\firefox\profiles\6ne1j5t1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files (x86)\arcsoft\video downloader\plugin_firefox\components\nsURLRecordEx.dll
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files (x86)\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvta;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSva.sys [2010-8-18 27216]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-8-18 56008]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-18 317520]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-18 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-18 35536]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-18 308136]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-18 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9df469a3a2380;Google Update Service (gupdate1c9df469a3a2380);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-27 133104]
S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2006-11-2 326656]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-18 431432]
S3 AVGIDSDrivervta;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_vista64\AVGIDSDriver.sys [2010-8-18 132688]
S3 AVGIDSFiltervta;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_vista64\AVGIDSFilter.sys [2010-8-18 35920]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-11-1 293376]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2009-5-27 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2009-5-27 1095560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-6-14 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-19 03:26:33 0 d-----w- C:\_OTS
2010-08-18 23:57:24 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-08-18 23:53:18 0 d-----w- c:\users\daya\appdata\roaming\AVG9
2010-08-18 23:48:53 0 d-----w- c:\program files (x86)\VS Revo Group
2010-08-18 19:58:58 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-08-18 19:58:48 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-18 17:09:00 0 d-----w- c:\users\daya\appdata\roaming\Malwarebytes
2010-08-18 17:08:48 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 17:08:48 0 d-----w- c:\programdata\Malwarebytes
2010-08-18 17:08:48 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-18 16:50:39 0 d-----w- C:\_OTM
2010-08-18 09:27:59 0 d-----w- c:\windows\pss
2010-08-18 04:29:02 0 d--h--w- C:\$AVG
2010-08-18 04:28:42 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-18 04:28:39 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-18 04:28:26 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-18 04:28:23 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-18 04:28:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-18 04:28:01 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-18 04:24:17 27216 ----a-w- c:\windows\system32\drivers\AVGIDSva.sys
2010-08-18 04:24:15 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2010-08-18 04:19:46 0 d-----w- c:\program files (x86)\AVG
2010-08-18 04:18:40 0 d-----w- c:\programdata\avg9
2010-08-13 17:19:46 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 17:19:45 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 17:19:41 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-13 17:19:35 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 17:19:33 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 17:19:33 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-13 17:19:14 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-13 17:19:07 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-09 16:31:10 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-03 16:08:38 11584512 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-08-19 00:00:02 118152 ----a-w- c:\programdata\nvModes.dat
2010-07-02 18:39:59 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-27 19:16:02 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-27 19:16:02 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-27 19:16:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-01 17:37:48 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2009-11-17 21:27:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-01 18:21:41 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-06 15:52:35 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 22:51:18 245760 --sha-w- c:\windows\syswow64\%appdata%\microsoft\windows\ietldcache\index.dat
2010-03-23 17:13:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-03-23 17:13:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-06-13 14:22:30 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 15:12:28.99 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2008 3:21:05 AM
System Uptime: 8/19/2010 2:50:24 PM (1 hours ago)

Motherboard: Wistron | | 30D6
Processor: AMD Turion(tm) 64 X2 TL-60 | Socket A | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 285 GiB total, 192.445 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.421 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Adobe Shockwave Player 11
Apple Application Support
Apple Software Update
ArcSoft MediaImpression 2
ArcSoft Panorama Maker 4
ArcSoft Photo Book Screen Saver
ArcSoft PhotoStudio Darkroom 2
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft RAW Thumbnail Viewer
ArcSoft Scan-n-Stitch Deluxe
ArcSoft Video Downloader
AVG 9.0
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CustomerResearchQFolder
D5100
D5100_Help
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Disney Pirates of the Caribbean Online
EA SPORTS online 2005
ERUNT 1.1j
eSupportQFolder
GameTap
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Product Assistant
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Smart Web Printing
HP Update
HP User Guides 0090
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
KB408682
LabelPrint
LightScribe System Software 1.10.13.1
LimeWire 5.2.13
Madden NFL 2005
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.4)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
Norton Security Scan
OpenOffice.org 3.0
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Revo Uninstaller 1.89
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SF_CDA_ProductContext
SF_CDA_Software
Skype web features
Skype™ 4.1
Smilebox
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spyware Doctor 6.0
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Yahoo! Messenger

==== End Of File ===========================

[PRprince305]

while running gmer it pops open 2 pairs of dds logs (4 logs) withour me opening dds, and when i try to get the gmerlo gs nothing pops up, nor when one clicks on the save button , nothing gets saved, (first post was without running defoger (i misunderstood instructions sorry) but even with defogger disabling drivers, i cant seem to get gmer to give me a log (and i havent tried running windows on normal, because it freezes if i dont run on safemode. also the pc seems to be a bit slower than when we started cleaning (on normal mode)


DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Daya at 17:55:37.52 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4030.2933 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Daya\Desktop\Defogger.exe
C:\Users\Daya\Desktop\gmer.exe
C:\Users\Daya\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://forums.spybot.info/showthread.php?t=58926&page=2
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~2\arcsoft\videod~1\ARCURL~1.DLL
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uRun: [Aim6]
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [Google Update] "c:\users\daya\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] "c:\program files (x86)\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Google Updater] "c:\program files (x86)\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
dRun: [msnmsgr] "c:\program files (x86)\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Search - c:\program files (x86)\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files (x86)\aol\aim toolbar 5.0\aoltb.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: facebook.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: AIM Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} -
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun-x64: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daya\appdata\roaming\mozilla\firefox\profiles\6ne1j5t1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files (x86)\arcsoft\video downloader\plugin_firefox\components\nsURLRecordEx.dll
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files (x86)\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvta;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSva.sys [2010-8-18 27216]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-8-18 56008]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-18 317520]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-18 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-18 35536]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-18 308136]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-18 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9df469a3a2380;Google Update Service (gupdate1c9df469a3a2380);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-27 133104]
S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2006-11-2 326656]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-18 431432]
S3 AVGIDSDrivervta;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_vista64\AVGIDSDriver.sys [2010-8-18 132688]
S3 AVGIDSFiltervta;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_vista64\AVGIDSFilter.sys [2010-8-18 35920]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-11-1 293376]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2009-5-27 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2009-5-27 1095560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-6-14 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-19 21:31:58 0 ----a-w- c:\users\daya\defogger_reenable
2010-08-19 03:26:33 0 d-----w- C:\_OTS
2010-08-18 23:57:24 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-08-18 23:53:18 0 d-----w- c:\users\daya\appdata\roaming\AVG9
2010-08-18 23:48:53 0 d-----w- c:\program files (x86)\VS Revo Group
2010-08-18 19:58:58 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-08-18 19:58:48 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-18 17:09:00 0 d-----w- c:\users\daya\appdata\roaming\Malwarebytes
2010-08-18 17:08:48 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 17:08:48 0 d-----w- c:\programdata\Malwarebytes
2010-08-18 17:08:48 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-18 16:50:39 0 d-----w- C:\_OTM
2010-08-18 09:27:59 0 d-----w- c:\windows\pss
2010-08-18 04:29:02 0 d--h--w- C:\$AVG
2010-08-18 04:28:42 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-18 04:28:39 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-18 04:28:26 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-18 04:28:23 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-18 04:28:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-18 04:28:01 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-18 04:24:17 27216 ----a-w- c:\windows\system32\drivers\AVGIDSva.sys
2010-08-18 04:24:15 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2010-08-18 04:19:46 0 d-----w- c:\program files (x86)\AVG
2010-08-18 04:18:40 0 d-----w- c:\programdata\avg9
2010-08-13 17:19:46 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 17:19:45 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 17:19:41 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-13 17:19:35 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 17:19:33 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 17:19:33 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-13 17:19:14 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-13 17:19:07 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-09 16:31:10 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-03 16:08:38 11584512 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-08-19 00:00:02 118152 ----a-w- c:\programdata\nvModes.dat
2010-07-02 18:39:59 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-27 19:16:02 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-27 19:16:02 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-27 19:16:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-01 17:37:48 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2009-11-17 21:27:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-01 18:21:41 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-06 15:52:35 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 22:51:18 245760 --sha-w- c:\windows\syswow64\%appdata%\microsoft\windows\ietldcache\index.dat
2010-03-23 17:13:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-03-23 17:13:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-06-13 14:22:30 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 17:55:50.41 ===============

[ken545]

Do a free online virus scanner and post the log

Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[PRprince305]

im really sorry to say this, but as i had said this was my cousin's pc and she wanted it back so i no longer have it with me, i guess the topic shouldbe closed, but if you could give me final instructions, nexy time i go to her house i can do it then...

[ken545]

Well, my thoughts on this is that there is no malware present, although I am not getting the scans I ask for. I think this computer is just in bad shape windows wise , if it was mine I would format and reinstall windows nice and clean and be done with all the problems.

If you get it back and still have issues you want us to look at just start a new topic.

Ken