PDA

View Full Version : viruses and malware need help please


pac413
2010-05-18, 19:54
computer keeps crashing, and viruse scans will not pick up,computer is slow.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Patricia Cain at 10:43:15.75 on Tue 05/18/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.55 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60179
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80230
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80230
uURLSearchHooks: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\ViewBarBHO.dll
BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll
TB: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
TB: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [DW4] "c:\program files\the weather channel fw\desktop weather\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [02015632184905495261687561840069] c:\program files\xp antivirus\xpa.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\patricia cain\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CHotkey] zHotkey.exe
mRun: [showicon2k] c:\program files\\em\bay reader\Shwicon2k.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [atr.exe]
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\patric~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wal-ma~1.lnk - c:\program files\wmconnect\wmtray.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - ?p=ZJxdm028YYUS
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director6/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://mirror.worldwinner.com/games/v46/blockwerx/blockwerx.cab
DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} - hxxp://mirror.worldwinner.com/games/shared/dephlp.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://mirror.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://mirror.worldwinner.com/games/v55/cubis/cubis.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38155.3402083333
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://mirror.worldwinner.com/games/v61/swapit/swapit.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin9.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\patric~1\applic~1\mozilla\firefox\profiles\26pkcn9m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - component: c:\documents and settings\patricia cain\application data\mozilla\firefox\profiles\26pkcn9m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\patricia cain\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-10 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-10 243312]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-3-9 98984]
R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [2006-2-19 64512]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-12-30 153416]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100514.005\naveng.sys [2010-5-14 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100514.005\navex15.sys [2010-5-14 1347504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-10 87664]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2004-3-16 72024]
S3 L2XPSR;L2XPSR;\??\e:\release\l2xpsr.sys --> e:\release\L2XPSR.SYS [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-14 38224]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-10-6 40832]

=============== Created Last 30 ================

2010-05-16 01:00:07 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-16 00:59:56 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-05-16 00:59:55 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-16 00:59:55 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-16 00:59:55 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-16 00:59:46 0 d-----w- c:\program files\Linksys
2010-05-16 00:59:22 670 ----a-w- c:\windows\system32\WLAN.INI
2010-05-14 14:50:31 0 d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2010-05-14 14:49:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 14:49:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-14 14:49:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 14:49:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 14:43:17 0 d-----w- c:\program files\SpywareBlaster
2010-05-05 04:35:53 0 d-----w- c:\docume~1\patric~1\applic~1\GameHouse
2010-05-04 17:24:46 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caebaeb0fa9bf2.mof
2010-05-04 15:20:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 23:53:47 0 d-----w- c:\docume~1\patric~1\applic~1\FreezeTag
2010-04-26 10:12:39 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-25 20:42:45 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cae4b7db57d016.mof
2010-04-25 19:10:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-25 19:10:33 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-25 19:10:33 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2010-05-06 17:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 15:49:23 90112 ----a-w- c:\windows\DUMP414e.tmp
2010-03-29 21:14:19 90112 ----a-w- c:\windows\DUMP44aa.tmp
2010-03-26 18:57:28 90112 ----a-w- c:\windows\DUMP5091.tmp
2010-03-26 18:56:16 90112 ----a-w- c:\windows\DUMP4ca9.tmp
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2007-07-18 19:03:54 163 -c--a-w- c:\program files\dianne hall.vcf
2008-07-29 06:40:19 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072820080729\index.dat

============= FINISH: 10:44:47.39 ===============
IndiGenus
2010-05-19, 22:20
Hello pac413 and welcome to the forums.

:welcome:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Also run DDS again and post the logs.
pac413
2010-05-20, 04:34
ComboFix 10-05-19.02 - Patricia Cain 05/19/2010 16:19:34.1.1 - x86
Running from: c:\documents and settings\Patricia Cain\My Documents\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Maleka\err.log
c:\documents and settings\Patricia Cain\Application Data\AntispywareBot
c:\documents and settings\Patricia Cain\Application Data\FunWebProducts
c:\documents and settings\Patricia Cain\Application Data\FunWebProducts\Data\Patricia Cain\avatar.dat
c:\documents and settings\Patricia Cain\err.log
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\windows\Debug\dcpromo.log
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Vb40016.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
.

2010-05-18 16:15 . 2010-05-18 16:15 -------- d-----w- c:\program files\ERUNT
2010-05-16 01:00 . 2010-05-16 01:00 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-16 00:59 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-05-16 00:59 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-16 00:59 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-16 00:59 . 2010-05-16 00:59 -------- d-----w- c:\program files\Linksys
2010-05-14 14:50 . 2010-05-14 14:50 -------- d-----w- c:\documents and settings\Patricia Cain\Application Data\Malwarebytes
2010-05-14 14:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 14:49 . 2010-05-14 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 14:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 14:49 . 2010-05-14 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 14:43 . 2010-05-14 23:05 -------- d-----w- c:\program files\SpywareBlaster
2010-05-14 05:59 . 2010-05-14 05:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-05-05 04:35 . 2010-05-05 04:35 -------- d-----w- c:\documents and settings\Patricia Cain\Application Data\GameHouse
2010-05-04 15:20 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 23:53 . 2010-04-29 19:37 -------- d-----w- c:\documents and settings\Patricia Cain\Application Data\FreezeTag
2010-04-26 10:12 . 2010-04-26 10:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-25 19:10 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-25 19:10 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-09-29 597104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"Google Update"="c:\documents and settings\Patricia Cain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"CHotkey"="zHotkey.exe" [2003-06-03 496640]
"showicon2k"="c:\program files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 135168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-11 67184]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-12-30 120640]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Patricia Cain\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-21 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2003-4-23 1742384]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-10 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-10 805392]
Wal-Mart Connect Tray Icon.lnk - c:\program files\wmconnect\wmtray.exe [2006-2-19 32839]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\GameHouse\\Candy\\Candy\\cruncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wmconnect\\wm.exe"=
"c:\\Program Files\\Common Files\\wmshare\\sysinfo\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Maleka\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 135664]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys [2004-03-17 72024]
R3 L2XPSR;L2XPSR;e:\release\L2XPSR.SYS [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 594600]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]
S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [2001-08-09 64512]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-12-30 153416]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe WUSB54GSC.exe [x]

.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 19:24]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 19:24]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2710466598-2316509714-1532355493-1005Core.job
- c:\documents and settings\Patricia Cain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 08:42]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2710466598-2316509714-1532355493-1005UA.job
- c:\documents and settings\Patricia Cain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 08:42]

2010-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
FF - ProfilePath - c:\documents and settings\Patricia Cain\Application Data\Mozilla\Firefox\Profiles\26pkcn9m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - component: c:\documents and settings\Patricia Cain\Application Data\Mozilla\Firefox\Profiles\26pkcn9m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Patricia Cain\Application Data\Mozilla\Firefox\Profiles\26pkcn9m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Patricia Cain\Application Data\Mozilla\Firefox\Profiles\26pkcn9m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Patricia Cain\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
HKLM-Run-atr.exe - (no file)
AddRemove-Atlantis Quest - c:\program files\Casual Game MEGA Pack\Atlantis Quest\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 16:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\slserv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\MsPMSPSv.exe
c:\program files\Linksys\WUSB54GSC\WLService.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\zHotkey.exe
c:\program files\eM\Bay Reader\Shwicon2k.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-19 17:19:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 00:19

Pre-Run: 65,240,469,504 bytes free
Post-Run: 65,363,423,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 76C58AE41F2D33AF256A43FD103775FE
pac413
2010-05-20, 05:02
DDS (Ver_10-03-17.01) - NTFSx86
Run by Patricia Cain at 19:53:31.09 on Wed 05/19/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll
TB: Yahoo! 工具列: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
TB: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [DW4] "c:\program files\the weather channel fw\desktop weather\DesktopWeather.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\patricia cain\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CHotkey] zHotkey.exe
mRun: [showicon2k] c:\program files\\em\bay reader\Shwicon2k.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director6/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://mirror.worldwinner.com/games/v46/blockwerx/blockwerx.cab
DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} - hxxp://mirror.worldwinner.com/games/shared/dephlp.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://mirror.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://mirror.worldwinner.com/games/v55/cubis/cubis.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38155.3402083333
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://mirror.worldwinner.com/games/v61/swapit/swapit.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin9.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\patric~1\applic~1\mozilla\firefox\profiles\26pkcn9m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - component: c:\documents and settings\patricia cain\application data\mozilla\firefox\profiles\26pkcn9m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\patricia cain\application data\mozilla\firefox\profiles\26pkcn9m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\patricia cain\application data\mozilla\firefox\profiles\26pkcn9m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\patricia cain\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? ccPwdSvc;Symantec Password Validation
R? gupdate;Google Update Service (gupdate)
R? JL2005;JL2005A Toy Camera
R? L2XPSR;L2XPSR
R? MotDev;Motorola Inc. USB Device
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? lxdu_device;lxdu_device
S? lxduCATSCustConnectService;lxduCATSCustConnectService
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? PackethSvc;Virtual NIC Service
S? SavRoam;SavRoam
S? SAVRT;SAVRT
S? SAVRTPEL;SAVRTPEL
S? Symantec AntiVirus;Symantec AntiVirus
S? Viewpoint Manager Service;Viewpoint Manager Service
S? WinDefend;Windows Defender
S? WUSB54GSC;WUSB54GSC

=============== Created Last 30 ================

2010-05-19 23:11:13 0 d-sha-r- C:\cmdcons
2010-05-19 23:01:58 77312 ----a-w- c:\windows\MBR.exe
2010-05-19 23:01:57 98816 ----a-w- c:\windows\sed.exe
2010-05-19 23:01:57 256512 ----a-w- c:\windows\PEV.exe
2010-05-19 23:01:57 161792 ----a-w- c:\windows\SWREG.exe
2010-05-16 01:00:07 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-16 00:59:56 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-05-16 00:59:55 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-16 00:59:55 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-16 00:59:55 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-16 00:59:46 0 d-----w- c:\program files\Linksys
2010-05-16 00:59:22 670 ----a-w- c:\windows\system32\WLAN.INI
2010-05-14 14:50:31 0 d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2010-05-14 14:49:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 14:49:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-14 14:49:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 14:49:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 14:43:17 0 d-----w- c:\program files\SpywareBlaster
2010-05-05 04:35:53 0 d-----w- c:\docume~1\patric~1\applic~1\GameHouse
2010-05-04 17:24:46 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caebaeb0fa9bf2.mof
2010-05-04 15:20:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 23:53:47 0 d-----w- c:\docume~1\patric~1\applic~1\FreezeTag
2010-04-26 10:12:39 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-25 20:42:45 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cae4b7db57d016.mof
2010-04-25 19:10:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-25 19:10:33 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-25 19:10:33 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2010-05-06 17:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 15:49:23 90112 ----a-w- c:\windows\DUMP414e.tmp
2010-03-29 21:14:19 90112 ----a-w- c:\windows\DUMP44aa.tmp
2010-03-26 18:57:28 90112 ----a-w- c:\windows\DUMP5091.tmp
2010-03-26 18:56:16 90112 ----a-w- c:\windows\DUMP4ca9.tmp
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2007-07-18 19:03:54 163 -c--a-w- c:\program files\dianne hall.vcf
2008-07-29 06:40:19 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072820080729\index.dat

============= FINISH: 19:57:03.32 ===============
IndiGenus
2010-05-20, 05:12
There should be another file created by DDS called Attach.txt. Can you post that too.

Also, let me know how it's running.
pac413
2010-05-20, 16:24
I can't find it
IndiGenus
2010-05-20, 16:25
Please run it again and both logs should open automatically.
pac413
2010-05-20, 16:26
It crashes and reboots on it's own, It is all messed up, I am so frustrated,I have looked for the file u want but can't seem to find it, I see the combofix file
pac413
2010-05-20, 16:28
I forgot it won't let me use mozilla at all I have to go through Chrome, it crash everytime I try to use it
IndiGenus
2010-05-20, 16:28
You're saying DDS crashes, or the whole computer? The files from DDS are not saved automatically.

If just DDS is crashing then try deleting it and download a fresh copy.
IndiGenus
2010-05-20, 16:29
I forgot it won't let me use mozilla at all I have to go through Chrome, it crash everytime I try to use it
All of these issues may or may not be malware related. We'll eliminate the malware first, then we can try to address the other issues you're having.
pac413
2010-05-20, 21:39
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2004 2:35:59 PM
System Uptime: 5/20/2010 12:14:52 PM (0 hours ago)

Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2171/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 60.745 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_904D1509&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_904D1509&REV_A1\3&13C0B0C5&0&20
Service: NVENET

==== System Restore Points ===================

RP1810: 2/20/2010 7:10:24 AM - System Checkpoint
RP1811: 2/22/2010 1:07:14 PM - Software Distribution Service 3.0
RP1812: 2/24/2010 3:00:39 AM - Software Distribution Service 3.0
RP1813: 2/25/2010 5:46:21 AM - Software Distribution Service 3.0
RP1814: 2/26/2010 8:57:35 AM - Software Distribution Service 3.0
RP1815: 2/27/2010 11:16:18 AM - System Checkpoint
RP1816: 2/28/2010 7:30:25 PM - System Checkpoint
RP1817: 3/1/2010 1:21:28 PM - Software Distribution Service 3.0
RP1818: 3/2/2010 2:43:15 PM - System Checkpoint
RP1819: 3/3/2010 6:34:54 PM - System Checkpoint
RP1820: 3/4/2010 8:04:32 PM - System Checkpoint
RP1821: 3/4/2010 10:02:01 PM - Software Distribution Service 3.0
RP1822: 3/5/2010 10:26:42 PM - System Checkpoint
RP1823: 3/6/2010 11:13:29 PM - System Checkpoint
RP1824: 3/8/2010 9:37:12 AM - System Checkpoint
RP1825: 3/9/2010 1:31:41 AM - Software Distribution Service 3.0
RP1826: 3/9/2010 12:18:28 PM - Printer Driver Amyuni Document Converter 2.51 Installed
RP1827: 3/10/2010 6:40:24 PM - System Checkpoint
RP1828: 3/11/2010 3:00:37 AM - Software Distribution Service 3.0
RP1829: 3/11/2010 12:13:18 PM - Software Distribution Service 3.0
RP1830: 3/13/2010 12:10:29 AM - System Checkpoint
RP1831: 3/14/2010 11:24:16 AM - System Checkpoint
RP1832: 3/15/2010 12:02:14 PM - System Checkpoint
RP1833: 3/16/2010 12:56:52 AM - Software Distribution Service 3.0
RP1834: 3/17/2010 1:13:25 AM - System Checkpoint
RP1835: 3/18/2010 1:16:59 AM - System Checkpoint
RP1836: 3/18/2010 3:33:03 PM - Software Distribution Service 3.0
RP1837: 3/19/2010 3:31:29 PM - Installed The New Way Things Work
RP1838: 3/20/2010 5:05:10 PM - System Checkpoint
RP1839: 3/21/2010 7:33:12 PM - System Checkpoint
RP1840: 3/22/2010 9:45:55 PM - System Checkpoint
RP1841: 3/22/2010 10:47:33 PM - Software Distribution Service 3.0
RP1842: 3/23/2010 11:59:20 PM - System Checkpoint
RP1843: 3/25/2010 12:54:52 AM - System Checkpoint
RP1844: 3/25/2010 9:59:15 AM - Software Distribution Service 3.0
RP1845: 3/26/2010 12:15:17 PM - System Checkpoint
RP1846: 3/27/2010 12:18:05 PM - System Checkpoint
RP1847: 3/29/2010 5:32:47 AM - System Checkpoint
RP1848: 3/29/2010 5:41:35 PM - Software Distribution Service 3.0
RP1849: 3/30/2010 6:03:26 PM - System Checkpoint
RP1850: 3/31/2010 6:16:00 AM - Installed Java(TM) 6 Update 19
RP1851: 3/31/2010 6:20:49 AM - Installed Java Runtime Environment
RP1852: 4/1/2010 3:00:45 AM - Software Distribution Service 3.0
RP1853: 4/1/2010 8:37:13 PM - Software Distribution Service 3.0
RP1854: 4/2/2010 8:41:16 PM - System Checkpoint
RP1855: 4/3/2010 9:51:02 PM - System Checkpoint
RP1856: 4/5/2010 12:39:45 AM - System Checkpoint
RP1857: 4/5/2010 1:03:43 PM - Software Distribution Service 3.0
RP1858: 4/6/2010 5:58:02 PM - System Checkpoint
RP1859: 4/7/2010 6:38:54 PM - System Checkpoint
RP1860: 4/8/2010 7:44:30 AM - Software Distribution Service 3.0
RP1861: 4/9/2010 7:57:06 AM - System Checkpoint
RP1862: 4/10/2010 8:44:03 AM - System Checkpoint
RP1863: 4/11/2010 9:43:58 AM - System Checkpoint
RP1864: 4/12/2010 10:29:54 AM - System Checkpoint
RP1865: 4/12/2010 1:23:49 PM - Software Distribution Service 3.0
RP1866: 4/13/2010 4:44:10 PM - System Checkpoint
RP1867: 4/15/2010 3:15:57 AM - Software Distribution Service 3.0
RP1868: 4/15/2010 2:14:20 AM - System Checkpoint
RP1869: 4/16/2010 1:25:55 AM - Software Distribution Service 3.0
RP1870: 4/17/2010 4:27:41 AM - System Checkpoint
RP1871: 4/18/2010 8:10:29 AM - System Checkpoint
RP1872: 4/19/2010 1:43:31 AM - Software Distribution Service 3.0
RP1873: 4/19/2010 8:51:40 PM - Software Distribution Service 3.0
RP1874: 4/20/2010 8:54:57 PM - System Checkpoint
RP1875: 4/22/2010 12:21:14 PM - System Checkpoint
RP1876: 4/22/2010 9:04:45 PM - Software Distribution Service 3.0
RP1877: 4/23/2010 9:06:30 PM - System Checkpoint
RP1878: 4/24/2010 9:11:49 PM - System Checkpoint
RP1879: 4/25/2010 10:48:13 PM - System Checkpoint
RP1880: 4/26/2010 3:00:42 AM - Software Distribution Service 3.0
RP1881: 4/26/2010 11:16:07 AM - Software Distribution Service 3.0
RP1882: 4/27/2010 3:01:05 AM - Software Distribution Service 3.0
RP1883: 4/28/2010 2:54:16 PM - System Checkpoint
RP1884: 4/29/2010 8:07:32 AM - Software Distribution Service 3.0
RP1885: 4/30/2010 9:46:33 PM - System Checkpoint
RP1886: 5/1/2010 10:53:42 PM - System Checkpoint
RP1887: 5/2/2010 11:42:55 PM - System Checkpoint
RP1888: 5/3/2010 9:51:13 PM - Software Distribution Service 3.0
RP1889: 5/4/2010 8:19:46 AM - Installed Java(TM) 6 Update 20
RP1890: 5/5/2010 10:43:18 AM - System Checkpoint
RP1891: 5/6/2010 10:40:59 AM - Software Distribution Service 3.0
RP1892: 5/7/2010 8:40:05 AM - Software Distribution Service 3.0
RP1893: 5/8/2010 9:05:20 AM - System Checkpoint
RP1894: 5/10/2010 6:52:32 PM - Software Distribution Service 3.0
RP1895: 5/12/2010 9:27:19 AM - System Checkpoint
RP1896: 5/13/2010 3:00:59 AM - Software Distribution Service 3.0
RP1897: 5/13/2010 12:13:45 PM - Software Distribution Service 3.0
RP1898: 5/14/2010 4:57:07 PM - Software Distribution Service 3.0
RP1899: 5/17/2010 7:43:12 PM - Software Distribution Service 3.0
RP1900: 5/19/2010 5:23:55 AM - System Checkpoint
RP1901: 5/20/2010 6:45:19 AM - Software Distribution Service 3.0

==== Installed Programs ======================

10 Days To Save The World
100+ Great Games Vol 2
15 Puzzle
2 Player Chess
56Kbps Internal Modem
7 Wonders
8 Queens
ABBYY FineReader 6.0 Sprint
Acey Deucy Backgammon
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe Shockwave Player
Alquerque
Amazing Finds
Ancient TriPeaks
Apple Mobile Device Support
Apple Software Update
ArcSoft Funhouse
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression
ArcSoft PhotoImpression 6
ArcSoft Software Suite
ArcSoft VideoImpression 1.6
Art Explosion Greeting Card Factory Express
Bejeweled 2 Deluxe 1.0
Bejeweled Deluxe 1.862
Bejeweled Twist
Big Fish Games Client
BigFix
Blast Thru
Blobs
Block Rox
Blood Ties
Bonjour
Brain Twister
CA Yahoo! Anti-Spy (remove only)
Carbonite Online Backup Setup
Card and Board Games
CDDRV_Installer
Charmed
CIF Dual-Mode Camera
Color Wheel
Compact Wireless-G USB Network Adapter with SpeedBooster
CompanionLink for Extreme3
CompuServe
Corel Graphics Suite 11
Coupon Printer for Windows
Creation Station Special Edition
Critical Update for Windows Media Player 11 (KB959772)
Dark Tiles
Dodgem
Dominoes Deluxe
Draw Poker
Drop
DVD Shrink 3.2
EarthLink MDAC
eGames GameButler
eMachines Bay Reader V1.00
English Solitaire
ERUNT 1.1j
exPressit S.E. 2.2
Fantasy Tetrix
FaxTools
Fisher-Price Computer Cool School
Five21s
Fox & Geese
Full Tilt Poker
Galaxy Man
Galaxy Multi Pack
Galaxy of Games 201
Gems 3D
Google Chrome
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
InterActual Player
iPod for Windows 2006-03-23
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_04
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jewel Quest (remove only)
KhalInstallWrapper
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice for Microsoft Agent
Lexicon Special Edition
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
LiveUpdate 2.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Lottso! Deluxe
Luxor 3
Luxor Amun Rising (remove only)
Magic Match
Mahjong Match
Mahjongg Dimensions Deluxe (remove only)
Mahjongg Jr
Mahjongg Master 2 Special Edition
Mahjongg Master 3 Special Edition
Mahjongg Master 4
Mahjongg Master Egyptian Edition
Mahjongg Patience
Malwarebytes' Anti-Malware
Mancala
Mega Match
Memory Match
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
Microsoft XML Parser
Motorola Software Update
Mozilla Firefox (3.6)
MSN Music Assistant
MSSoap
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
Netscape 6 (6.2.1)
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org Installer 1.0
Organizer Pro
PartyPokerNet
Peggle Deluxe 1.0
Peggle Nights Deluxe
Penny Dreadfuls(TM) Sweeney Todd
Phlinx To Go
PhoTags Express
Photo Match All
PokerStars.net
PowerDVD
Print Perfect Deluxe
Puzzle Master 2 Special Edition
QuickTime
RealArcade
RealPlayer
Rhapsody Player Engine
Roxio PhotoSuite 5
Secret Circuit
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Solitaire 2 Special Edition
Solitaire Master 3 Special Edition 1
Space Solitaire
SpywareBlaster 4.3
Symantec AntiVirus
Tai Match
TBS WMP Plug-in
TestPokerStars.com
The New Way Things Work
Tri Rummy
Turning
Undiscovered World: The Incan Sun
Uniblue DriverScanner 2009
Uninstall JL2005A Toy Camera
Universal Media Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
VBA (2627.01)
Viewpoint Manager (Remove Only)
Viewpoint Toolbar (Remove Only)
Wal-Mart Connect
Web Games Player Plugin
WebFldrs XP
Wild Wheels Special Edition
Winamp (remove only)
Windows Backup Utility
Windows Defender
Windows Defender Signatures
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Hotfix - KB833987
Windows XP Service Pack 3
Word Search Mania
Word Skramble
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! 工具列
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

5/20/2010 8:29:49 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000018, parameter2 00000002, parameter3 00000001, parameter4 f7276800.
5/20/2010 12:26:18 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eda4c81b, parameter3 8426f850, parameter4 00000000.
5/20/2010 12:20:46 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
5/20/2010 12:20:46 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/20/2010 12:20:46 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/20/2010 12:20:46 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/19/2010 9:48:15 PM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\Card and Board Games\UNWISE.EXE
5/19/2010 9:11:22 PM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\15 Puzzle\UNWISE.EXE->(VFS:_l_________)->[RSRCEmb]
5/19/2010 8:40:32 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edbddc24, parameter3 8420eba0, parameter4 00000000.
5/19/2010 8:36:49 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edbddc24, parameter3 8424eba0, parameter4 00000000.
5/19/2010 7:44:46 PM, error: System Error [1003] - Error code 1000000a, parameter1 760c7d3b, parameter2 00000002, parameter3 00000001, parameter4 804eb55b.
5/19/2010 7:40:17 AM, error: System Error [1003] - Error code 100000d1, parameter1 ae9f401e, parameter2 000000ff, parameter3 00000000, parameter4 ae9f401e.
5/19/2010 7:15:38 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eda4c81b, parameter3 8423f850, parameter4 00000000.
5/19/2010 6:04:07 AM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\Card and Board Games\UNWISE.EXE->(VFS:_l_________)->[RSRCEmb]
5/19/2010 5:58:46 PM, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
5/19/2010 4:59:03 AM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\8 Queens\UNWISE.EXE->(VFS:_l_________)->[RSRCEmb]
5/19/2010 4:12:21 AM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: process:pid:1840
5/19/2010 3:57:37 PM, error: Service Control Manager [7034] - The SavRoam service terminated unexpectedly. It has done this 1 time(s).
5/19/2010 2:44:52 PM, error: Print [6161] - The document A guide and tutorial on using ComboFix owned by Patricia Cain failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 2831863. Number of bytes printed: 2831863. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\YOUR-PD3MH0ABGS. Win32 error code returned by the print processor: 0 (0x0).
5/19/2010 2:42:30 PM, error: Print [6161] - The document A guide and tutorial on using ComboFix owned by Patricia Cain failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 7057407. Number of bytes printed: 0. Total number of pages in the document: 9. Number of pages printed: 7. Client machine: \\YOUR-PD3MH0ABGS. Win32 error code returned by the print processor: 0 (0x0).
5/19/2010 2:39:24 PM, error: Print [6161] - The document A guide and tutorial on using ComboFix owned by Patricia Cain failed to print on printer Lexmark 5600-6600 Series (USB). Data type: LEMF. Size of the spool file in bytes: 7059529. Number of bytes printed: 0. Total number of pages in the document: 9. Number of pages printed: 3. Client machine: \\YOUR-PD3MH0ABGS. Win32 error code returned by the print processor: 0 (0x0).
5/19/2010 12:13:33 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eda4c81b, parameter3 8421a850, parameter4 00000000.
5/19/2010 10:52:39 AM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\Card and Board Games\UNWISE.EXE->(VFS:_l_________)
5/19/2010 1:31:40 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eda4c81b, parameter3 84235850, parameter4 00000000.
5/19/2010 1:26:00 PM, error: System Error [1003] - Error code 1000000a, parameter1 c04e37cc, parameter2 00000002, parameter3 00000000, parameter4 804eb5a6.
5/19/2010 1:22:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Defender service to connect.
5/19/2010 1:22:56 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/18/2010 8:41:11 AM, error: Service Control Manager [7034] - The Windows Defender service terminated unexpectedly. It has done this 3 time(s).
5/18/2010 8:41:01 AM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\Acey Deucy Backgammon\UNWISE.EXE->(VFS:_l_________)->[RSRCEmb]
5/18/2010 8:12:58 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
5/18/2010 8:11:06 AM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\Ancient TriPeaks\UNWISE.EXE->(VFS:_l_________)->[RSRCEmb]
5/18/2010 7:28:44 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ed9d181b, parameter3 8425c850, parameter4 00000000.
5/18/2010 7:23:34 PM, error: System Error [1003] - Error code 10000050, parameter1 e8a11000, parameter2 00000000, parameter3 eb5cd00a, parameter4 00000001.
5/18/2010 6:51:34 AM, error: System Error [1003] - Error code 100000d1, parameter1 8e9f400e, parameter2 000000ff, parameter3 00000000, parameter4 8e9f400e.
5/18/2010 6:18:51 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ed9d181b, parameter3 8425a850, parameter4 00000000.
5/18/2010 6:16:30 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
5/18/2010 10:43:31 AM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
5/17/2010 9:17:10 PM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\eGames\Blobs\UNWISE.EXE->(VFS:_l_________)
5/17/2010 8:09:07 PM, error: System Error [1003] - Error code 10000050, parameter1 ebc1e1f3, parameter2 00000001, parameter3 8056884d, parameter4 00000000.
5/17/2010 8:02:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
5/17/2010 8:02:31 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/14/2010 5:03:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/14/2010 4:58:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
5/13/2010 9:57:24 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
5/13/2010 11:41:45 PM, error: Service Control Manager [7000] - The AOL Spyware Protection Service service failed to start due to the following error: The system cannot find the path specified.
5/13/2010 11:10:53 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================
IndiGenus
2010-05-20, 21:55
Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


I see you have MalwareBytes installed. Let's run a scan with it. Make sure to update it first, then run a quick scan. Let it fix what it finds and post the log.

Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.


Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Run DDS again and post those logs.
pac413
2010-05-20, 21:58
I can't find my winzip
IndiGenus
2010-05-20, 22:02
I can't find my winzip
You mean for posting the last log? That's okay, no need to zip it up here. Some forums like it that way but I prefer to review online. Just continue. If you need to zip and attach something you can just use Windows itself. Just right click the file, then select "Send to..." compressed file. That will zip it up for you.
pac413
2010-05-24, 03:57
every time I try it crashes, should I just wipe it clean and re install everything
IndiGenus
2010-05-24, 15:41
every time I try it crashes, should I just wipe it clean and re install everything
What crashes? You need to give me a little more to go on here. Does it give an error? If so, what? Etc...?

It's up to you if you want to start over and wipe it clean. A very small percentage of the time that is the way to go, depending on the infection and the damage it may have done. Most of the time we are able to remove the infections and get the system running well. But you will need to do some work on your end, such as getting me error messages, more details, etc...
pac413
2010-05-25, 20:13
Hello I am not pac413 but a friend of hers she cannot get on her computer at the moment...It seems whenever her computer is loading (startup or a download) it crashes...She was able to download the ATF and was downloading Kaspersky when when the system crashed....She cant get it to start back up right now, she'll have to wait a little while and will get back to you asap...Thanks....I will check back to see if you wish me to get more info for you...
IndiGenus
2010-05-25, 20:59
Thanks for getting back to me.

I can see several BSOD errors in her event logs. They indicate it could possibly be a hardware issue. Bad memory, video card/drivers, etc..

Have her disable automatic restart. To do that boot into the Advanced Options menu by pressing F8 after starting the PC. Select Disable automatic restart on system failure and reboot.

Now write down the error codes that she gets with the BSOD.