edwardbill

Members
  • Content Count

    34
  • Joined

  • Last visited

Community Reputation

0 Neutral

About edwardbill

  • Rank
    Advanced Member

Profile Information

  • Location
    North Carolina
  1. Hello. I would greatly appreciate any help someone can give to help me rid my system of the Win32:Malware-gen. I have attached a new HiJackThis log. Thanks!
  2. Thank you again for all of your patience and help. This forum is wonderful and volunteers like you are so appreciated. Thanks again and have a great summer. Sincerely, Billy-Boy
  3. But I thought my computer was definitely infected with a Trojan virus? Should I run the Kaspersky Virus Removal Tool and Delete or Quarintine the found infected files? Also, the Kapersky Online Virus Tool found a few things but I guess they are the same as the ones the Kapersky Virus Removal Tool found? Do I need to do a final HijackThis log? Thanks for everything.
  4. What's my next move? Also, I know I have way too many running processes, which also slows down my computer. Do you have any ideas about helping out with this? Also, could I send you the DDS and Attach logs to look at for my laptop when we are done with my desktop? Thanks
  5. Hello. I ended up using the Kaspersky Virus Removal Tool and am including the AVPT.txt results file. I had a message at the end which said; Scan Alert - Detected Trojan-Spy.HTML.Fraud.gen Email message body contains Trojan Program... and cannot be disinfected Theen there were option sto Quarintine, Skip or Delete. I chose Skip all which then ended the scan and I was able to generate the report. I also uninstalled and restrted the computer. It looks as if these results are a little different from the earlier scan of my C drive? It also seems that the External Hard Drive is clean? Thanks again. I hope your weekend was nice. Scan ---- Scanned: 1372082 Detected: 6 Untreated: 6 Start time: 6/27/2009 3:32:46 PM Duration: 1 days 06:11:10 Finish time: 6/28/2009 9:43:56 PM Detected -------- Status Object ------ ------ detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, July 2008 Bank of America Associate Discount Program Savings Update][Time:2008/08/21 20:12:51]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Bank of America Associate Discount Program Holiday Savings Program][Time:2008/10/22 20:45:47]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, October 2008 Bank of America Associate Discount Program Savings Update][Time:2008/11/12 20:48:06]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy, Your Account Has Been Upgraded][Time:2009/01/14 23:14:22]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Top 10 Editor's Picks on Bank of America Associate Discount Program][Time:2009/03/31 10:20:38]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, June 2009 Bank of America Associate Discount Program Update][Time:2009/06/11 17:20:00]/text/html
  6. Thanks for the quick response. Are you telling me that the only infections I have are in my Outlook Express? Are you asking me to delete the files you listed or to just go through the Inbox of the email accounts to delete any suspicious emails? I use TrendMicro Anti-Spam and it has a spam box. Shouldn't that protect me? I'll work on getting the Ext Hard Drive scanned. Thanks again
  7. Hello and thanks for your patience. I was able to get a Kapersky scan which I have attached along with a fresh DDS scan. I think the problem was that Kapersky was also scanning my External Hard Drive and kept freezing up there. I disconected the EHD and ran the scan for the C drive. Please let me know if you think it is important to also scan the EHD. Thanks, Billy-Boy -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, June 26, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, June 26, 2009 14:01:17 Records in database: 2390991 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 96674 Threat name: 3 Infected objects: 2 Suspicious objects: 5 Duration of the scan: 03:58:04 File name / Threat name / Threats count C:\Documents and Settings\Billy\Local Settings\Application Data\Identities\{A7AE0C68-6EBE-4D18-9635-1622F3ACCD9C}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Billy\My Documents\Downloaded Files\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1 C:\Documents and Settings\Billy\My Documents\Downloaded Files\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1 C:\Documents and Settings\Nasrin\Local Settings\Application Data\Identities\{3D2AC033-5D88-4026-80F4-B6996657C702}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc15.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc23.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc6.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1 The selected area was scanned. DDS Log DDS (Ver_09-05-14.01) - NTFSx86 Run by Billy at 12:32:57.03 on Fri 06/26/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [WINDVDPatch] CTHELPER.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [Promon.exe] Promon.exe mRun: [DellTouch] c:\windows\MMKeybd.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: aol.com\free Trusted Zone: rr.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171 DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38 DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008) 2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp) 2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee] 2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3 2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009] ==================== Find3M ==================== 2009-06-25 07:38 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-06-25 07:38 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT 2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys 2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe 2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat 2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 12:35:04.37 ===============
  8. Hi. I uninstalled the Java's you listed and Adobe Reader, ran ATF cleaner but am having real problems getting Kapersky to do an entire scan after having tried it for the past 4 days. It reaches a file (different ones on different scans) and freezes. There were 3 infected objects, 5 Threat names and 5 suspiscious objects found before it froze. I have also sometimes gotten a message about a Java error when I retry the Kapersky scan. Is there something I am doing wrong or do you have an other suggestions? On a side note, I also followed your instructions for my laptop, which is on my home netwrk and it found an infected object. I was going to ask if you wouldn't mind looking at that DDS scan after we fix the current problem on my desktop? Thanks. Here is a new DDS scan in case that may help. DDS (Ver_09-05-14.01) - NTFSx86 Run by Billy at 15:52:03.81 on Mon 06/22/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [WINDVDPatch] CTHELPER.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [Promon.exe] Promon.exe mRun: [DellTouch] c:\windows\MMKeybd.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: aol.com\free Trusted Zone: rr.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171 DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38 DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008) 2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp) 2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee] 2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3 2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009] 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CameraWindowDC 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CANON INC ==================== Find3M ==================== 2009-06-21 11:11 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-06-21 11:11 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr 2009-04-23 17:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT 2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys 2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe 2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat 2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:00:51.93 ===============
  9. Hello Blade81. Thanks for your help. Here are the log files you requested. DDS is pasted and the Attach file is attached in Zip format, as instructed by the DDS program. I hope this helps and look forward to your next move for me. Sincerely, Billy-boy DDS (Ver_09-05-14.01) - NTFSx86 Run by Billy at 13:54:19.48 on Thu 06/18/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.136 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\Promon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe J:\My Music\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Billy\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [WINDVDPatch] CTHELPER.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [Promon.exe] Promon.exe mRun: [DellTouch] c:\windows\MMKeybd.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: aol.com\free Trusted Zone: rr.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171 DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38 DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\billy\applic~1\mozilla\firefox\profiles\a39yc0bg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 9090 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: j:\my music\mozilla plugins\npitunes.dll ============= SERVICES / DRIVERS =============== R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-4-15 9344] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-12-1 178376] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-12-1 30920] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-12-1 28872] R2 agentcd;DriverAgent Class Driver;c:\windows\system32\AgentCD.sys [2008-9-13 196096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560] R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2004-12-13 3744] R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2004-12-13 3904] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2004-4-9 6016] R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2008-9-13 6942] S2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [2008-9-13 120352] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-2-8 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-2-8 8320] S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2006-5-14 163328] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] =============== Created Last 30 ================ 2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008) 2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp) 2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee] 2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3 2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009] 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CameraWindowDC 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CANON INC ==================== Find3M ==================== 2009-06-18 08:13 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-06-18 08:13 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr 2009-04-23 17:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT 2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys 2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe 2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat 2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 13:58:13.67 =============== Attach.zip
  10. Yes, the HijackThis log and AdAware log are from the same system. Thansk for taking a look at them and for hopefully being able to help me. I think my computer is actually running even slower now than when I first posted this.
  11. Thanks for your help. I actually thought I did as you instructed me earlier in posting to the HijackThis Fiorum a HijackThis log with my AdAware log as an attachement but maybe I did somethign wrong. Please let me know if there's anythign else I can do. Thanks again, Billy-boy
  12. Thanks. Here are the HijackThis and AdAware logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:37 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\Promon.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe J:\My Music\iTunesHelper.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14159 bytes AdAware Log Logfile created: 6/9/2009 10:15:4 Lavasoft Ad-Aware version: 8.0.5 Extended engine version: 8.1 User performing scan: Billy *********************** Definitions database information *********************** Lavasoft definition file: 148.48 Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 206683 Objects detected: 14 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 13 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0 Description: *insightexpressai* Family Name: Cookies Clean status: Success Item ID: 409259 Family ID: 0 Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0 Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0 Description: *.bridgetrack* Family Name: Cookies Clean status: Success Item ID: 409095 Family ID: 0 Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0 Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0 Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0 Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0 Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0 Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0 Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0 Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0 Quarantined items: Description: C:\WINDOWS\CouponPrinter.ocx Family Name: Win32.Adware.BHO Clean status: Success Item ID: 766344 Family ID: 61 Scan and cleaning complete: Finished correctly after 16906 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: folderstoscan, enabled:1, value: C:\,J:\ ID: scanrootkits, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: displaystatus, enabled:1, value: false ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: autodetectproxy, enabled:1, value: false ID: useautoconfigscript, enabled:1, value: false ID: autoconfigurl, enabled:0, value: ID: useproxy, enabled:1, value: false ID: proxyserver, enabled:0, value: ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily, enabled:1, value: Daily ID: time, enabled:1, value: Thu Jan 22 17:17:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly, enabled:1, value: Weekly ID: time, enabled:1, value: Thu Jan 22 17:17:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: loadatstartup, enabled:1, value: true ID: usespywareheuristics, enabled:0, value: true ID: extendedengine, enabled:0, value: false ID: useheuristics, enabled:0, value: false ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: infomessages, enabled:1, value: display, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: GIMP Processor name: Intel® Pentium® 4 CPU 2.40GHz Processor identifier: x86 Family 15 Model 2 Stepping 4 Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 516, number of processors 1 Physical memory available: 121430016 bytes Physical memory total: 535609344 bytes Virtual memory available: 1933856768 bytes Virtual memory total: 2147352576 bytes Memory load: 77% Microsoft Windows XP Professional Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 436 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 492 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 516 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 560 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 576 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 736 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 784 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 852 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY PID: 892 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 928 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1088 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1140 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1204 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1288 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEM domain: NT AUTHORITY PID: 1544 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 168 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 196 name: C:\WINDOWS\Nhksrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 212 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 228 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 252 name: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe owner: SYSTEM domain: NT AUTHORITY PID: 328 name: C:\WINDOWS\System32\CTsvcCDA.EXE owner: SYSTEM domain: NT AUTHORITY PID: 372 name: C:\WINDOWS\System32\DVDRAMSV.exe owner: SYSTEM domain: NT AUTHORITY PID: 484 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 596 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 828 name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1156 name: C:\Program Files\Tall Emu\Online Armor\oacat.exe owner: SYSTEM domain: NT AUTHORITY PID: 1124 name: C:\Program Files\Dantz\Retrospect\retrorun.exe owner: SYSTEM domain: NT AUTHORITY PID: 1724 name: C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1780 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1820 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 2040 name: C:\Program Files\Viewpoint\Common\ViewpointService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2064 name: C:\WINDOWS\System32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2084 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY PID: 2136 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2300 name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2324 name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2584 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 2716 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2848 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3204 name: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe owner: SYSTEM domain: NT AUTHORITY PID: 2640 name: C:\WINDOWS\Explorer.EXE owner: Billy domain: GIMP PID: 4076 name: C:\Program Files\Microsoft Hardware\Mouse\point32.exe owner: Billy domain: GIMP PID: 1852 name: C:\WINDOWS\System32\umonit.exe owner: Billy domain: GIMP PID: 3472 name: C:\WINDOWS\system32\WDBtnMgr.exe owner: Billy domain: GIMP PID: 316 name: C:\WINDOWS\system32\CTHELPER.EXE owner: Billy domain: GIMP PID: 352 name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe owner: Billy domain: GIMP PID: 388 name: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe owner: Billy domain: GIMP PID: 1584 name: C:\WINDOWS\system32\Promon.exe owner: Billy domain: GIMP PID: 1152 name: C:\WINDOWS\system32\NMSSvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1212 name: C:\WINDOWS\MMKeybd.exe owner: Billy domain: GIMP PID: 2540 name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe owner: SYSTEM domain: NT AUTHORITY PID: 976 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Billy domain: GIMP PID: 2200 name: C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe owner: Billy domain: GIMP PID: 1148 name: C:\Program Files\Netropa\OSD.exe owner: Billy domain: GIMP PID: 2728 name: C:\Program Files\Logitech\QuickCam\Quickcam.exe owner: Billy domain: GIMP PID: 1728 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Billy domain: GIMP PID: 264 name: J:\My Music\iTunesHelper.exe owner: Billy domain: GIMP PID: 2696 name: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe owner: Billy domain: GIMP PID: 1792 name: C:\WINDOWS\system32\ctfmon.exe owner: Billy domain: GIMP PID: 3172 name: C:\Program Files\Messenger\msmsgs.exe owner: Billy domain: GIMP PID: 1324 name: C:\Program Files\Windows Media Player\WMPNSCFG.exe owner: Billy domain: GIMP PID: 3592 name: C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe owner: Billy domain: GIMP PID: 2008 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Billy domain: GIMP PID: 3792 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: Billy domain: GIMP PID: 3656 name: C:\WINDOWS\system32\RAMASST.exe owner: Billy domain: GIMP PID: 4056 name: C:\Program Files\PC Connectivity Solution\NclBTHandler.exe owner: Billy domain: GIMP PID: 3484 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1836 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP PID: 2548 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP PID: 2176 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP PID: 5360 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Billy domain: GIMP PID: 5484 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 5828 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Billy domain: GIMP Startup items: Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: Nokia.PCSync imagepath: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: POINTER imagepath: C:\Program Files\Microsoft Hardware\Mouse\point32.exe Name: UMonit imagepath: C:\WINDOWS\System32\umonit.exe Name: WD Button Manager imagepath: WDBtnMgr.exe Name: WINDVDPatch imagepath: CTHELPER.EXE Name: avast! imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Name: PCSuiteTrayApplication imagepath: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup Name: Promon.exe imagepath: Promon.exe Name: DellTouch imagepath: C:\WINDOWS\MMKeybd.exe Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe Name: TkBellExe imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Name: OE imagepath: "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" Name: LogitechQuickCamRibbon imagepath: "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide Name: KernelFaultCheck imagepath: %systemroot%\system32\dumprep 0 -k Name: Ad-Watch imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: iTunesHelper imagepath: "J:\My Music\iTunesHelper.exe" Name: UserFaultCheck imagepath: %systemroot%\system32\dumprep 0 -u Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk imagepath: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk imagepath: C:\WINDOWS\system32\RAMASST.exe Name: imagepath: C:\Documents and Settings\Billy\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: aswUpdSv displayname: avast! iAVS4 Control Service Name: AudioSrv displayname: Windows Audio Name: avast! Antivirus displayname: avast! Antivirus Name: avast! Mail Scanner displayname: avast! Mail Scanner Name: avast! Web Scanner displayname: avast! Web Scanner Name: Bonjour Service displayname: Bonjour Service Name: Browser displayname: Computer Browser Name: btwdins displayname: Bluetooth Service Name: CCALib8 displayname: Canon Camera Access Library 8 Name: Creative Service for CDROM Access displayname: Creative Service for CDROM Access Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: DVD-RAM_Service displayname: DVD-RAM_Service Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HTTPFilter displayname: HTTP SSL Name: iPod Service displayname: iPod Service Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: LVPrcSrv displayname: Process Monitor Name: Netman displayname: Network Connections Name: Nhksrv displayname: Netropa NHK Server Name: Nla displayname: Network Location Awareness (NLA) Name: NMSSvc displayname: Intel® NMS Name: OAcat displayname: Online Armor Helper Service Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RetroLauncher displayname: Retrospect Launcher Name: RetroWDSvc displayname: Retrospect WD Service Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: ServiceLayer displayname: ServiceLayer Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: Symantec Core LC displayname: Symantec Core LC Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: upnphost displayname: Universal Plug and Play Device Host Name: Viewpoint Manager Service displayname: Viewpoint Manager Service Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: WinDefend displayname: Windows Defender Name: winmgmt displayname: Windows Management Instrumentation Name: WMDM PMSP Service displayname: WMDM PMSP Service Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WudfSvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: WZCSVC displayname: Wireless Zero Configuration
  13. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:37 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\Promon.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe J:\My Music\iTunesHelper.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14159 by Scan_2009_06_09_10_13_45.log
  14. Hello. Is there anybody out there to help me? I'm running XP (SP3) and can give any other info needed to help me. Thank you in advance. Sincerely, Billy-boy
  15. Hello again. I just wanted to give you an update on my computer. Things aren't working 100% smoothly. I installed the Online Armor Firewall but I now am havign a few other problems which I think are related to the new instalation. On start up, I received this message; Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\ Trend Micro\ AntiSpam For OE\ TMAS_OE.exe I'm also having problems with FireFox which doesn't conect to the internet and I get this message; Proxy server refused connection Also, I use my Playstation 3 as a media server and now the PS3 doesn't find my computer. I went back into Windows Media Player and made sure everyhtign was correctly set up nad it was. Any ideas? I also receive pop-up questions from Online Armor about Viewpoint Service, which I'm not even sure what that program does. I also receive a few pop-ups abotu Trend Micro Anti-spam and soem relatign to OE. If I don't allow these, I'm unable to connect to the internet using OE. Like I mentioned earlier, FireFox doesn' twork even after I OK these pop-ups. Sorry to be coming back at you with more problems but I appreciate your help. Sincerely, Billy-boy