# Help!! I have a trojan horse and it won't let me download anything at all



## olegrl43 (Sep 10, 2007)

I had AVG 8.0 free version, started having problems, and it kept popping up 113 Trojan Horse FakeAlert GV threats, with a window that asked if I wanted to force removal, but if i forced removal, that my pc could become unstable or even crash. so i clicked no. then i went and ran the AVG virus scanner and it said no viruses were found. But every other time I tried surf it started popping up page saying i was not connected to internet.which i knew i was. So I thought AVG might have been corrupted and i tried to update and it would go through the steps of downloading and when it finished just click off instead of installing, a window came up with alot of jibberish on it saying it failed.So I uninstalled AVG, to try and reinstall it.wasn't able to so I did a Recovery to an earlier date, I can surf on the earlier recovery but still can not download anything at all. so I did an undo last recovery and could'nt even get on internet then,just kept getting page saying I wasn't connected to internet. So i had to go back to 1st recovery just to get on internet. It put all the AVG stuff back on my pc but since I had deleted it from my pc totally there's nothing really there, just the name. when I tried to uninstall it again it says that it failed because of some error, i guess because i had already deleted it before. There is about 6 people that uses this PC so when I'm not home I don't know what they are doing on it. I know my daughter goes to myspace alot. Please can you help me, Here is my HJT log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:30 AM, on 10/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ALUAlert] "c:\Program Files\Symantec\LiveUpdate\ALuNotify.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.tscmaps.com/shared/viewer/mgaxctrl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://century21.webex.com/client/T25L10NSP41EP11-NOPSO/training/ieatgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10568 bytes


----------



## olegrl43 (Sep 10, 2007)

Sorry, I for got to add this the first time.

Compaq Presario
F750US Notebook PC
Windows Vista Home Premium
Service Pack 1
ADM 64 Athlon X2 Dual Core Processor TK-57 1.90 GHz
System Type- 32-bit Operating System
NVIDIA Graphics


----------



## olegrl43 (Sep 10, 2007)

Please help!!!! My laptop is getting worse, as i said before I can't download anything at all to try to help this problem. Now I cant' update any thing at all. when I tried to update Java I got this reply...
Java (TM)platform SE binary has stopped working.

When I tried to run Windows Network Diagnostics, I got this reply...
cannot communicatewith DNS server (65.175.128.46) Network diagnostic
pinged the remote but did not recieve a response.
PLEASE HELP!


----------



## olegrl43 (Sep 10, 2007)

please someone help me...I can't update anything, download anything, please help before it gets worse and I lose total control of my pc...Please!
thanks in advance
olegrl43


----------



## olegrl43 (Sep 10, 2007)

Is There anyone that can help me please... If you need anymore info please let me know..


----------



## olegrl43 (Sep 10, 2007)

Please Help Me. I;m having so much trouble and haven't gotten any where own my own. Don't know what to do.
Thanks in advANCE.


----------



## olegrl43 (Sep 10, 2007)

When I try to run HJT it won't run and the following message pops up,

For some reason your system denied write acces to the hosts file. If any Hijacked domains are in this file, HJT may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this click start,run, & type,
notepad C:\ windows\system32\drivers\etc\hosts
and press enter. Find the line(s) with quotes and reboot.
For Vista simply exit HJT, right click on the HJT icon, run as administrator.

Then when i click OK the popup window disappears and HJT starts and the is the log that shows up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:30 AM, on 10/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ALUAlert] "c:\Program Files\Symantec\LiveUpdate\ALuNotify.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.tscmaps.com/shared/viewer/mgaxctrl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://century21.webex.com/client/T25L10NSP41EP11-NOPSO/training/ieatgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10568 bytes


----------



## olegrl43 (Sep 10, 2007)

please help!! I been trying different things and nothing is helping. please help me! Here is a new log. I hope I haven't made things any worse.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:36 AM, on 3/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.tscmaps.com/shared/viewer/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11006 bytes


----------



## olegrl43 (Sep 10, 2007)

Is any one out there that can help me please!


----------



## olegrl43 (Sep 10, 2007)

Please Help Me


----------



## olegrl43 (Sep 10, 2007)

Bump


----------



## olegrl43 (Sep 10, 2007)

Bump


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 
Also, if you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots. *


----------



## olegrl43 (Sep 10, 2007)

I can't download anything at all, no matter what it is. I already had mbam on my laptop, when I click update a window pops up that says---
update failed. make sure you are connected to the internet and your firewall is set to allow malwarebytes anti-malware to access the internet.
But when I click OK then go back and click update it starts running. It says updated from 1825 to 1828. I have ran this several times over the last week or so and clicked delete all the items that came up, so now when I run it it comes up clean. I think everything that has been deleted is in quarantee. But here is the last Malware Log.

Malwarebytes' Anti-Malware 1.34
Database version: 1828
Windows 6.0.6001 Service Pack 1

3/9/2009 12:18:50 AM
mbam-log-2009-03-09 (00-18-50).txt

Scan type: Quick Scan
Objects scanned: 66039
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

When I double click the HJT, I get a message that says---

For some reason your system denied write access to the hosts file. If any Hijacked domains are in this file, HJT may Not be able to fix this. If that happens, you need to edit the file yourself. To do this click Start, Run & Type---
notepad C:\windows\system32\drivers\etc\hosts and press enter **** and so on then says what to do if for Vista

But when I click OK the popup window dissappears and HJT starts running, just like mbam

Here is the new HJT log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:36 AM, on 3/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.tscmaps.com/shared/viewer/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11006 bytes

As I said in my original post I had AVG on my laptop and it started popping up warnings about trojan horse FakeAlert GV , and said I had over a hundred and kept getting higher, and then every time i tried to log on to internet I wasn't able to and Java kept giving me messages that it was messed up. So I recovered to an earlier date and was able to get on line but kept getting alerts so then I ran the mbam scanner and deleted everything it said, but AVG kept saying it found them, so I tried to update AVG and it wouldn't let me, so then I just deleted AVG , thinking it was corrupted. and ran mbam again and kept deleting everything it found. then I emptied the trash and tried to download AVG again, and thats when I realized I couldn't download anything, I tried alot of different things not just AVG. Also wasn't able to update anything that was on laptop already. But after several mbam scans and deletions I can at least update whats already on laptop.

Thanks for your time Cookiegal!


----------



## Cookiegal (Aug 27, 2003)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

*Java Runtime Environment (JRE) 6 Update 11*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## olegrl43 (Sep 10, 2007)

Hi,

This is the Kaspersky Scan Report---

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 10, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 09, 2009 21:56:02
Records in database: 1883538
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 171419
Threat name: 1
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:05:49


File name / Threat name / Threats count
C:\Users\Darlene Nelson\AppData\Local\Temp\tmp1920.tmp	Infected: Packed.Win32.Tdss.c	1
C:\Users\Darlene Nelson\AppData\Local\Temp\tmp56EA.tmp	Infected: Packed.Win32.Tdss.c	1
C:\Users\Darlene Nelson\AppData\Local\Temp\tmpFF7E.tmp	Infected: Packed.Win32.Tdss.c	1
D:\RECYCLER\S-3-9-76-100012212-100032762-100004118-2460.com	Infected: Packed.Win32.Tdss.c	1
D:\RECYCLER\S-7-7-55-100017735-100014441-100017574-5625.com	Infected: Packed.Win32.Tdss.c	1
D:\RECYCLER\S-8-1-10-100008767-100016247-100030419-4142.com	Infected: Packed.Win32.Tdss.c	1

The selected area was scanned.


----------



## Cookiegal (Aug 27, 2003)

Can you tell me what you D drive is please? Is it an external or flash drive?


----------



## olegrl43 (Sep 10, 2007)

I'm sorry, I don't know what a D drive,external or flash drive is, The only thing I could find that said any thing about drive was when I clicked start then computer and the info that popped up said 

Hard Disk Drives(2) 

Local Disk ( C: ) 
57.1 GB free of 100 GB

Presario_RP ( D: )
1.86 GB free of 11.6 GB
___________________________________________________________
Devices with Removable Storage (1)

DVD RW Drive ( E: )


Can you tell me where to look and what to look for please...
Sorry I don't mean to be a pain.
Thanks


----------



## Cookiegal (Aug 27, 2003)

The Kaspersky scan shows infection on the D drive. From what you showed me it looks like a recovery partition.

Please click on My Computer and then the D drive and just empty the recycle bin that's there.

Let me know how that goes and then post a new HijackThis log please.


----------



## olegrl43 (Sep 10, 2007)

I clicked start then my computer then double clicked D drive and it show Recovery and Recycler. When I double click Recycler it says the folder is empty. Is the Recyler the one I as supposed to click on?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:36 AM, on 3/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.tscmaps.com/shared/viewer/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11006 bytes

Thanks


----------



## olegrl43 (Sep 10, 2007)

do I need to do it again.

Thanks
olegrl43


----------



## olegrl43 (Sep 10, 2007)

Hi Cookiegal.

It's been 7 days since your last reply, I hope you're not sick. With this weather changing so much I figured you might be or just over worked. Hope you're well.

olegrl43


----------



## Cookiegal (Aug 27, 2003)

I'm sorry, it's been pretty hectic around here.

See if you can download this program:

Download the *HostsXpert*.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


----------



## olegrl43 (Sep 10, 2007)

windows opens and i clicked open, then another window opens and asks if I wanted to allow or not. I clicked allow. Then both windows close and nothing happens. I tried this twice and both times same thing happened. I tried to save to desktop and when I clicked save, window opens and pretty much same thing happens, acts like its downloading and then just closes without installing.
I tried to download it under the Safari Browser and it says Safari can't show the file "HostsXpert.zip" because it moved since you downloaded it. 
Everything I have tried to download from Safari it gives me same message.

Glad to hear you're not sick. sorry everything is so hectic. I appreciate all your help.

olegrl43


----------



## Cookiegal (Aug 27, 2003)

You may not be able to download this either but let's give it a go.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## olegrl43 (Sep 10, 2007)

I'm sorry cookiegal,, I'm not clear on what to do when I get to the Combofix Guide & Instruction page. I clicked option 4 under table of contents, and the page it takes me to is even more confusing to me. I have windows vista, and I don't think I have a DVD. I'm sorry for being so ignorant about all this.


----------



## Cookiegal (Aug 27, 2003)

Rather than clicking on number 4, you should scroll down and read everything and you will see where it gives you three options of links to download the program and detailed instructions with screenshots on how to install the program and run the scan.


----------



## olegrl43 (Sep 10, 2007)

this does'nt work either. I tried 3 times and the results are the same as with everything else, the window pops up, i clicked save, then save to desk top. then it pops up a window that shows its downloading then just closes, with no installation.


----------



## Cookiegal (Aug 27, 2003)

See if you can get this one to load:

Download *OTScanIt2.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt2* on your desktop.

Close any open browsers.
Open the *OTScanit2* folder and double-click on *OTScanit2.exe* to start the program.
If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
In the *Processes * group click *ALL* 
In the * Services * group click *Safe List* 
In the *Drivers* group click *Safe List* 
In the *Registry * group click *ALL*
In the *Rootkit Search* group select *YES* 
In the *Files Age* drop down box click *60 days* 
Make sure *Use White List *and *Include All Unicode Names *boxes are checked
 In the Files Created and Files Modified groups select *Whitelist/File age *
in the *Additional scans sections* please press select * Everything *and make sure Safe List box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Use the * Reply* button and *attach the notepad file here*. I will review it when it comes in. 

It will be much too big so you will need to zip the file before it will be able to be uploaded.


----------



## olegrl43 (Sep 10, 2007)

Same results, clicked save to desktop then it shows its downloading to 100% then closes window without installing


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it on your desktop and unzip it.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## olegrl43 (Sep 10, 2007)

Same results as with everything else, can't download


----------



## olegrl43 (Sep 10, 2007)

I can't even open or save pdf files. I tried to oprn the following pdf file and even tried to save it to desktop and got the same results as with trying to download anything else.

http://a2.slickdeals.net/attachment.php?attachmentid=186807&d=1237585903


----------



## Cookiegal (Aug 27, 2003)

Did you try renaming the programs when trying to download them or you were never able to get that far?


----------



## olegrl43 (Sep 10, 2007)

yes I was able to get that far, but renaming them does'nt help


----------



## Cookiegal (Aug 27, 2003)

Try downloading ComboFix to an external drive or CD and then install it on the desktop of the infected computer. Then see if you can run it please.


----------



## olegrl43 (Sep 10, 2007)

How do you do that,,,Sorry


----------



## Cookiegal (Aug 27, 2003)

olegrl43 said:


> How do you do that,,,Sorry


Before trying that, do you actually have ComboFix installed on the desktop but it won't run or is it not installed at all?


----------



## olegrl43 (Sep 10, 2007)

No, All I have already have is HJT, Malwarebytes Anti-Malware, and Kaspersky Online Scanner 7.0


----------



## Cookiegal (Aug 27, 2003)

Then using another computer, download ComboFix to an external or flash drive and then insert that drive into the infected computer and place it on the desktop. Then see if you can get it to run.


----------



## olegrl43 (Sep 10, 2007)

hope this right,,,

ComboFix 09-03-29.02 - Darlene Nelson 2009-03-30 0:34:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.406 [GMT -5:00]
Running from: c:\users\Darlene Nelson\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG
d:\recycler\S-3-9-76-100012212-100032762-100004118-2460.com
d:\recycler\S-7-7-55-100017735-100014441-100017574-5625.com
d:\recycler\S-8-1-10-100008767-100016247-100030419-4142.com

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-18 21:52 . 2009-03-18 21:52 dr-------	c:\users\Darlene Nelson\Downloads
2009-03-15 21:06 . 2009-03-15 21:06	118	--a------	c:\windows\System32\MRT.INI
2009-03-11 21:38 . 2009-02-08 22:10	2,033,152	--a------	c:\windows\System32\win32k.sys
2009-03-11 21:38 . 2008-11-26 23:43	268,288	--a------	c:\windows\System32\schannel.dll
2009-03-09 21:26 . 2009-03-09 21:26 d--------	c:\windows\PCHEALTH
2009-03-05 09:57 . 2009-03-05 09:57	0	--a------	c:\windows\System32\commonpriv.log.lock
2009-03-05 03:24 . 2009-03-29 21:26	28,694	--a------	c:\users\All Users\nvModes.dat
2009-03-05 03:24 . 2009-03-29 21:26	28,694	--a------	c:\programdata\nvModes.dat
2009-03-05 03:11 . 2008-06-19 20:14	622,080	--a------	c:\windows\System32\icardagt.exe
2009-03-05 03:11 . 2008-06-19 20:14	105,016	--a------	c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-05 03:11 . 2008-06-19 20:14	97,800	--a------	c:\windows\System32\infocardapi.dll
2009-03-05 03:11 . 2008-06-19 20:14	43,544	--a------	c:\windows\System32\PresentationHostProxy.dll
2009-03-05 03:11 . 2008-06-19 20:14	37,384	--a------	c:\windows\System32\infocardcpl.cpl
2009-03-05 03:11 . 2008-06-19 20:14	11,264	--a------	c:\windows\System32\icardres.dll
2009-03-05 03:10 . 2008-06-19 20:14	781,344	--a------	c:\windows\System32\PresentationNative_v0300.dll
2009-03-05 03:10 . 2008-06-19 20:14	326,160	--a------	c:\windows\System32\PresentationHost.exe
2009-03-05 03:01 . 2008-07-27 13:03	282,112	--a------	c:\windows\System32\mscoree.dll
2009-03-05 03:01 . 2008-07-27 13:03	158,720	--a------	c:\windows\System32\mscorier.dll
2009-03-05 03:01 . 2008-07-27 13:03	96,760	--a------	c:\windows\System32\dfshim.dll
2009-03-05 03:01 . 2008-07-27 13:03	83,968	--a------	c:\windows\System32\mscories.dll
2009-03-05 03:01 . 2008-07-27 13:03	41,984	--a------	c:\windows\System32\netfxperf.dll
2009-03-05 02:57 . 2008-12-15 22:29	8,147,456	--a------	c:\windows\System32\wmploc.DLL
2009-03-05 02:57 . 2008-12-16 00:31	7,680	--a------	c:\windows\System32\spwmp.dll
2009-03-05 02:57 . 2008-12-16 00:31	4,096	--a------	c:\windows\System32\msdxm.ocx
2009-03-05 02:57 . 2008-12-16 00:31	4,096	--a------	c:\windows\System32\dxmasf.dll
2009-02-24 23:28 . 2009-03-19 23:58 d--------	c:\program files\Windows Live Safety Center
2009-02-24 03:00 . 2008-12-04 23:32	428,544	--a------	c:\windows\System32\EncDec.dll
2009-02-24 02:59 . 2008-12-04 23:32	293,376	--a------	c:\windows\System32\psisdecd.dll
2009-02-24 02:59 . 2008-12-04 23:31	217,088	--a------	c:\windows\System32\psisrndr.ax
2009-02-24 02:59 . 2008-12-04 23:31	177,664	--a------	c:\windows\System32\mpg2splt.ax
2009-02-24 02:59 . 2008-12-04 23:31	80,896	--a------	c:\windows\System32\MSNP.ax
2009-02-22 03:58 . 2009-02-22 03:58 d--------	c:\users\Darlene Nelson\AppData\Roaming\CyberLink
2009-02-18 22:48 . 2009-02-20 22:01 d--------	c:\program files\Google
2009-02-18 22:47 . 2009-02-23 01:52 d--------	c:\program files\BitComet
2009-02-14 22:25 . 2009-03-26 12:25 d--------	c:\windows\System32\Adobe
2009-02-10 23:19 . 2009-01-15 01:11	827,392	--a------	c:\windows\System32\wininet.dll
2009-02-10 23:18 . 2009-01-14 22:36	1,383,424	--a------	c:\windows\System32\mshtml.tlb
2009-02-01 21:41 . 2009-02-01 21:41 d--------	c:\program files\Mystery Case Files - Madame Fate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 03:40	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-03-26 21:49	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-03-26 17:30	---------	d-----w	c:\program files\Common Files\Adobe
2009-03-26 17:02	---------	d---a-w	c:\programdata\TEMP
2009-03-22 02:57	---------	d-----w	c:\programdata\Lx_cats
2009-03-20 04:19	---------	d-----w	c:\programdata\NVIDIA
2009-03-14 05:05	---------	d-----w	c:\program files\Hidden Expedition - Everest
2009-03-14 04:38	---------	d-----w	c:\program files\Mystery Case Files - Huntsville - Detective Training
2009-03-12 18:04	---------	d-----w	c:\program files\Acro Software
2009-03-12 16:47	---------	d-----w	c:\program files\Windows Mail
2009-03-12 06:59	---------	d-----w	c:\programdata\Microsoft Help
2009-03-11 06:39	410,984	----a-w	c:\windows\System32\deploytk.dll
2009-02-24 16:47	---------	d-----w	c:\programdata\Yahoo! Companion
2009-02-24 16:47	---------	d-----w	c:\programdata\HP Product Assistant
2009-02-24 16:47	---------	d-----w	c:\program files\Windows Defender
2009-02-24 16:46	---------	d-----w	c:\programdata\Yahoo!
2009-02-24 16:46	---------	d-----w	c:\program files\ZipForm Desktop
2009-02-24 16:46	---------	d-----w	c:\program files\Yahoo!
2009-02-24 16:46	---------	d-----w	c:\program files\MSBuild
2009-02-24 16:46	---------	d-----w	c:\program files\Microsoft.NET
2009-02-24 16:46	---------	d-----w	c:\program files\Microsoft Works
2009-02-24 16:46	---------	d-----w	c:\program files\Microsoft Visual Studio 8
2009-02-24 16:46	---------	d-----w	c:\program files\ffdshow
2009-02-24 07:40	---------	d-----w	c:\programdata\avg8
2009-02-23 05:33	28,190	----a-w	c:\users\Darlene Nelson\AppData\Roaming\nvModes.dat
2009-02-22 08:58	---------	d-----w	c:\users\Darlene Nelson\AppData\Roaming\HP
2009-02-22 08:58	---------	d-----w	c:\programdata\HP
2009-02-22 08:58	---------	d-----w	c:\programdata\CyberLink
2009-02-19 03:41	---------	d-----w	c:\users\Darlene Nelson\AppData\Roaming\LimeWire
2009-01-29 04:14	---------	d-----w	c:\program files\mypoints
2009-01-29 04:03	325,128	----a-w	c:\windows\system32\drivers\avgldx86.sys
2009-01-29 04:03	10,520	----a-w	c:\windows\System32\avgrsstx.dll
2008-12-19 19:33	378	----a-w	c:\users\Darlene Nelson\AppData\Roaming\wklnhst.dat
2008-12-12 17:18	87,336	----a-w	c:\windows\System32\dns-sd.exe
2008-12-12 17:11	61,440	----a-w	c:\windows\System32\dnssd.dll
2008-09-11 18:33	174	--sha-w	c:\program files\desktop.ini
2008-02-12 19:17	22	--sha-w	c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2787EA8E-8D87-48af-88AD-B30246C917AB}]
2008-11-05 10:49	514424	--a------	c:\program files\SearchPerks! Perk Counter\Bmbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2787EA8E-8D87-48af-88AD-B30246C917AB}"= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-11-05 514424]

[HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2787EA8E-8D87-48AF-88AD-B30246C917AB}"= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-11-05 514424]

[HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-03 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-11-03 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-11-03 16040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CA6C467C-F80C-4393-A684-1A757088196E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1AE562DA-7309-453A-9981-14754F331E8B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{215A0E8B-F3B1-4142-9EDC-67844C866781}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6DA52B40-B3EB-44DC-A7FD-F76685D124B8}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CCB39148-7984-4B64-B9C3-C4136001128B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4630CE96-7C84-4111-9852-86D38C21972F}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AA378191-625C-442E-A087-D6B8D348AF6B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A0D9E348-7149-4A3B-8BDD-A242A513004D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{490498B6-8589-4B5B-A3CC-07DC4A36091A}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{3A6DF1E7-A7CD-43D8-9E4C-392A46BEFCF7}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{5D257977-D29A-430A-9C6F-CB5A859EC8DA}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{CC958BF7-CB30-4478-A424-50AEAF2B76CF}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{6F72D9AA-BF25-4528-B2E3-DE9CCAA58A8E}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{095DD928-DB1B-4493-93BB-F8DA9EE8E1EA}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{872F29B1-5B1E-4833-AE2A-5438B52E2E4E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9CFF8E9F-6562-4109-9D96-FA19A27AFE61}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4C3EFA17-CBE9-4101-A5B3-11BE02B146A2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{58F082D4-7F89-41EC-8A85-C8201695DFDA}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{6713094F-2E86-450B-9129-403EC686EB20}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{077065AF-4375-40D2-BB05-6783F5D0DFC4}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{19D2E07D-7718-4991-B21E-D29A28430A2E}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3BEFE377-B20C-44D7-A327-C71E7313AFD0}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet
"{A8A45FFE-B55E-4528-BDCD-CACC90D751D7}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet
"{A6EAD3B3-DB74-479A-9F1E-A81571770443}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet
"{3AEDA5D8-E01F-4D84-BA84-33BAA73B0299}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet
"{892CD978-E97F-4962-B7E8-CCE9607DDC66}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe: 
"{49C5AF8E-1254-4E74-8D56-E0FF99CC2BD6}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe: 
"{D62A15AC-6DEF-49F2-93BA-D6C49B29FD18}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{892376A5-EE4E-44E5-B12F-47BA453B1152}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{880A3ECC-816A-449C-8C93-7806BBF1135F}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{5E11E47C-E16E-426D-A966-801B1011DC38}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{625B7F99-1F9C-4BB6-AD59-212215BFD0A4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FAFD1989-7A37-419D-9B46-5D2BBEC3B777}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exeevice Monitor
"{9CC74246-FB25-4296-887C-FEAF37FBD091}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exeevice Monitor
"{6706B85E-3274-4650-A187-325941A044A5}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{28E38C75-9642-4908-8A7A-93629E84FD10}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{C9516D2A-D05B-45BF-B5FF-3EFD7B430E0B}"= Disabled:UDP:e:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{67961059-FEE1-4467-AABC-394E1E1A8A30}"= Disabled:TCP:e:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{48612B04-FCB0-49A4-A85B-A89E6E3F9357}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{5BD0E378-B9F5-40A1-8817-F2BE0631EF38}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{5478CC2E-A294-4441-9CB6-7515E7F726E0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{19766A7A-5570-43B1-9DD4-5A76C3E95D76}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{27517754-D50E-4E2C-8F57-DBD25F4BBCE5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{F51BAF90-8D05-433B-BD0A-F6FCAFF80E69}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B9103FC4-0C03-4D17-980D-7BF9403648F5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{8F95899E-8D72-4FC2-AAA6-26E5BA4C9193}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{E7E10998-7631-42BC-9C76-0247121DD437}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FC56EFE0-F8A3-4A4C-8EC0-FB7339CE4FB5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{4B4541EE-EF0E-4AC2-AD06-6C9D42E96037}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{5D393A8E-D2E8-431E-969D-75BF4F197A0C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{3CE099AD-8C2A-41CC-9D6C-D97CF8FB97EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{3A9FEF8B-E1AD-4B26-A414-E618D5B834E4}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{464051FE-C42B-43F5-8E7A-11E43808841B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{4ADD9E04-1804-4AE7-85EF-F1AB174CA331}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{D463C75C-1131-480D-B358-D89D22CA3B72}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{B4AB7AA8-F096-4963-AB37-8C97E3A0AC77}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{78C2D9BD-5D58-4271-A761-5307BED4A98C}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{F86A507F-3E49-41B2-98D3-12224021B1DE}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{9849C429-353A-467F-9D7B-0BFB39B78942}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{5A51B954-3583-441E-9ECD-99DDB6A3281D}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{B5823E50-A36E-4332-9F32-438EAA82879B}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{99373A46-D5BA-4D7A-8995-E338D277107D}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{2DFC90A3-F11A-4F88-88C0-90FB579E5B27}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{44ACB81D-7CA4-4079-906E-86914FD88BB9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{5603EA6E-882C-45C3-B2D1-F7CE77930CBC}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{3335A093-1C30-4F4A-9F9D-6079266DF8F4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{5DEB1ABA-CB11-4C32-8C84-88EC8E07A7F2}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe: 
"{DC1BA915-006B-4DA0-8523-6475717E4D18}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe: 
"{4F1F94B6-2F26-4DAF-B8C7-19A2F1F2B16C}"= UDP:c:\windows\System32\lxducoms.exe:Lexmark Communications System
"{2E6A8230-247D-4848-9E6D-4C483F5976CA}"= TCP:c:\windows\System32\lxducoms.exe:Lexmark Communications System
"{F42C2BB5-6A31-46DC-B672-4A22B665632D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdupswx.exerinter Status Window
"{6DB4C100-77B0-48CA-9396-0E01C35A24E8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdupswx.exerinter Status Window
"{6217B117-1839-4EAA-B5DD-77355016E22C}"= UDP:c:\program files\Lexmark 5600-6600 Series\lxduamon.exe:Lexmark Device Monitor
"{3FEC52BF-4A82-40DD-BFD2-17FB62CE1B47}"= TCP:c:\program files\Lexmark 5600-6600 Series\lxduamon.exe:Lexmark Device Monitor
"{2B736DBC-CC98-4F6A-BAF8-D229BA3ECFE6}"= UDP:c:\program files\Lexmark 5600-6600 Series\frun.exe:Lexmark Productivity Studio
"{DF44FAA1-81AF-4D13-B63F-3627830F1269}"= TCP:c:\program files\Lexmark 5600-6600 Series\frun.exe:Lexmark Productivity Studio
"{CBB13A5E-3F83-432E-B3E5-7C022DD56568}"= UDP:c:\users\Darlene Nelson\Desktop\REOTrans.com - Nationwide Foreclosed Home Listing Service..url:REOTrans.com - Nationwide Foreclosed Home Listing Service.
"{B7AE8D29-27BB-4674-8CE4-0A6406ABCB0D}"= TCP:c:\users\Darlene Nelson\Desktop\REOTrans.com - Nationwide Foreclosed Home Listing Service..url:REOTrans.com - Nationwide Foreclosed Home Listing Service.
"{64044C6C-9AD6-4BA5-9ECC-F2BCD68444DC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DE1413FD-BFC3-403E-8815-8A02BC2A9B46}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{696B3D46-2102-46BF-A175-DCCAE14F59FF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{98A98C70-912E-4AB5-BE6A-B6846C36C8B8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{08499047-A8D4-4A60-A0AE-D5BC572EE57A}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{8606D67B-0B1D-41E1-A811-E545376287B9}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{EEBCD755-3A50-4929-BC4E-02B45CE4DCFF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{98AC4B71-A211-4151-892A-CC6F062A73A3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"= c:\program files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-10-10 325128]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxduserv.exe [2008-11-16 98984]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 298264]
S3 ATTRcAppSvc;AT&T RcAppSvc;"c:\program files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" --> c:\program files\AT&T\Communication Manager\RcAppSvc.exe [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\System32\drivers\swnc8u56.sys [2008-06-05 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\System32\drivers\swumx56.sys [2008-06-05 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\HPCeeScheduleForDarlene Nelson.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28 13:58]

2008-06-19 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28 13:58]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 00:41:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 0:43:43
ComboFix-quarantined-files.txt 2009-03-30 05:43:40

Pre-Run: 60,856,045,568 bytes free
Post-Run: 61,529,235,456 bytes free

281	--- E O F ---	2009-03-27 02:17:38


----------



## olegrl43 (Sep 10, 2007)

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:22 AM, on 3/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9013 bytes


----------



## Cookiegal (Aug 27, 2003)

Are you able to run MalwareBytes now?


----------



## olegrl43 (Sep 10, 2007)

yes it's already on my computer so I'm not having problems with it.

Malwarebytes' Anti-Malware 1.35
Database version: 1921
Windows 6.0.6001 Service Pack 1

3/30/2009 3:37:08 PM
mbam-log-2009-03-30 (15-37-08).txt

Scan type: Quick Scan
Objects scanned: 66544
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

*JRE 6 Update 13*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## olegrl43 (Sep 10, 2007)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 31, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 31, 2009 07:09:19
Records in database: 1988934
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 166141
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:51:52


File name / Threat name / Threats count
C:\Qoobox\Quarantine\D\RECYCLER\S-3-9-76-100012212-100032762-100004118-2460.com.vir	Infected: Packed.Win32.Tdss.c	1
C:\Qoobox\Quarantine\D\RECYCLER\S-7-7-55-100017735-100014441-100017574-5625.com.vir	Infected: Packed.Win32.Tdss.c	1
C:\Qoobox\Quarantine\D\RECYCLER\S-8-1-10-100008767-100016247-100030419-4142.com.vir	Infected: Packed.Win32.Tdss.c	1

The selected area was scanned.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HIjackThis log and let me know what problems remain.


----------



## olegrl43 (Sep 10, 2007)

I still have the same problems as before,,,nothing has changed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:22 AM, on 3/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9013 bytes


----------



## olegrl43 (Sep 10, 2007)

I had deleted AVG
anti-virus when this all started because I kept getting the Trojan alert with the AVG, but when I would run a scan it didn't show any infections, so I deleted AVG thinking it was corrupted. But then I was still having the same problems with the downloads. Then I emptied the recycle bin Nothing changed still had same problems. I recovered to earlier date and the AVG came back in the programs and I keep getting messages that I need to turn AVG on but I can't because It's really corrupted now because when I try to remove AVG from programs and it won't let me, I keep getting the message

Installer initialization failed due to following error:
Error: @AvgErrorCode_0x0253 %FILE% = "C:\Program Files\AVG\AVG8"
@AvgErrorCode_0x0020

So the computer thinks I still Have AVG.

Then just a few minutes ago I changed my password to keep everyone off my pc but whenever I change it My perk point counter in the browser shows error and won't work.


----------



## Cookiegal (Aug 27, 2003)

Can you try to run GMER again after renaming it? If it won't run, try it in safe mode.


----------



## olegrl43 (Sep 10, 2007)

hope I did this right.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-02 23:20:46
Windows 6.0.6001 Service Pack 1

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BF7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C398C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BFD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BEF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BF7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BEE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73C2B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BFD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BF012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BF0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BE71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C7D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C175E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BEDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BE668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BE66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BF1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 327680/0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (size mismatch) 32856/64 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl (size mismatch) 1144/0 bytes
File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 12288/4096 bytes
File C:\Windows\System32\spool\SpoolerETW.etl (size mismatch) 4096/0 bytes
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 (size mismatch) 147456/0 bytes

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

How many user profiles are there on this computer?


----------



## olegrl43 (Sep 10, 2007)

just mine,the administrator. but up till I started having this problem, everyone was using the computer. then i put a password on it so i could keep everyone off till i got this problem fixed.


----------



## Cookiegal (Aug 27, 2003)

What happens when you try to download programs?


----------



## olegrl43 (Sep 10, 2007)

When I went to Microsoft Update page, I tried to install updates and this is the message I got.

[Error number: 0x8DDD0002] 
To install updates from this website, you must be logged on as an administrator or a member of the Administrators group on your computer. If you use Windows XP, you can see if you are an administrator by going to User Accounts in Control Panel.

Note: If your computer is connected to a network, network policy settings might also prevent you using this website. Contact your system administrator for help with updates.

I pretty much get the same message with a lot of different things I have tried, either that message or it just acts like it's downloading and does'nt actually install.

I am logged on as administrator, I checked under user accounts and it shows that i am


----------



## Cookiegal (Aug 27, 2003)

Please run ComboFix again and post that log.


----------



## olegrl43 (Sep 10, 2007)

When I try to run ComboFix a warning pops up about AVG antivirus still active, This also happened when I ran ComboFix the 1st time but I clicked ok then it pops up warning me again I click OK again and then it starts running. But like I told you earlier that I had uninstalled AVG then later emptied recyle bin, then later had to do a recovery to an earlier date, and when I did that it put the AVG progam back up with the progams but I can't use it I guess because all the guts to the file had been already deleted. When I click ComboFix this is the warning I get.

WARNING!!!
CombFix has detected the following real time scanner to be active:
*AVG Anti-Virus Free 
Antivirus and intrusion prevention programs are know to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage, Please disable these scanners before clicking "OK"

Then I go to uninstall progams and try to uninstall AVG and it says:
INSTALLATION FAILED!!
Installer initalization failed due to following error:
Error: @AVG ErrorCode_0x0253%File%"C\ProgramFile\AVG\AVG8" @AVG ErrorCode_0x0020


So what should I do? just click OK for com-fix and go ahead and run it or do I need to figure out how to unistall AVG.


----------



## Cookiegal (Aug 27, 2003)

Try running this AVG removal tool first and then reboot and see if you can run ComboFix please.

http://www.avg.com/faq.num-1119


----------



## olegrl43 (Sep 10, 2007)

It won't work I will have to go to sis's house and try to download it to my mem. stick


----------



## olegrl43 (Sep 10, 2007)

when you told me to download combo-fix from another pc and put it on my memory stick, I went ahead and downloaded all the other stuff you had told me to try n download:

Combo-Fix
Gmer
OTScanit2
HostXpert

I had tried to download AVG Free but even on her pc I wasn't able to.
But will try to do the removal tool.


----------



## Cookiegal (Aug 27, 2003)

OK, that's fine.


----------



## olegrl43 (Sep 10, 2007)

I tried the AVG Remover 3 times and the AVG is still showing up in my programs, also when I try to run combo-fix I get the same warning, that it is active, although my security shows that it is turned off. Should I go ahead and run combo-fix? The 1st time I ran combo-fix I just clicked OK go ahead and run to all the warnings since I knew it was at least turned off.


----------



## Cookiegal (Aug 27, 2003)

Yes please go ahead and run ComboFix.


----------



## olegrl43 (Sep 10, 2007)

Combo-Fix Log,,,,,

ComboFix 09-04-04.01 - Darlene Nelson 2009-04-10 23:19:48.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.259 [GMT -5:00]
Running from: c:\users\Darlene Nelson\Desktop\Combo-Fix.exe.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-10 22:40 . 2009-04-10 22:41 d--------	C:\Combo-Fix
2009-04-10 10:26 . 2008-04-17 12:12	107,368	--a------	c:\windows\System32\GEARAspi.dll
2009-04-10 10:26 . 2009-03-19 16:32	23,400	--a------	c:\windows\System32\drivers\GEARAspiWDM.sys
2009-04-10 10:25 . 2009-04-10 10:26 d--------	c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 10:25 . 2009-04-10 10:26 d--------	c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 10:25 . 2009-04-10 10:26 d--------	c:\program files\iTunes
2009-04-10 10:25 . 2009-04-10 10:25 d--------	c:\program files\iPod
2009-04-10 10:23 . 2009-04-10 10:24 d--------	c:\program files\QuickTime
2009-03-18 21:52 . 2009-03-18 21:52 dr-------	c:\users\Darlene Nelson\Downloads
2009-03-15 21:06 . 2009-03-15 21:06	118	--a------	c:\windows\System32\MRT.INI
2009-03-11 21:38 . 2009-02-08 22:10	2,033,152	--a------	c:\windows\System32\win32k.sys
2009-03-11 21:38 . 2008-11-26 23:43	268,288	--a------	c:\windows\System32\schannel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 03:19	28,694	----a-w	c:\users\All Users\nvModes.dat
2009-04-11 03:19	28,694	----a-w	c:\programdata\nvModes.dat
2009-04-10 15:25	---------	d-----w	c:\programdata\Apple Computer
2009-04-10 15:25	---------	d-----w	c:\program files\Common Files\Apple
2009-04-10 08:28	---------	d-----w	c:\programdata\avg8
2009-04-09 05:30	---------	d---a-w	c:\programdata\TEMP
2009-04-06 20:41	---------	d-----w	c:\programdata\Lx_cats
2009-04-06 06:10	---------	d-----w	c:\users\Darlene Nelson\AppData\Roaming\Move Networks
2009-03-31 04:29	---------	d-----w	c:\program files\Java
2009-03-27 03:40	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-03-26 21:49	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-03-26 17:30	---------	d-----w	c:\program files\Common Files\Adobe
2009-03-20 04:58	---------	d-----w	c:\program files\Windows Live Safety Center
2009-03-20 04:19	---------	d-----w	c:\programdata\NVIDIA
2009-03-14 05:05	---------	d-----w	c:\program files\Hidden Expedition - Everest
2009-03-14 04:38	---------	d-----w	c:\program files\Mystery Case Files - Huntsville - Detective Training
2009-03-12 18:04	---------	d-----w	c:\program files\Acro Software
2009-03-12 16:47	---------	d-----w	c:\program files\Windows Mail
2009-03-12 06:59	---------	d-----w	c:\programdata\Microsoft Help
2009-03-09 10:19	410,984	----a-w	c:\windows\System32\deploytk.dll
2009-02-24 16:47	---------	d-----w	c:\programdata\Yahoo! Companion
2009-02-24 16:47	---------	d-----w	c:\programdata\HP Product Assistant
2009-02-24 16:47	---------	d-----w	c:\program files\Windows Defender
2009-02-24 16:46	---------	d-----w	c:\programdata\Yahoo!
2009-02-24 16:46	---------	d-----w	c:\program files\ZipForm Desktop
2009-02-24 16:46	---------	d-----w	c:\program files\Yahoo!
2009-02-24 16:46	---------	d-----w	c:\program files\MSBuild
2009-02-24 16:46	---------	d-----w	c:\program files\Microsoft.NET
2009-02-24 16:46	---------	d-----w	c:\program files\Microsoft Works
2009-02-24 16:46	---------	d-----w	c:\program files\Microsoft Visual Studio 8
2009-02-24 16:46	---------	d-----w	c:\program files\ffdshow
2009-02-23 06:52	---------	d-----w	c:\program files\BitComet
2009-02-23 05:33	28,190	----a-w	c:\users\Darlene Nelson\AppData\Roaming\nvModes.dat
2009-02-22 08:58	---------	d-----w	c:\users\Darlene Nelson\AppData\Roaming\HP
2009-02-22 08:58	---------	d-----w	c:\users\Darlene Nelson\AppData\Roaming\CyberLink
2009-02-22 08:58	---------	d-----w	c:\programdata\HP
2009-02-22 08:58	---------	d-----w	c:\programdata\CyberLink
2009-02-21 03:01	---------	d-----w	c:\program files\Google
2009-02-19 03:41	---------	d-----w	c:\users\Darlene Nelson\AppData\Roaming\LimeWire
2009-01-29 04:03	10,520	----a-w	c:\windows\System32\avgrsstx.dll
2009-01-15 06:11	827,392	----a-w	c:\windows\System32\wininet.dll
2008-12-19 19:33	378	----a-w	c:\users\Darlene Nelson\AppData\Roaming\wklnhst.dat
2008-09-11 18:33	174	--sha-w	c:\program files\desktop.ini
2008-02-12 19:17	22	--sha-w	c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [email protected]_ 0.42.11.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-05 08:21:55	86,016	----a-w	c:\windows\inf\infpub.dat
+ 2009-04-10 15:21:33	86,016	----a-w	c:\windows\inf\infpub.dat
- 2009-03-05 08:21:50	143,360	----a-w	c:\windows\inf\infstor.dat
+ 2009-04-10 15:21:33	143,360	----a-w	c:\windows\inf\infstor.dat
- 2009-03-05 08:21:55	143,360	----a-w	c:\windows\inf\infstrng.dat
+ 2009-04-10 15:21:32	143,360	----a-w	c:\windows\inf\infstrng.dat
+ 2009-04-10 15:26:37	102,400	----a-r	c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
- 2009-03-11 06:17:54	297,200	----a-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-06 22:26:30	519,928	----a-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-03-28 12:55:16	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-11 03:17:30	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-28 12:55:16	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-11 03:17:30	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-22 01:30:55	16,384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-09 05:20:59	16,384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-22 01:30:55	32,768	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 05:20:59	32,768	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-22 01:30:55	16,384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-09 05:20:59	16,384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-30 05:41:21	262,144	--sha-w	c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-11 03:19:49	262,144	--sha-w	c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-11 03:19:49	262,144	---ha-w	c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-30 02:31:44	262,144	--sha-w	c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-11 03:19:54	262,144	--sha-w	c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-11 03:19:54	262,144	---ha-w	c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-28 20:34:17	32,768	--sha-w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-08 04:38:34	32,768	--sha-w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-28 20:34:17	49,152	--sha-w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-08 04:38:34	49,152	--sha-w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 04:34:14	24,064	----a-w	c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5eb78ef1-n\Decora-D3D.dll
+ 2009-03-31 04:34:13	499,712	----a-w	c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-15ae19ef-n\jmc.dll
+ 2009-03-31 04:34:13	499,712	----a-w	c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-15ae19ef-n\msvcp71.dll
+ 2009-03-31 04:34:13	348,160	----a-w	c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-15ae19ef-n\msvcr71.dll
+ 2009-03-31 04:34:15	57,344	----a-w	c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5b902232-75be210d-n\Decora-SSE.dll
- 2009-03-28 20:34:17	32,768	--sha-w	c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-08 04:38:34	32,768	--sha-w	c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-30 05:34:20	262,144	----a-w	c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-04-11 04:19:32	262,144	----a-w	c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-26 20:23:46	36,864	----a-w	c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_d9da5e84\usbaapl.sys
+ 2009-03-26 20:23:46	1,900,544	----a-w	c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_d9da5e84\usbaaplrc.dll
+ 2008-04-17 17:12:54	107,368	-c--a-w	c:\windows\System32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 21:32:48	23,400	-c--a-w	c:\windows\System32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
- 2009-03-11 06:39:20	144,792	----a-w	c:\windows\System32\java.exe
+ 2009-03-09 10:19:11	144,792	----a-w	c:\windows\System32\java.exe
- 2009-03-11 06:39:20	144,792	----a-w	c:\windows\System32\javaw.exe
+ 2009-03-09 10:19:13	144,792	----a-w	c:\windows\System32\javaw.exe
- 2009-03-11 06:39:20	148,888	----a-w	c:\windows\System32\javaws.exe
+ 2009-03-09 10:19:13	148,888	----a-w	c:\windows\System32\javaws.exe
- 2009-03-30 05:14:12	101,350	----a-w	c:\windows\System32\perfc009.dat
+ 2009-04-11 03:22:44	101,350	----a-w	c:\windows\System32\perfc009.dat
- 2009-03-30 05:14:12	595,684	----a-w	c:\windows\System32\perfh009.dat
+ 2009-04-11 03:22:44	595,684	----a-w	c:\windows\System32\perfh009.dat
- 2009-03-28 12:58:31	11,712	----a-w	c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1946811046-992574770-3259651336-1001_UserData.bin
+ 2009-04-11 03:20:44	11,852	----a-w	c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1946811046-992574770-3259651336-1001_UserData.bin
- 2009-03-28 12:58:31	84,660	----a-w	c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-11 03:20:44	86,396	----a-w	c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-28 06:02:39	8,754	----a-w	c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-04-08 04:53:26	8,754	----a-w	c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-03-28 12:58:30	60,894	----a-w	c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-11 03:20:43	61,342	----a-w	c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-03-30 02:26:34	349,666	----a-w	c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-04-10 20:53:58	355,280	----a-w	c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2787EA8E-8D87-48af-88AD-B30246C917AB}]
2008-11-05 10:49	514424	--a------	c:\program files\SearchPerks! Perk Counter\Bmbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2787EA8E-8D87-48af-88AD-B30246C917AB}"= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-11-05 514424]

[HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2787EA8E-8D87-48AF-88AD-B30246C917AB}"= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-11-05 514424]

[HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-03 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-11-03 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-11-03 16040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CA6C467C-F80C-4393-A684-1A757088196E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1AE562DA-7309-453A-9981-14754F331E8B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{215A0E8B-F3B1-4142-9EDC-67844C866781}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6DA52B40-B3EB-44DC-A7FD-F76685D124B8}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CCB39148-7984-4B64-B9C3-C4136001128B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4630CE96-7C84-4111-9852-86D38C21972F}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AA378191-625C-442E-A087-D6B8D348AF6B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A0D9E348-7149-4A3B-8BDD-A242A513004D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{490498B6-8589-4B5B-A3CC-07DC4A36091A}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{3A6DF1E7-A7CD-43D8-9E4C-392A46BEFCF7}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{5D257977-D29A-430A-9C6F-CB5A859EC8DA}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{CC958BF7-CB30-4478-A424-50AEAF2B76CF}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{6F72D9AA-BF25-4528-B2E3-DE9CCAA58A8E}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{095DD928-DB1B-4493-93BB-F8DA9EE8E1EA}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{872F29B1-5B1E-4833-AE2A-5438B52E2E4E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9CFF8E9F-6562-4109-9D96-FA19A27AFE61}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4C3EFA17-CBE9-4101-A5B3-11BE02B146A2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{58F082D4-7F89-41EC-8A85-C8201695DFDA}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{6713094F-2E86-450B-9129-403EC686EB20}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{077065AF-4375-40D2-BB05-6783F5D0DFC4}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{19D2E07D-7718-4991-B21E-D29A28430A2E}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3BEFE377-B20C-44D7-A327-C71E7313AFD0}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet
"{A8A45FFE-B55E-4528-BDCD-CACC90D751D7}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet
"{A6EAD3B3-DB74-479A-9F1E-A81571770443}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet
"{3AEDA5D8-E01F-4D84-BA84-33BAA73B0299}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet
"{892CD978-E97F-4962-B7E8-CCE9607DDC66}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe: 
"{49C5AF8E-1254-4E74-8D56-E0FF99CC2BD6}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe: 
"{D62A15AC-6DEF-49F2-93BA-D6C49B29FD18}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{892376A5-EE4E-44E5-B12F-47BA453B1152}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{880A3ECC-816A-449C-8C93-7806BBF1135F}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{5E11E47C-E16E-426D-A966-801B1011DC38}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{625B7F99-1F9C-4BB6-AD59-212215BFD0A4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FAFD1989-7A37-419D-9B46-5D2BBEC3B777}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exeevice Monitor
"{9CC74246-FB25-4296-887C-FEAF37FBD091}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exeevice Monitor
"{6706B85E-3274-4650-A187-325941A044A5}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{28E38C75-9642-4908-8A7A-93629E84FD10}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{C9516D2A-D05B-45BF-B5FF-3EFD7B430E0B}"= Disabled:UDP:e:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{67961059-FEE1-4467-AABC-394E1E1A8A30}"= Disabled:TCP:e:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{48612B04-FCB0-49A4-A85B-A89E6E3F9357}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{5BD0E378-B9F5-40A1-8817-F2BE0631EF38}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{5478CC2E-A294-4441-9CB6-7515E7F726E0}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{19766A7A-5570-43B1-9DD4-5A76C3E95D76}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{27517754-D50E-4E2C-8F57-DBD25F4BBCE5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{F51BAF90-8D05-433B-BD0A-F6FCAFF80E69}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B9103FC4-0C03-4D17-980D-7BF9403648F5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{8F95899E-8D72-4FC2-AAA6-26E5BA4C9193}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{E7E10998-7631-42BC-9C76-0247121DD437}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FC56EFE0-F8A3-4A4C-8EC0-FB7339CE4FB5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{4B4541EE-EF0E-4AC2-AD06-6C9D42E96037}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{5D393A8E-D2E8-431E-969D-75BF4F197A0C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{3CE099AD-8C2A-41CC-9D6C-D97CF8FB97EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{3A9FEF8B-E1AD-4B26-A414-E618D5B834E4}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{464051FE-C42B-43F5-8E7A-11E43808841B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{4ADD9E04-1804-4AE7-85EF-F1AB174CA331}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{D463C75C-1131-480D-B358-D89D22CA3B72}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{B4AB7AA8-F096-4963-AB37-8C97E3A0AC77}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: 
"{78C2D9BD-5D58-4271-A761-5307BED4A98C}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{F86A507F-3E49-41B2-98D3-12224021B1DE}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{9849C429-353A-467F-9D7B-0BFB39B78942}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{5A51B954-3583-441E-9ECD-99DDB6A3281D}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{B5823E50-A36E-4332-9F32-438EAA82879B}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{99373A46-D5BA-4D7A-8995-E338D277107D}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{2DFC90A3-F11A-4F88-88C0-90FB579E5B27}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{44ACB81D-7CA4-4079-906E-86914FD88BB9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: 
"{5603EA6E-882C-45C3-B2D1-F7CE77930CBC}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{3335A093-1C30-4F4A-9F9D-6079266DF8F4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: 
"{5DEB1ABA-CB11-4C32-8C84-88EC8E07A7F2}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe: 
"{DC1BA915-006B-4DA0-8523-6475717E4D18}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe: 
"{4F1F94B6-2F26-4DAF-B8C7-19A2F1F2B16C}"= UDP:c:\windows\System32\lxducoms.exe:Lexmark Communications System
"{2E6A8230-247D-4848-9E6D-4C483F5976CA}"= TCP:c:\windows\System32\lxducoms.exe:Lexmark Communications System
"{F42C2BB5-6A31-46DC-B672-4A22B665632D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdupswx.exerinter Status Window
"{6DB4C100-77B0-48CA-9396-0E01C35A24E8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdupswx.exerinter Status Window
"{6217B117-1839-4EAA-B5DD-77355016E22C}"= UDP:c:\program files\Lexmark 5600-6600 Series\lxduamon.exe:Lexmark Device Monitor
"{3FEC52BF-4A82-40DD-BFD2-17FB62CE1B47}"= TCP:c:\program files\Lexmark 5600-6600 Series\lxduamon.exe:Lexmark Device Monitor
"{2B736DBC-CC98-4F6A-BAF8-D229BA3ECFE6}"= UDP:c:\program files\Lexmark 5600-6600 Series\frun.exe:Lexmark Productivity Studio
"{DF44FAA1-81AF-4D13-B63F-3627830F1269}"= TCP:c:\program files\Lexmark 5600-6600 Series\frun.exe:Lexmark Productivity Studio
"{CBB13A5E-3F83-432E-B3E5-7C022DD56568}"= UDP:c:\users\Darlene Nelson\Desktop\REOTrans.com - Nationwide Foreclosed Home Listing Service..url:REOTrans.com - Nationwide Foreclosed Home Listing Service.
"{B7AE8D29-27BB-4674-8CE4-0A6406ABCB0D}"= TCP:c:\users\Darlene Nelson\Desktop\REOTrans.com - Nationwide Foreclosed Home Listing Service..url:REOTrans.com - Nationwide Foreclosed Home Listing Service.
"{696B3D46-2102-46BF-A175-DCCAE14F59FF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{98A98C70-912E-4AB5-BE6A-B6846C36C8B8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{08499047-A8D4-4A60-A0AE-D5BC572EE57A}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{8606D67B-0B1D-41E1-A811-E545376287B9}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{EEBCD755-3A50-4929-BC4E-02B45CE4DCFF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{98AC4B71-A211-4151-892A-CC6F062A73A3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{70DD649F-CD38-491A-81DA-0CEDB3D7045A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{29600515-4303-4EE3-98A7-4F0AA7E7A25D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"= c:\program files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-10-10 325128]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxduserv.exe [2008-11-16 98984]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 298264]
S3 ATTRcAppSvc;AT&T RcAppSvc;"c:\program files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" --> c:\program files\AT&T\Communication Manager\RcAppSvc.exe [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\System32\drivers\swnc8u56.sys [2008-06-05 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\System32\drivers\swumx56.sys [2008-06-05 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\HPCeeScheduleForDarlene Nelson.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28 13:58]

2008-06-19 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28 13:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 23:24:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2364)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2009-04-10 23:27:43
ComboFix-quarantined-files.txt 2009-04-11 04:27:41
ComboFix2.txt 2009-03-30 05:43:44

Pre-Run: 61,354,414,080 bytes free
Post-Run: 61,431,468,032 bytes free

326	--- E O F ---	2009-04-06 20:11:00


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download *Dr.Web CureIt* and save it to your desktop.

Doubleclick the *drweb-cureit.exe* file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the *green arrow* at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:








If so, click it and then click the next icon right below and select *Move incurable* as you'll see in next image:








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click *file* and choose *save report list*
Save the report to your desktop. The report will be called *DrWeb.csv*
Close Dr.Web Cureit.
*Reboot* your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.


----------



## olegrl43 (Sep 10, 2007)

ok, I ran the scan and it said no virus' found, and didn't give me any other options.

Is there a chance that when I origanally deleted AVG that something that was in quarantine was actually something that my system needed to do downloads.


----------



## Cookiegal (Aug 27, 2003)

It's possible but very unlikely.

Can you try creating a new user account with admin. privileges? You may have to log in as administrator if your current account won't allow it. Your user profile may be corrupt.


----------



## olegrl43 (Sep 10, 2007)

I created a new account and clicked administrator. so now it looks like I have to administrator accounts. but when I click on any link or try to go to any website or page a window pops up that says:

Access Violation ataddress 6CB616B7 in module "AVGTOO~1DLL; Read of address 00000004

when I click OK the another small window pops up that is blank except for it says
Warning at top then OK at bottom.

And when I click OK then it will finally let me open some of the links or web pages


----------



## Cookiegal (Aug 27, 2003)

That could be caused by an add-on in IE7. Please go to the following link and follow the instructions in Method 3 to start IE without any add-ons and let me know if that solves any of your issues.

http://support.microsoft.com/kb/936213


----------



## olegrl43 (Sep 10, 2007)

I did that and I guess it's better, I still get it sometimes or something similar to it. I think I've had enough of trying to fix the problems on my laptop. It's been almost 2 months and I'm not getting anywhere. I think I'm gonna get son-in-law to put it in shop. I want to thank you so much for all the hard work you have put into trying to help me. Should I just go ahead and marked this solved?

Thanks So Much
Be Safe
olegrl43


----------



## Cookiegal (Aug 27, 2003)

Well it's not really solved but you can mark it if you want. I'm sorry it didn't turn out better.


----------



## olegrl43 (Sep 10, 2007)

Thanks again for all of you help and hard work.
olegrl43


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

