View Full Version : Windows XP Recovery has taken over my laptop!
Is Windows Desktop Recovery a legitimate tool? I have no desktop screen, but was somehow able to run DDS. It is very difficult to do anything on this PC without the desktp, but here is the is DDS the detail:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jeff Barbour at 15:35:32.67 on Sun 05/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.230 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\mmTqFwKCYWAdjGW.exe
C:\WINDOWS\system32\attrib.exe
C:\Documents and Settings\All Users\Application Data\17358628.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\attrib.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\attrib.exe
C:\Documents and Settings\Jeff Barbour\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221 (http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221)
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221 (http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221)
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: compliance0615 Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: compliance0615 Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: compliance0615 Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\jeff barbour\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Push Client] c:\documents and settings\jeff barbour\local settings\application data\att connect\participant\pull.exe
uRun: [mmTqFwKCYWAdjGW] c:\documents and settings\all users\application data\mmTqFwKCYWAdjGW.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jeffba~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jeffba~1\applic~1\mozilla\firefox\profiles\pupzttcx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\jeff barbour\application data\mozilla\firefox\profiles\pupzttcx.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\jeff barbour\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\jeff barbour\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jeff barbour\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npampx3.0.84.2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-3 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-3 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-10 88176]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-7-28 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-05-15 19:49:03 378368 ---ha-w- c:\docume~1\alluse~1\applic~1\17358628.exe
2011-05-15 19:41:28 434176 ---ha-w- c:\docume~1\alluse~1\applic~1\mmTqFwKCYWAdjGW.exe
2011-05-11 23:41:04 -------- d--h--w- C:\3274d421318c40220104be
2011-05-11 00:44:10 781272 ---ha-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 00:44:10 1874904 ---ha-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 00:44:09 89048 ---ha-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 00:44:09 465880 ---ha-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 00:44:09 1892184 ---ha-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 00:44:09 15832 ---ha-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 00:44:09 142296 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 00:44:08 1974616 ---ha-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ---ha-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 15:36:28.76 ===============
Edit
Hello jeff524,
Is this the same machine? http://forums.spybot.info/showthread.php?t=62591
=====================
sorry - no. different machine...as soon as I got my desktop cleaned up, my laptop started acting strange...I thought I got rid of the problem on the laptop, but appear to still be having problems....
Hello jeff524 and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
I have no desktop screen I would like to get a little more information about this before we begin. Have all of your desktop icons disappeared or has your usual desktop wallpaper completely gone leaving nothing but a black screen? When you access your start menu can you see all of your installed programs listed?
JonTom -
Thanks for the reply!
I was able to get my desktop screen back and run malwarebytes to remove a lot of windows recovery related malware. However, I believe I still may have some remnants as the PC is still somewhat slow. An example is when I type this note, there is a delay before the word shows up.
Other things that I need help fixing is when I go to start/all programs menu, several of the programs say "(empty)" instead of giving me another menu.
Also, in the start/all programs menu there is a program called windows xp recovery. There are two options: 1) Uninstall Windows XP recovery and 2) Windows XP Recovery. I have not clicked the uninstall fearing it was actually a trap to restart the virus.
Can you help with this?
Thanks!
Hello jeff524
Thank you for the information.
There are two options Do not click on anything at the moment.
Please work your way through the following steps:
Unhide
Download and run unhide.exe by grinler from here (http://download.bleepingcomputer.com/grinler/unhide.exe) and save the file to your desktop.
Run the tool and allow it to complete.
DDS
Please scan your system again with DDS and post both logs that are created.
Please scan your system with GMER
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Please post the DDS logs and the GMER log in your next reply. I would also like to see the MBAM log that was produced after your scan. You can find it by opening MBAM and clicking on the "Logs" tab.
When you navigate to start/all programs, can you see your program files now?
If you encounter any problems with the scans come back and let me know.
I ran unhide as instructed. Some of the programs are there, but others still say "empty". This includes microsoft office, spybot and others. I went ahead and re-ran unhide after turning off AVG, but it still has a lot of "empty" programs.
I am posting both the DDS logs here as requested. I will post the MBAM and GMER on the next message(s):
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jeff Barbour at 20:03:24.53 on Thu 05/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.380 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Documents and Settings\Jeff Barbour\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: compliance0615 Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: compliance0615 Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: compliance0615 Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\jeff barbour\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Push Client] c:\documents and settings\jeff barbour\local settings\application data\att connect\participant\pull.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jeffba~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jeffba~1\applic~1\mozilla\firefox\profiles\pupzttcx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\jeff barbour\application data\mozilla\firefox\profiles\pupzttcx.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\jeff barbour\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\jeff barbour\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jeff barbour\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npampx3.0.84.2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-16 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-5-15 532224]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-10 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-7-28 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-05-17 03:06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 02:46:32 -------- d-----w- c:\docume~1\jeffba~1\locals~1\applic~1\Secunia PSI
2011-05-17 02:46:12 -------- d-----w- c:\program files\Secunia
2011-05-17 02:15:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-16 22:44:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-16 22:39:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-16 22:39:41 -------- d-----w- c:\program files\Lavasoft
2011-05-16 02:01:06 -------- d-----w- c:\docume~1\jeffba~1\applic~1\AVG10
2011-05-16 01:57:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-16 01:57:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-05-16 01:43:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-05-16 01:19:15 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-05-16 01:19:15 -------- d-----w- c:\windows\system32\ZoneLabs
2011-05-16 01:19:12 -------- d-----w- c:\program files\Zone Labs
2011-05-16 01:18:23 -------- d-----w- c:\windows\Internet Logs
2011-05-15 21:17:58 -------- d-----w- c:\docume~1\jeffba~1\applic~1\Malwarebytes
2011-05-15 21:17:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 21:17:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-15 21:17:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 21:17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 23:41:04 -------- d-----w- C:\3274d421318c40220104be
2011-05-11 00:44:10 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 00:44:10 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 00:44:09 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 00:44:09 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 00:44:09 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 00:44:09 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 00:44:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 00:44:08 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:04:49.18 ===============
-------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/27/2007 12:28:05 PM
System Uptime: 5/26/2011 7:58:08 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KY768
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | Microprocessor | 1496/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 106 GiB total, 64.696 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP260: 2/21/2011 4:15:53 PM - System Checkpoint
RP261: 2/25/2011 6:51:29 AM - Software Distribution Service 3.0
RP262: 3/9/2011 7:04:10 PM - Software Distribution Service 3.0
RP263: 3/15/2011 5:14:38 PM - Avg Update
RP264: 3/15/2011 5:15:12 PM - Avg Update
RP265: 3/15/2011 5:17:06 PM - Avg Update
RP266: 3/24/2011 6:56:30 AM - Software Distribution Service 3.0
RP267: 3/26/2011 11:32:48 AM - System Checkpoint
RP268: 4/1/2011 9:46:23 PM - System Checkpoint
RP269: 4/4/2011 6:47:11 PM - System Checkpoint
RP270: 4/17/2011 8:19:06 AM - Software Distribution Service 3.0
RP271: 4/21/2011 4:42:28 PM - Software Distribution Service 3.0
RP272: 4/28/2011 5:22:48 PM - Software Distribution Service 3.0
RP273: 4/30/2011 1:13:47 PM - System Checkpoint
RP274: 5/5/2011 5:08:33 PM - Avg Update
RP275: 5/9/2011 6:22:51 PM - Avg Update
RP276: 5/11/2011 6:36:33 PM - Software Distribution Service 3.0
RP277: 5/11/2011 6:54:19 PM - Avg Update
RP278: 5/11/2011 6:54:29 PM - Software Distribution Service 3.0
RP279: 5/14/2011 2:03:46 PM - System Checkpoint
RP280: 5/15/2011 2:18:58 PM - System Checkpoint
RP281: 5/15/2011 8:32:45 PM - Installed Java(TM) 6 Update 24
RP282: 5/15/2011 8:47:49 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP283: 5/15/2011 8:48:15 PM - Installed AVG 2011
RP284: 5/15/2011 8:50:41 PM - Removed AVG Free 9.0
RP285: 5/15/2011 8:56:30 PM - Installed AVG 2011
RP286: 5/16/2011 5:39:18 PM - Installed Ad-Aware
RP287: 5/16/2011 5:39:38 PM - Installed Ad-Aware
RP288: 5/19/2011 6:10:54 PM - System Checkpoint
RP289: 5/19/2011 9:39:47 PM - Software Distribution Service 3.0
RP290: 5/22/2011 2:30:59 PM - System Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.6
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Software Update
ArcSoft PhotoStudio 5.5
AT&T Connect Participant Application v8.9.15
AVG 2011
Barbie I Can Be Dress Up
Broadcom Management Programs
Browser Address Error Redirector
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MP970 series
Canon MP970 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CDDRV_Installer
Comic Life
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
ExamView Player
ExamView Pro
FoxyTunes for Firefox
Games, Music, & Photos Launcher
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IntelliSonic Speech Enhancement
Internet Service Offers Launcher
IObitCom Toolbar
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
KhalInstallWrapper
Laptop Integrated Webcam Driver (1.03.02.0719)
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Logitech Registration
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
NetWaiting
NVIDIA Drivers
OutlookAddinSetup
PDF Settings
Photo Story 3 for Windows
PokerStars
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft OmniPage SE 4
SearchAssist
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Defrag
Sonic Activation Module
Spybot - Search & Destroy
StatBar 2.406
Unity Web Player
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VC 9.0 Runtime
WebEx
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Music Jukebox
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 5:59:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001E4C9A3978 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/22/2011 6:48:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E4C9A3978 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/19/2011 8:53:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/19/2011 7:35:10 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
Here is the MBAM log after the scan on 5-15:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6586
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/15/2011 7:56:59 PM
mbam-log-2011-05-15 (19-56-59).txt
Scan type: Full scan (C:\|)
Objects scanned: 243804
Time elapsed: 1 hour(s), 30 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmTqFwKCYWAdjGW (Rogue.Installer.Gen) -> Value: mmTqFwKCYWAdjGW -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\mmtqfwkcywadjgw.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jeff barbour\my documents\from old pc\Misc\DESKTOP.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\17358628.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
Below is the Gmer.txt log:
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 21:26:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS542512K9SA00 rev.BB2OC39P
Running: gmer.exe; Driver: C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\pwryypob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF4FD2534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF4FCC782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF4FEB6DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF4FD2CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF4FD2DF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF4FCD398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF4FECFE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF4FEC93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF4FED93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF4FEDB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF4FCCFAA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7935738]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF4FEE8D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF4FEE208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF4FD20F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF4FEF2A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF4FCD75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF4FEEE12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF4FEC0C4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79357DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7935878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7935914]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 8 Bytes [D2, E8, FE, F4, 08, E2, FE, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6A60380, 0x2F18C7, 0xE8000020]
? C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2760] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2760] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2760] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2760] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B9144D20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- EOF - GMER 1.0.15 ----
Hello jeff524
Thank you for the logs.
Some of the programs are there, but others still say "empty" Do you recall if you ran CCleaner to delete your temporary files before requesting help? <=== Please let me know.
Please work your way through the following steps:
I can see that you have both Anti-Virus Free Edition 2011 and Lavasoft Ad-Watch Live! Anti-Virus installed.
If you have real-time antivirus protection enabled with your Ad-Aware this may conflict with your installed AVG. You are advised to have only ONE real time antivirus running on your machine at any one time.
Toolbars
I can see that you have IObitCom Toolbar installed.
We recommend that you uninstall this toolbar from your machine.
To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
A list of currently installed programs will be displayed.
Find the "IObitCom Toolbar" program, click on it once and then click on the "Remove" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.
Please un-install J2SE Runtime Environment 5.0 Update 6
Click on "Start" then on "Control Panel" and then on "Add or remove programs".
Click on "remove a program". A list of currently installed programs will be displayed.
Find the "J2SE Runtime Environment 5.0 Update 6" program, click on it once and then click on the "uninstall" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.
Please download SystemLook by JPShortstuff
Please download SystemLook by JPShortstuff by clicking here (http://jpshortstuff.247fixes.com/SystemLook.exe) or here (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe) and save the file (called SystemLook.exe) to your desktop.
Double click SystemLook.exe to run the program.
Copy the content of the following codebox into the main textfield:
:dir
%Temp%\smtmp /s
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Please post the systemlook log in your next reply.
Besides your desktop/program icon issue, are you experiencing any other symptoms?
- I don't specifically recall running CCleaner before requesting help, but it is possible. I don't think I did though.
- Other than the (empty) problem, the PC still seems bogged down and it takes some time for things to get moving. There is sometimes a delay in time between typing on the keyboard and when it appears on the screen.
- I uninstalled:
1) Lavasoft Ad-Watch Live! Anti-Virus
2) IObitCom Toolbar
3) J2SE Runtime Environment 5.0 Update 24
Here is the SYSTEMLOOK log: Thanks!
SystemLook 04.09.10 by jpshortstuff
Log created at 20:57 on 27/05/2011 by Jeff Barbour
Administrator - Elevation successful
========== dir ==========
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp - Parameters: "/s"
---Files---
None found.
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1 d------ [19:44 15/05/2011]
desktop.ini --ahs-- 272 bytes [18:57 10/08/2004] [00:41 03/10/2008]
PokerStars.lnk ------- 736 bytes [18:30 15/03/2009] [18:36 15/03/2009]
Program Updates.lnk ------- 995 bytes [20:27 21/12/2007] [20:27 21/12/2007]
Set Program Access and Defaults.lnk ------- 1563 bytes [19:04 10/08/2004] [00:41 03/10/2008]
Windows Catalog.lnk ------- 398 bytes [19:04 10/08/2004] [19:04 10/08/2004]
Windows Update.lnk ------- 1411 bytes [19:04 10/08/2004] [19:04 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs d------ [19:44 15/05/2011]
Adobe Bridge CS3.lnk --a---- 818 bytes [02:54 03/09/2008] [02:54 03/09/2008]
Adobe Device Central CS3.lnk --a---- 911 bytes [02:56 03/09/2008] [02:56 03/09/2008]
Adobe Digital Editions.lnk --a---- 1825 bytes [03:21 27/12/2010] [03:21 27/12/2010]
Adobe ExtendScript Toolkit 2.lnk --a---- 1100 bytes [12:06 03/09/2008] [12:06 03/09/2008]
Adobe Photoshop CS3.lnk --a---- 856 bytes [01:49 04/09/2008] [01:49 04/09/2008]
Adobe Reader 8.lnk --a---- 2347 bytes [04:46 15/07/2009] [14:08 01/11/2009]
Adobe Stock Photos CS3.lnk --a---- 942 bytes [01:46 04/09/2008] [01:46 04/09/2008]
Apple Software Update.lnk --a---- 1830 bytes [19:08 17/05/2008] [12:34 15/07/2008]
desktop.ini --ahs-- 150 bytes [18:57 10/08/2004] [19:02 10/08/2004]
MediaDirect.lnk --a---- 1659 bytes [20:31 21/12/2007] [20:31 21/12/2007]
Microsoft Office PowerPoint Viewer 2003.lnk --a---- 1775 bytes [20:37 21/12/2007] [00:57 10/12/2009]
Microsoft Plus! Photo Story 2 LE.lnk --a---- 1934 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Microsoft Works Task Launcher.lnk --a---- 1701 bytes [20:37 21/12/2007] [20:37 21/12/2007]
More Great Games.lnk --a---- 1542 bytes [23:20 21/02/2009] [23:20 21/02/2009]
Mozilla Firefox.lnk --a---- 730 bytes [00:44 11/05/2011] [00:44 11/05/2011]
MSN.lnk --a---- 1890 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Outlook 2002.lnk --a---- 1800 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Photo Story 3 for Windows.lnk --a---- 1537 bytes [01:09 07/04/2009] [01:09 07/04/2009]
Play My Games.lnk --a---- 1578 bytes [23:20 21/02/2009] [23:20 21/02/2009]
Windows Messenger.lnk --a---- 609 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Windows Movie Maker.lnk --a---- 690 bytes [19:02 10/08/2004] [19:02 10/08/2004]
Yahoo! Music Jukebox.lnk --a---- 2115 bytes [20:32 21/12/2007] [17:06 27/01/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories d------ [19:44 15/05/2011]
Calculator.lnk --a---- 1498 bytes [19:01 10/08/2004] [00:37 23/09/2008]
desktop.ini --ahs-- 255 bytes [19:01 10/08/2004] [03:10 22/04/2008]
Paint.lnk --a---- 1515 bytes [19:01 10/08/2004] [22:51 01/03/2010]
Remote Desktop Connection.lnk --a---- 1585 bytes [00:41 03/10/2008] [00:41 03/10/2008]
Scanner and Camera Wizard.lnk --a---- 710 bytes [20:00 21/12/2007] [03:10 22/04/2008]
WordPad.lnk --a---- 783 bytes [19:01 10/08/2004] [19:01 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [19:44 15/05/2011]
Accessibility Wizard.lnk --a---- 1424 bytes [19:01 10/08/2004] [19:01 10/08/2004]
desktop.ini --ahs-- 90 bytes [19:01 10/08/2004] [19:01 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications d------ [19:44 15/05/2011]
desktop.ini --ahs-- 516 bytes [19:00 10/08/2004] [00:43 03/10/2008]
HyperTerminal.lnk --a---- 690 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Network Connections.lnk --a---- 1661 bytes [19:00 10/08/2004] [19:00 10/08/2004]
Network Setup Wizard.lnk --a---- 1544 bytes [19:02 10/08/2004] [19:02 10/08/2004]
New Connection Wizard.lnk --a---- 1550 bytes [19:00 10/08/2004] [19:00 10/08/2004]
Wireless Network Setup Wizard.lnk --a---- 1656 bytes [19:04 10/08/2004] [00:43 03/10/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax d------ [19:44 15/05/2011]
desktop.ini --ahs-- 283 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Fax Console.lnk --a---- 1509 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Fax Cover Page Editor.lnk --a---- 1614 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Send a Fax....lnk --a---- 1497 bytes [19:01 10/08/2004] [19:01 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment d------ [19:44 15/05/2011]
desktop.ini --ahs-- 146 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Sound Recorder.lnk --a---- 1432 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Volume Control.lnk --a---- 1432 bytes [19:01 10/08/2004] [19:01 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training d------ [19:44 15/05/2011]
Microsoft Interactive Training Help.lnk --a---- 707 bytes [19:13 10/08/2004] [19:13 10/08/2004]
Microsoft Interactive Training.lnk --a---- 800 bytes [19:13 10/08/2004] [19:13 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools d------ [19:44 15/05/2011]
Character Map.lnk --a---- 1425 bytes [19:01 10/08/2004] [19:01 10/08/2004]
desktop.ini --ahs-- 703 bytes [19:01 10/08/2004] [19:04 10/08/2004]
Disk Cleanup.lnk --a---- 1436 bytes [19:02 10/08/2004] [19:02 10/08/2004]
Disk Defragmenter.lnk --a---- 1476 bytes [19:02 10/08/2004] [19:02 10/08/2004]
Files and Settings Transfer Wizard.lnk --a---- 1495 bytes [19:04 10/08/2004] [19:04 10/08/2004]
Scheduled Tasks.lnk --a---- 1657 bytes [19:02 10/08/2004] [19:02 10/08/2004]
System Information.lnk --a---- 974 bytes [19:02 10/08/2004] [19:02 10/08/2004]
System Restore.lnk --a---- 1520 bytes [19:02 10/08/2004] [19:02 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools d------ [19:44 15/05/2011]
Component Services.lnk --a---- 1486 bytes [19:02 10/08/2004] [19:02 10/08/2004]
Computer Management.lnk --a---- 1506 bytes [19:04 10/08/2004] [19:04 10/08/2004]
Data Sources (ODBC).lnk --a---- 1500 bytes [19:04 10/08/2004] [19:04 10/08/2004]
desktop.ini --ahs-- 476 bytes [19:02 10/08/2004] [19:04 10/08/2004]
Event Viewer.lnk --a---- 1496 bytes [19:04 10/08/2004] [19:04 10/08/2004]
Microsoft .NET Framework 1.1 Configuration.lnk --a---- 1011 bytes [19:09 10/08/2004] [19:10 10/08/2004]
Microsoft .NET Framework 1.1 Wizards.lnk --a---- 1062 bytes [19:09 10/08/2004] [19:10 10/08/2004]
Performance.lnk --a---- 1495 bytes [19:04 10/08/2004] [19:04 10/08/2004]
Services.lnk --a---- 1506 bytes [19:04 10/08/2004] [19:04 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe d------ [19:44 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Digital Editions d------ [19:44 15/05/2011]
Adobe Digital Editions.lnk --a---- 1837 bytes [03:21 27/12/2010] [03:21 27/12/2010]
Help.lnk --a---- 310 bytes [03:21 27/12/2010] [03:21 27/12/2010]
Home Page.lnk --a---- 300 bytes [03:21 27/12/2010] [03:21 27/12/2010]
Uninstall.lnk --a---- 1795 bytes [03:21 27/12/2010] [03:21 27/12/2010]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 5.5 d------ [19:44 15/05/2011]
PhotoStudio 5.5 QSG.lnk --a---- 1736 bytes [02:49 22/04/2008] [02:49 22/04/2008]
PhotoStudio 5.5.lnk --a---- 1680 bytes [02:49 22/04/2008] [02:49 22/04/2008]
ReadMe.lnk --a---- 1643 bytes [02:49 22/04/2008] [02:49 22/04/2008]
Registration.lnk --a---- 1931 bytes [02:49 22/04/2008] [02:49 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0 d------ [19:44 15/05/2011]
AVG Free Tray Icon.lnk --a---- 1535 bytes [15:58 14/11/2009] [15:58 14/11/2009]
AVG Free User Interface.lnk --a---- 1519 bytes [15:58 14/11/2009] [15:58 14/11/2009]
Uninstall AVG Free.lnk --a---- 1541 bytes [15:58 14/11/2009] [15:58 14/11/2009]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Broadcom d------ [19:44 15/05/2011]
Broadcom Advanced Control Suite 2.lnk --a---- 1701 bytes [20:19 21/12/2007] [20:19 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities d------ [19:44 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility d------ [19:44 15/05/2011]
Canon IJ Network Scan Utility ReadMe.lnk --a---- 921 bytes [02:46 22/04/2008] [00:21 23/04/2008]
Canon IJ Network Scan Utility.lnk --a---- 1844 bytes [02:46 22/04/2008] [00:21 23/04/2008]
Uninstaller.lnk --a---- 1837 bytes [02:46 22/04/2008] [00:21 23/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool d------ [19:44 15/05/2011]
Canon IJ Network Tool ReadMe.lnk --a---- 865 bytes [02:46 22/04/2008] [00:21 23/04/2008]
Canon IJ Network Tool.lnk --a---- 1772 bytes [02:46 22/04/2008] [00:21 23/04/2008]
Uninstaller.lnk --a---- 1765 bytes [02:46 22/04/2008] [00:21 23/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series d------ [19:44 15/05/2011]
Readme.lnk --a---- 902 bytes [00:21 23/04/2008] [00:21 23/04/2008]
Uninstall.lnk --a---- 1280 bytes [00:21 23/04/2008] [00:21 23/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series Manual d------ [19:44 15/05/2011]
MP970 series On-screen Manual.lnk --a---- 1914 bytes [02:46 22/04/2008] [02:46 22/04/2008]
Uninstall.lnk --a---- 835 bytes [02:46 22/04/2008] [02:46 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series User Registration d------ [19:44 15/05/2011]
User Registration Uninstall.LNK --a---- 1697 bytes [00:23 23/04/2008] [00:23 23/04/2008]
User Registration.LNK --a---- 1697 bytes [00:23 23/04/2008] [00:23 23/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities d------ [19:44 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX d------ [19:44 15/05/2011]
Easy-PhotoPrint EX Readme.lnk --a---- 1736 bytes [02:48 22/04/2008] [02:48 22/04/2008]
Easy-PhotoPrint EX Uninstall.lnk --a---- 1798 bytes [02:48 22/04/2008] [02:48 22/04/2008]
Easy-PhotoPrint EX.lnk --a---- 1752 bytes [02:48 22/04/2008] [02:48 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0 d------ [19:44 15/05/2011]
MP Navigator EX 1.0.lnk --a---- 1754 bytes [02:47 22/04/2008] [02:47 22/04/2008]
MP Navigator EX Readme.lnk --a---- 1747 bytes [02:47 22/04/2008] [02:47 22/04/2008]
MP Navigator EX Uninstall.lnk --a---- 1834 bytes [02:47 22/04/2008] [02:47 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer d------ [19:44 15/05/2011]
My Printer Readme.lnk --a---- 1655 bytes [02:48 22/04/2008] [02:48 22/04/2008]
My Printer Uninstall.lnk --a---- 1717 bytes [02:48 22/04/2008] [02:48 22/04/2008]
My Printer.lnk --a---- 1662 bytes [02:48 22/04/2008] [02:48 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu d------ [19:44 15/05/2011]
Solution Menu Readme.lnk --a---- 1682 bytes [02:48 22/04/2008] [02:48 22/04/2008]
Solution Menu Uninstall.lnk --a---- 1744 bytes [02:48 22/04/2008] [02:48 22/04/2008]
Solution Menu.lnk --a---- 1698 bytes [02:48 22/04/2008] [02:48 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative d------ [19:44 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam d------ [19:44 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar d------ [19:44 15/05/2011]
Live! Cam Avatar .lnk --a---- 1963 bytes [20:19 21/12/2007] [20:19 21/12/2007]
Uninstall Live! Cam Avatar .lnk --a---- 2274 bytes [20:19 21/12/2007] [20:19 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar Creator d------ [19:44 15/05/2011]
License Agreement.lnk --a---- 2051 bytes [20:20 21/12/2007] [20:20 21/12/2007]
Live! Cam Avatar Creator Help.lnk --a---- 2219 bytes [20:20 21/12/2007] [20:20 21/12/2007]
Live! Cam Avatar Creator.lnk --a---- 2205 bytes [20:20 21/12/2007] [20:20 21/12/2007]
Read Me.lnk --a---- 2044 bytes [20:20 21/12/2007] [20:20 21/12/2007]
Uninstall Live! Cam Avatar Creator.lnk --a---- 2274 bytes [20:20 21/12/2007] [20:20 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell d------ [19:44 15/05/2011]
Documentation & Support Launcher.lnk --a---- 1990 bytes [20:38 21/12/2007] [20:38 21/12/2007]
Games, Music, & Photos Launcher.lnk --a---- 1997 bytes [20:38 21/12/2007] [20:38 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell DataSafe d------ [19:44 15/05/2011]
Dell DataSafe Online.lnk --a---- 1918 bytes [20:33 21/12/2007] [20:33 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell QuickSet d------ [19:44 15/05/2011]
QuickSet.lnk --a---- 527 bytes [20:19 21/12/2007] [20:19 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Support Center d------ [19:44 15/05/2011]
About Dell Support Center.lnk --a---- 2156 bytes [20:35 21/12/2007] [20:35 21/12/2007]
Dell Support Center Alerts.lnk --a---- 2050 bytes [20:35 21/12/2007] [20:35 21/12/2007]
Dell Support Center User Settings.lnk --a---- 2066 bytes [20:35 21/12/2007] [20:35 21/12/2007]
Dell Support Center.lnk --a---- 1956 bytes [20:35 21/12/2007] [20:35 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Webcam d------ [19:44 15/05/2011]
Dell Webcam Center Help.lnk --a---- 1751 bytes [20:19 21/12/2007] [20:19 21/12/2007]
Dell Webcam Center.lnk --a---- 1744 bytes [20:19 21/12/2007] [20:19 21/12/2007]
Dell Webcam Manager.lnk --a---- 1746 bytes [20:19 21/12/2007] [20:19 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Webcam\Laptop Integrated Webcam d------ [19:44 15/05/2011]
Dell Webcam Console.lnk --a---- 1407 bytes [20:03 21/12/2007] [20:03 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Wireless d------ [19:44 15/05/2011]
Dell Wireless WLAN Card Readme.lnk --a---- 856 bytes [20:20 21/12/2007] [20:20 21/12/2007]
Dell Wireless WLAN Card Utility.lnk --a---- 1690 bytes [20:20 21/12/2007] [20:20 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ERUNT d------ [20:17 15/05/2011]
Documentation.lnk --a---- 611 bytes [20:16 15/05/2011] [20:16 15/05/2011]
ERUNT Homepage.lnk --a---- 433 bytes [20:16 15/05/2011] [20:16 15/05/2011]
ERUNT.lnk --a---- 604 bytes [20:16 15/05/2011] [20:16 15/05/2011]
NTREGOPT.lnk --a---- 623 bytes [20:16 15/05/2011] [20:16 15/05/2011]
Uninstall ERUNT.lnk --a---- 623 bytes [20:16 15/05/2011] [20:16 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ExamView Pro Test Generator d------ [19:44 15/05/2011]
ExamView Player.lnk --a---- 498 bytes [02:06 28/04/2008] [03:51 18/05/2009]
ExamView Pro Help.lnk --a---- 367 bytes [02:06 28/04/2008] [03:50 18/05/2009]
ExamView Pro Multimedia Tour.lnk --a---- 532 bytes [02:06 28/04/2008] [03:50 18/05/2009]
ExamView Pro.lnk --a---- 491 bytes [02:06 28/04/2008] [03:50 18/05/2009]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games d------ [19:44 15/05/2011]
desktop.ini --ahs-- 798 bytes [19:01 10/08/2004] [20:04 21/12/2007]
Freecell.lnk --a---- 1426 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Hearts.lnk --a---- 1520 bytes [19:01 10/08/2004] [18:34 27/12/2007]
Internet Backgammon.lnk --a---- 817 bytes [19:01 10/08/2004] [20:04 21/12/2007]
Internet Checkers.lnk --a---- 817 bytes [19:01 10/08/2004] [20:04 21/12/2007]
Internet Hearts.lnk --a---- 817 bytes [19:01 10/08/2004] [20:04 21/12/2007]
Internet Reversi.lnk --a---- 817 bytes [19:01 10/08/2004] [20:04 21/12/2007]
Internet Spades.lnk --a---- 817 bytes [19:01 10/08/2004] [20:04 21/12/2007]
Minesweeper.lnk --a---- 1419 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Pinball.lnk --a---- 789 bytes [19:01 10/08/2004] [19:01 10/08/2004]
Solitaire.lnk --a---- 1491 bytes [19:01 10/08/2004] [00:22 18/02/2008]
Spider Solitaire.lnk --a---- 1406 bytes [19:01 10/08/2004] [19:01 10/08/2004]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect d------ [19:44 15/05/2011]
LeapFrog Connect.lnk --a---- 842 bytes [00:36 21/01/2010] [01:03 10/12/2010]
Uninstall LeapFrog Connect.lnk --a---- 761 bytes [00:36 21/01/2010] [01:03 10/12/2010]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Logitech d------ [19:44 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard d------ [19:44 15/05/2011]
Connect Utility.lnk --a---- 1684 bytes [23:21 07/12/2008] [23:21 07/12/2008]
Help Center.lnk --a---- 623 bytes [23:20 07/12/2008] [23:20 07/12/2008]
Mouse and Keyboard Settings.lnk --a---- 1699 bytes [23:20 07/12/2008] [23:20 07/12/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware d------ [21:19 15/05/2011]
Malwarebytes' Anti-Malware Help.lnk --a---- 796 bytes [21:17 15/05/2011] [21:17 15/05/2011]
Malwarebytes' Anti-Malware.lnk --a---- 796 bytes [21:17 15/05/2011] [21:17 15/05/2011]
Uninstall Malwarebytes' Anti-Malware.lnk --a---- 820 bytes [21:17 15/05/2011] [21:17 15/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Mattel Barbie I Can Be d------ [19:44 15/05/2011]
Barbie I Can Be Dress Up.lnk --a---- 881 bytes [14:45 06/03/2010] [14:45 06/03/2010]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office d------ [19:44 15/05/2011]
Access 2002.lnk --a---- 1990 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Excel 2002.lnk --a---- 2493 bytes [16:13 29/12/2007] [01:27 14/09/2010]
FrontPage 2002.lnk --a---- 1998 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Outlook 2002.lnk --a---- 2046 bytes [16:13 29/12/2007] [16:13 29/12/2007]
PowerPoint 2002.lnk --a---- 2481 bytes [16:13 29/12/2007] [13:31 17/04/2011]
Word 2002.lnk --a---- 2495 bytes [16:13 29/12/2007] [17:06 08/05/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools d------ [19:44 15/05/2011]
Microsoft Access Snapshot Viewer.lnk --a---- 1958 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Clip Organizer.lnk --a---- 1988 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Office Application Recovery.lnk --a---- 1876 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Office Document Imaging.lnk --a---- 2138 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Office Document Scanning.lnk --a---- 2090 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Office Shortcut Bar.lnk --a---- 2008 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Office XP Language Settings.lnk --a---- 1902 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Microsoft Photo Editor.lnk --a---- 1960 bytes [16:13 29/12/2007] [16:13 29/12/2007]
Save My Settings Wizard.lnk --a---- 1908 bytes [16:13 29/12/2007] [16:13 29/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight d------ [19:44 15/05/2011]
Microsoft Silverlight.lnk --a---- 1986 bytes [16:24 06/06/2010] [21:45 21/04/2011]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works d------ [19:44 15/05/2011]
Getting Started.lnk --a---- 1543 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Microsoft Works Calendar.lnk --a---- 1901 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Microsoft Works Database.lnk --a---- 1647 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Microsoft Works Portfolio.lnk --a---- 1689 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Microsoft Works Spreadsheet.lnk --a---- 1671 bytes [20:37 21/12/2007] [00:57 10/12/2009]
Microsoft Works Task Launcher.lnk --a---- 1707 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Microsoft Works Word Processor.lnk --a---- 1691 bytes [20:37 21/12/2007] [20:37 21/12/2007]
Windows Address Book.lnk --a---- 832 bytes [20:37 21/12/2007] [20:37 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Modem Diagnostic Tool d------ [19:44 15/05/2011]
Modem Diagnostic Tool.lnk --a---- 2006 bytes [20:19 21/12/2007] [20:19 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\NetWaiting d------ [19:44 15/05/2011]
NetWaiting.lnk --a---- 1604 bytes [20:19 21/12/2007] [20:19 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\plasq d------ [19:44 15/05/2011]
Comic Life.lnk --a---- 1812 bytes [04:37 02/02/2009] [04:37 02/02/2009]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars d------ [19:44 15/05/2011]
Network Status.lnk --a---- 696 bytes [18:30 15/03/2009] [18:36 15/03/2009]
PokerStars.lnk --a---- 748 bytes [18:30 15/03/2009] [18:36 15/03/2009]
Uninstall PokerStars.lnk --a---- 791 bytes [18:30 15/03/2009] [18:36 15/03/2009]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime d------ [19:44 15/05/2011]
About QuickTime.lnk --a---- 1802 bytes [19:08 17/05/2008] [19:08 17/05/2008]
PictureViewer.lnk --a---- 1812 bytes [19:08 17/05/2008] [19:08 17/05/2008]
QuickTime Player.lnk --a---- 1802 bytes [19:08 17/05/2008] [19:08 17/05/2008]
Uninstall QuickTime.lnk --a---- 1639 bytes [19:08 17/05/2008] [19:08 17/05/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE d------ [19:44 15/05/2011]
Home.lnk --a---- 2073 bytes [20:24 21/12/2007] [20:24 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects d------ [19:44 15/05/2011]
Audio.lnk --a---- 2037 bytes [20:24 21/12/2007] [20:24 21/12/2007]
Backup.lnk --a---- 2039 bytes [20:24 21/12/2007] [20:24 21/12/2007]
Copy.lnk --a---- 2035 bytes [20:24 21/12/2007] [20:24 21/12/2007]
Data.lnk --a---- 2035 bytes [20:24 21/12/2007] [20:24 21/12/2007]
DVD and Video.lnk --a---- 2037 bytes [20:24 21/12/2007] [20:24 21/12/2007]
Photo.lnk --a---- 2037 bytes [20:24 21/12/2007] [20:24 21/12/2007]
Tools.lnk --a---- 2037 bytes [20:24 21/12/2007] [20:24 21/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4 d------ [19:44 15/05/2011]
OmniPage SE 4.lnk --a---- 1956 bytes [02:57 22/04/2008] [02:57 22/04/2008]
Scanner Setup Wizard.lnk --a---- 1807 bytes [02:57 22/04/2008] [02:57 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\Guide d------ [19:44 15/05/2011]
User's Guide.lnk --a---- 1829 bytes [02:57 22/04/2008] [02:57 22/04/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Smart Defrag d------ [19:44 15/05/2011]
Home Page.url --a---- 68 bytes [04:28 30/12/2009] [04:28 30/12/2009]
Smart Defrag.lnk --a---- 804 bytes [04:28 30/12/2009] [04:28 30/12/2009]
Uninstall Smart Defrag.lnk --a---- 759 bytes [04:28 30/12/2009] [04:28 30/12/2009]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy d------ [19:44 15/05/2011]
File Shredder.lnk --a---- 834 bytes [20:55 01/06/2008] [20:55 01/06/2008]
Spybot - Search & Destroy.lnk --a---- 945 bytes [20:55 01/06/2008] [20:55 01/06/2008]
Tutorial.lnk --a---- 815 bytes [20:55 01/06/2008] [20:55 01/06/2008]
Uninstall Spybot-S&D.lnk --a---- 961 bytes [20:55 01/06/2008] [20:55 01/06/2008]
Update Spybot-S&D.lnk --a---- 875 bytes [20:55 01/06/2008] [20:55 01/06/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup d------ [19:44 15/05/2011]
desktop.ini --ahs-- 84 bytes [18:57 10/08/2004] [19:04 10/08/2004]
Digital Line Detect.lnk --a---- 1618 bytes [20:19 21/12/2007] [20:19 21/12/2007]
Logitech SetPoint.lnk --a---- 1687 bytes [23:20 07/12/2008] [23:20 07/12/2008]
Microsoft Office.lnk --a---- 1730 bytes [16:13 29/12/2007] [16:13 29/12/2007]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2 d------ [19:44 15/05/2011]
Adobe Digital Editions.lnk ------- 1837 bytes [03:21 27/12/2010] [03:21 27/12/2010]
desktop.ini --ahs-- 119 bytes [18:29 27/12/2007] [18:29 27/12/2007]
Google Chrome.lnk ------- 2315 bytes [04:22 30/12/2009] [23:53 09/05/2011]
Mozilla Firefox.lnk ------- 1620 bytes [02:07 29/12/2010] [23:20 02/03/2011]
PokerStars.lnk ------- 754 bytes [18:30 15/03/2009] [18:36 15/03/2009]
QuickTime Player.lnk ------- 2205 bytes [00:08 19/08/2008] [03:02 05/05/2011]
Show Desktop.scf --a---- 79 bytes [18:29 27/12/2007] [19:08 10/08/2004]
Windows Media Player.lnk ------- 800 bytes [18:31 27/12/2007] [11:32 21/05/2008]
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4 d------ [19:44 15/05/2011]
Adobe Digital Editions.lnk ------- 1819 bytes [03:21 27/12/2010] [03:21 27/12/2010]
AVG Free 9.0.lnk ------- 1507 bytes [15:58 14/11/2009] [15:58 14/11/2009]
Comic Life.lnk ------- 722 bytes [04:37 02/02/2009] [04:37 02/02/2009]
LeapFrog Connect.lnk ------- 651 bytes [18:32 28/07/2010] [18:32 28/07/2010]
Malwarebytes' Anti-Malware.lnk ------- 784 bytes [21:17 15/05/2011] [21:17 15/05/2011]
Mozilla Firefox.lnk ------- 1602 bytes [21:27 18/07/2009] [23:20 02/03/2011]
My Printer.lnk ------- 1644 bytes [02:48 22/04/2008] [02:48 22/04/2008]
PokerStars.lnk ------- 736 bytes [18:30 15/03/2009] [18:36 15/03/2009]
-= EOF =-
Hello jeff524
Thank you for the information. There are a number of things that need our attention here so we'll take things piece by piece.
I don't specifically recall running CCleaner before requesting help, but it is possible. I don't think I did though If a temp file cleaner was run after the machine bacame infected then the files we need to relocate may be lost forever. Lets proceed with caution and see if the following can help us:
Please make a backup of your Registry
The following fix requires altering your Windows Registry. Therefore we need to back it up in case we run into problems:
Download ERUNT (http://www.aumha.org/downloads/erunt.zip) to your Desktop (Right click the link, select "Save Link/Target As"..., select your Desktop and press Save).
Right click erunt.zip, choose "Extract All…" and follow the prompts to unzip the program.
Open the ERUNT folder on your Desktop and double click ERUNT.exe to start the program.
Click OK for all the prompts to back up your registry to the default location.
Note: if it becomes necessary to restore the registry, open the backup folder and start ERDNT.exe.
Next
Please navigate to the following folder in bold (do not open it):
c:\documents and settings\jeff barbour\local settings\Temp\smtmp
Right click on the folder it, select copy, then paste it onto your desktop.
Once the copy of the folder is on your desktop, Right click on it, select send to and then Compressed (zipped) folder.
Once we have a zipped copy of that folder on your desktop lets try the following:
Download OTL by Oldtimer
Please download OTL by Oldtimer by clicking here (http://oldtimer.geekstogo.com/OTL.exe) and save the file (called OTL.exe) to your desktop.
Double click on OTL.exe to open the program.
Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
:OTL
:Files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
A log will be created after the run has completed. Please post the contents of the log in your next reply.
Please post the OTL log in your next reply and let me know of the missing items are still missing.
All the programs are back! (No empty)! -
Here's the log after running OTL:
========== OTL ==========
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\PokerStars.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Program Updates.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Bridge CS3.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Device Central CS3.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Digital Editions.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe ExtendScript Toolkit 2.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop CS3.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 8.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Stock Photos CS3.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\MediaDirect.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Plus! Photo Story 2 LE.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\More Great Games.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Outlook 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Photo Story 3 for Windows.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Play My Games.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Music Jukebox.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Console.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Fax Cover Page Editor.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\Send a Fax....lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Digital Editions\Adobe Digital Editions.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Digital Editions\Help.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Digital Editions\Home Page.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Digital Editions\Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 5.5\PhotoStudio 5.5 QSG.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 5.5\PhotoStudio 5.5.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 5.5\ReadMe.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft PhotoStudio 5.5\Registration.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0\AVG Free Tray Icon.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0\AVG Free User Interface.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\AVG Free 9.0\Uninstall AVG Free.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Broadcom\Broadcom Advanced Control Suite 2.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility\Canon IJ Network Scan Utility ReadMe.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility\Canon IJ Network Scan Utility.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Scan Utility\Uninstaller.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool\Canon IJ Network Tool ReadMe.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool\Canon IJ Network Tool.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon IJ Network Utilities\Canon IJ Network Tool\Uninstaller.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series\Readme.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series\Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series Manual\MP970 series On-screen Manual.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series Manual\Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series User Registration\User Registration Uninstall.LNK
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon MP970 series User Registration\User Registration.LNK
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX Readme.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0\MP Navigator EX 1.0.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0\MP Navigator EX Readme.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\MP Navigator EX 1.0\MP Navigator EX Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer Readme.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\My Printer\My Printer.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu Readme.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu Uninstall.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\Solution Menu\Solution Menu.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar\Live! Cam Avatar .lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar\Uninstall Live! Cam Avatar .lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar Creator\License Agreement.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar Creator\Live! Cam Avatar Creator Help.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar Creator\Live! Cam Avatar Creator.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar Creator\Read Me.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Live! Cam\Live! Cam Avatar Creator\Uninstall Live! Cam Avatar Creator.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Documentation & Support Launcher.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Games, Music, & Photos Launcher.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell DataSafe\Dell DataSafe Online.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell QuickSet\QuickSet.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Support Center\About Dell Support Center.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center Alerts.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center User Settings.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Webcam\Dell Webcam Center Help.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Webcam\Dell Webcam Center.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Webcam\Dell Webcam Manager.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Webcam\Laptop Integrated Webcam\Dell Webcam Console.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Wireless\Dell Wireless WLAN Card Readme.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Wireless\Dell Wireless WLAN Card Utility.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ERUNT\Documentation.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ERUNT\ERUNT Homepage.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ERUNT\ERUNT.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ERUNT\NTREGOPT.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ERUNT\Uninstall ERUNT.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ExamView Pro Test Generator\ExamView Player.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ExamView Pro Test Generator\ExamView Pro Help.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ExamView Pro Test Generator\ExamView Pro Multimedia Tour.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ExamView Pro Test Generator\ExamView Pro.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\LeapFrog Connect.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\Uninstall LeapFrog Connect.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard\Connect Utility.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard\Help Center.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Mattel Barbie I Can Be\Barbie I Can Be Dress Up.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Access 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Excel 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\FrontPage 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Outlook 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\PowerPoint 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Word 2002.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Shortcut Bar.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Photo Editor.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Modem Diagnostic Tool\Modem Diagnostic Tool.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\NetWaiting\NetWaiting.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\plasq\Comic Life.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\Network Status.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\PokerStars.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\Uninstall PokerStars.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Home.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Audio.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Backup.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Copy.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Data.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\DVD and Video.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Photo.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Tools.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\OmniPage SE 4.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\Scanner Setup Wizard.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage SE 4\Guide\User's Guide.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Smart Defrag\Home Page.url
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Smart Defrag\Smart Defrag.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Smart Defrag\Uninstall Smart Defrag.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Digital Line Detect.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Logitech SetPoint.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Office.lnk
212 File(s) copied
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\Adobe Digital Editions.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\PokerStars.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\QuickTime Player.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
8 File(s) copied
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\Adobe Digital Editions.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\AVG Free 9.0.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\Comic Life.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\LeapFrog Connect.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\My Printer.lnk
C:\DOCUME~1\JEFFBA~1\LOCALS~1\Temp\smtmp\4\PokerStars.lnk
8 File(s) copied
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff Barbour\Desktop\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.23.0 log created on 05282011_092640
Hello jeff524
All the programs are back! Nice job :bigthumb:
Lets move on.
We need to run ComboFix on the machine and I see that you have AVG installed. AVG is known to interfere with ComboFix and prevent it from running. In order to run ComboFix without problems AVG must first be completely uninstalled from your system (through Add/Remove Programs).
Once AVG is uninstalled please stay off the net except to download any further tools (should they be required) and to post logs back here. Should ComboFix request that you establish an internet connection in order to download the Microsoft Recovery Console please do so.
Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Should there be issues with internet afterward:
In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
I ran combofix as instructed. Below is the resulting log:
ComboFix 11-05-27.02 - Jeff Barbour 05/28/2011 15:22:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.600 [GMT -5:00]
Running from: c:\documents and settings\Jeff Barbour\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Toolbar4
C:\LOG3E3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 14:26 . 2011-05-28 14:26 -------- d-----w- C:\_OTL
2011-05-17 11:33 . 2011-05-17 11:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-17 03:09 . 2011-05-17 03:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-05-17 03:06 . 2011-05-17 03:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 02:46 . 2011-05-17 02:46 -------- d-----w- c:\documents and settings\Jeff Barbour\Local Settings\Application Data\Secunia PSI
2011-05-17 02:46 . 2011-05-17 02:46 -------- d-----w- c:\program files\Secunia
2011-05-16 22:44 . 2011-05-16 22:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-16 22:39 . 2011-05-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-16 02:01 . 2011-05-16 02:01 -------- d-----w- c:\documents and settings\Jeff Barbour\Application Data\AVG10
2011-05-16 01:57 . 2011-05-28 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-05-16 01:43 . 2011-05-28 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-16 01:19 . 2011-03-18 06:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-05-16 01:19 . 2011-03-18 06:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-05-16 01:19 . 2011-05-16 01:19 -------- d-----w- c:\windows\system32\ZoneLabs
2011-05-16 01:19 . 2011-03-18 06:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-05-16 01:19 . 2011-05-16 01:19 -------- d-----w- c:\program files\Zone Labs
2011-05-16 01:18 . 2011-05-28 20:14 -------- d-----w- c:\windows\Internet Logs
2011-05-15 21:17 . 2011-05-15 21:17 -------- d-----w- c:\documents and settings\Jeff Barbour\Application Data\Malwarebytes
2011-05-15 21:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 21:17 . 2011-05-15 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-15 21:17 . 2011-05-15 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 21:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 20:16 . 2011-05-15 20:17 -------- d-----w- c:\program files\ERUNT
2011-05-11 23:41 . 2011-05-11 23:41 -------- d-----w- C:\3274d421318c40220104be
2011-05-11 00:44 . 2011-05-11 00:44 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 00:44 . 2011-05-11 00:44 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 00:44 . 2011-05-11 00:44 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 00:44 . 2011-05-11 00:44 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 00:44 . 2011-05-11 00:44 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 00:44 . 2011-05-11 00:44 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 00:44 . 2011-05-11 00:44 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 00:44 . 2011-05-11 00:44 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 18:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-05-11 00:44 . 2011-05-11 00:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Jeff Barbour\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-21 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-7 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KADxMain"=c:\windows\system32\KADxMain.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
"c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/10/2008 5:55 PM 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2010 3:22 PM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [7/28/2010 1:33 PM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2010 3:22 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]
2003-08-13 09:03 710 ----a-r- c:\program files\Microsoft Office\Office10\OfficeXPFirstRun.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 20:22]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 20:22]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4212920853-391771689-2403202566-1006Core.job
- c:\documents and settings\Jeff Barbour\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-30 04:20]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4212920853-391771689-2403202566-1006UA.job
- c:\documents and settings\Jeff Barbour\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-30 04:20]
.
2011-05-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-30 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
FF - ProfilePath - c:\documents and settings\Jeff Barbour\Application Data\Mozilla\Firefox\Profiles\pupzttcx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
HKCU-Run-Push Client - c:\documents and settings\Jeff Barbour\Local Settings\Application Data\ATT Connect\Participant\pull.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 15:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-05-28 15:29:21
ComboFix-quarantined-files.txt 2011-05-28 20:29
.
Pre-Run: 69,681,717,248 bytes free
Post-Run: 70,101,848,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - A9FAD46A59558BEB06A81B4CCF39F38C
Hello jeff524
Thank you for the log.
Do you have Iobit SmartDefrag installed?
Iobit's reputation is not what it once was. You would be doing yourself a favour by uninstalling any Iobit products you have on your machine. Should you require a defrag program I can link you to a trusted product once we have finished cleaning.
MalwareBytes AntiMalware:
I can see that you have MBAM installed.
Double click on your MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.
Please update your Java
To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
In the window that opens, click on the "Update" tab, and then on "Update Now".
Your Java should begin to update. Please follow any prompts that you receive.
Please run the following scan
Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
Please disable your real time security programs before performing the scan.
Scan your system with Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use.
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option to "Remove Found Threats" is UN checked.
Push the "Start" button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please post the MBAM log and the ESET log in your next reply.
1) I uninstalled the IOBit Defragger as suggested.
2) I ran the MBAM. Here is the log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6713
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/29/2011 8:34:10 AM
mbam-log-2011-05-29 (08-34-10).txt
Scan type: Quick scan
Objects scanned: 153813
Time elapsed: 4 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3) I tried to update Java based on going to start menu/control panel but I could not find it. I did not update Java based on this.
4) I ran ESET as instructed and it found one problem. I'm not sure of it has to do with the Java not being updated. Below is the text:
C:\Documents and Settings\Jeff Barbour\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-5be33293 a variant of Java/Exploit.CVE-2010-4452.A trojan
thanks
Hello jeff524
Thank you for the log and information.
I ran ESET as instructed and it found one problem You have an infected Java cache. Lets take care of that now:
Please open OTL
Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
:OTL
:Files
C:\Documents and Settings\Jeff Barbour\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-5be33293
Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.
I tried to update Java based on going to start menu/control panel but I could not find it Lets try to deal with this manually instead:
Please update your Java
Click on "Start", then on "Control Panel".
Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find.
Reboot your computer.
Next, download the latest version of Java by clicking here (http://java.sun.com/javase/downloads/index.jsp)
Scroll down the page until you reach "Java Platform Standard Edition".
Beneath this and to the right, you will see a button marked "Download JRE".
Click the "Download JRE" button.
Select the platform (Windows, in your case), multi language.
Accept the license agreement and click on "Continue".
You do not have to register if you do not want to (the registration step is optional).
Scroll down and click on the file called jre-6u25-windows-i586.exe located under "Windows Offline Installation".
Save the file to your desktop.
Do not select Run.
Double click on the saved file (jre-6u25-windows-i586.exe) to install the update.
Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
Please Uninstall Combofix
Click on "Start" and then on "Run".
Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
Once ComboFix is uninstalled, please re-install your AVG, update it, and run a full system scan.
Let me know how your machine is running now and please post another DDS.txt log for me to review.
I ran OTL and below is the resulting log. Also, the PC did not re-boot itself.
========== OTL ==========
========== FILES ==========
C:\Documents and Settings\Jeff Barbour\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-5be33293 moved successfully.
OTL by OldTimer - Version 3.2.23.0 log created on 05292011_111424
--------------------------------------------------------------
I went to Ädd/Remove Programs" and there is no Java programs listed. I have not performed any additional steps beyond OTL and looking for Java. Should I go ahead and download and install the new Java anyway?
Thanks
Hello jeff524
Should I go ahead and download and install the new Java anyway? Yes please :)
I updated my Java per your instructions. I uninstalled Combofix. I re-installed AVG and ran a full scan, it found no problems.
The machine seems to be running pretty smoothly now. The only issue I really see right now is the delay between typing and it showing up on screen is still there. Could this be more to a memory problem than a malware issue?
Here is the latest DDS scan text:
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jeff Barbour at 15:10:13.95 on Sun 05/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.197 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Jeff Barbour\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjI1MDk4NTkwLVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5TysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzItRjlNMisxLUZMMTArMS1YTzEwKzExLUxJQysy"&"prod=90"&"ver=10.0.1375
StartupFolder: c:\docume~1\jeffba~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jeffba~1\applic~1\mozilla\firefox\profiles\pupzttcx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\documents and settings\jeff barbour\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\jeff barbour\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jeff barbour\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npampx3.0.84.2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-5-15 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-10 88176]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-7-28 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-05-29 18:54:43 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-29 18:45:12 -------- d-s---w- C:\ComboFix
2011-05-29 18:34:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-29 13:48:23 -------- d-----w- c:\program files\ESET
2011-05-28 20:20:44 -------- d-sha-r- C:\cmdcons
2011-05-28 14:26:40 -------- d-----w- C:\_OTL
2011-05-17 03:06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 02:46:32 -------- d-----w- c:\docume~1\jeffba~1\locals~1\applic~1\Secunia PSI
2011-05-17 02:46:12 -------- d-----w- c:\program files\Secunia
2011-05-16 22:44:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-16 02:01:06 -------- d-----w- c:\docume~1\jeffba~1\applic~1\AVG10
2011-05-16 01:57:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-05-16 01:43:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-05-16 01:19:15 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-05-16 01:19:15 -------- d-----w- c:\windows\system32\ZoneLabs
2011-05-16 01:19:12 -------- d-----w- c:\program files\Zone Labs
2011-05-16 01:18:23 -------- d-----w- c:\windows\Internet Logs
2011-05-15 21:17:58 -------- d-----w- c:\docume~1\jeffba~1\applic~1\Malwarebytes
2011-05-15 21:17:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 21:17:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-15 21:17:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 21:17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 23:41:04 -------- d-----w- C:\3274d421318c40220104be
2011-05-11 00:44:10 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 00:44:10 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 00:44:09 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 00:44:09 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 00:44:09 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 00:44:09 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 00:44:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 00:44:08 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-05-29 18:34:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:11:38.64 ===============
An additional comment, under All Programs there is still a program in the list called Windows XP Recovery. When hovering the cursor over it it gives me two options: 1) uninstall Windows XP Recovery 2) run it.
Thanks
Hello jeff524
there is still a program in the list called Windows XP Recovery Its still there? Okay. Go ahead and attempt the uninstall through Add/Remove Programs. If the program remains after trying the usual uninstall routine, give Revo a try:
Revo Uninstaller
You can dowwnload Revo Uninstaller from here (http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html).
Information about how to use this program is provided on the download page.
Let me know if you run into any problems in your next reply.
It looks like all I needed to do was delete it from the start/all programs list. It did not show up as a program in the uninstall programs list.
How did the last dds log look? Does everything appear clean? The only real problem that keeps happening is the typing lag previously mentioned.
thanks
Hello jeff524
It looks like all I needed to do was delete it from the start/all programs list Good stuff :bigthumb:
Does everything appear clean? It does :)
The only real problem that keeps happening is the typing lag previously mentioned I am not sure what could be causing this, but from what I can see it does not appear to be malware.
If you would like to pursue the issue further I recommend that you start a thread in the Microsoft Windows forum at our Sister site (What The Tech): http://forums.whatthetech.com/index.php?showforum=119
The tech experts over there will be able to give you some excellent advice.
Lets take care of the tools we used in the steps below:
Please perform the following cleanup procedure
Double click on the OTL.exe icon on your desktop to run the program.
Once OTL has opened, click on the "CleanUp!" button.
Follow any prompts that you receive.
Removal of Tools
You no longer need unhide or SystemLook. Please delete them from your machine.
Your Adobe Reader is out of date
You can obtain the latest version of Adobe Reader from here (http://get.adobe.com/uk/reader/), and the latest version of Flash Player from here. (http://www.adobe.com/products/flashplayer/)
For more information and links to Adobe updates and downloads click here. (http://www.adobe.com/downloads/)
Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
Finally, please take the time to read through the information provided below:
Enhance your System Security
For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.
Web Browsers and Browser Security
Firefox
Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 4.0 from here. (http://www.mozilla.com/en-US/firefox/)
No-Script
If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
You can download No-Script by clicking here. (https://addons.mozilla.org/en-US/firefox/addon/722)
Internet Explorer
The newest version of Internet Explorer is available from here. (http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_94735d11-65d1-4bb8-bf6f-72d7b059a928)
Please Note: IE9 is not configured to run on XP machines.
SpywareBlaster
If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
You can download SpywareBlaster by clicking here. (http://www.javacoolsoftware.com/sbdownload.html)
Web of Trust
When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
You can download Web of Trust by clicking here. (http://www.mywot.com/)
Keep your Software Updated
Outdated software can sometimes have vulnerabilities that are exploitable by malware.
Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. (http://secunia.com/vulnerability_scanning/online/)
Passwords
Learn how to create strong passwords by clicking here (http://www.microsoft.com/protect/yourself/password/create.mspx) and test the strength of the passwords you already use by clicking here. (http://www.microsoft.com/protect/yourself/password/checker.mspx)
General Reading
PC Safety and Security - What do I need? (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)
How to prevent Malware (by Miekiemoes) (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
Learn How To Combat Malware
Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)
Okay great! Thanks so much for your time and assistance!
Thanks so much for your time and assistance! You are Very Welcome jeff524 :)
Best wishes
JonTom
Since this problem appears to be resolved this topic is now closed.
Glad we could help :)
Best wishes
JonTom