# AC adapter type cannot be determined



## kenziesmom (Apr 11, 2005)

I had to replace the power cord (from the outlet to the box) on my AC adapter. It worked fine for awhile; but now I'm getting this message on boot up. "Warning. The AC adapter type cannot be determined. This will prevent optimal system performance. Please check AC adapter is connected properly. Remove AC adapter and plug it in again." I tried plugging it in again several times to no avail. Then my virus program (Trend Micro PC-cillin Internet Security 14) popped up a window to start in Safe Mode to fix the problem. I know how to start in Safe Mode but don't know what to do once I'm in there. Any help will be appreciated.


----------



## smith_ (Mar 6, 2009)

When will you facing that problem? In the time when you plugged it AC power supply. 
Try to on your computer just with battery power. And check regarding the error message.


----------



## kenziesmom (Apr 11, 2005)

Thanks for your response, smith_,
Hmmm 
Apparently my battery is not charging. My computer will not boot up with just the battery. It isn't holding a charge.
I have been having power cord problems for quite some time now. Oh, yeah, I forgot to include the info about my system:
Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 2
Dell Inspiron 1501 
AMD Turion(tm) 64X2 Mobile
Technology TL-50
1.60 GHz 896 MB of RAM
Physical Address Extension
Any other suggestions?


----------



## Cookiegal (Aug 27, 2003)

Your title also mentions "bad image". Where exactly does that fit in with the error messages you're getting?


----------



## cybertech (Apr 16, 2002)

If you remove the battery and use only the AC adapter do you still have the problem? If not you likely need a new battery. If you still have the problem you may need to replace both the battery and AC adapter. Also have you tried different outlets? This could also be a problem at the outlet.


----------



## kenziesmom (Apr 11, 2005)

cookiegal,
I have no idea where that title came from!! I had originally posted under "All other Software" as *AC adapter type cannot be determined*.. redoak sent me a private message suggesting I report to move it to "Hardware". I guess whoever was in charge of moving the post goofed... Oh, well, I'll add the original title to this post.

cybertech,
I tried taking out the battery and turn it on with AC only and I still get the same message. Same message in different outlets, too.

Guess it's not lookinh good. The end of this message says to press any key to continue. It then boots up and so far has run like normal. What harm can result from pressing any key and just skipping over the message?

Is there a way to fix this in Save Mode?


----------



## Cookiegal (Aug 27, 2003)

Thanks for the clarification kenziesmom. I see that what actually happened is that you had posted in someone else's thread instead of starting one of your own. When it was split off into your own thread it retained the original title from the other poster. No worries. I've edited the title since you can't do it yourself. You can only edit it on a post but not for the entire thread.

I was wondering where the connection was with Bad Image, which often, but not always, signifies malware. Anyway, you're in good hands with cybertech, malware or otherwise. :up:


----------



## cybertech (Apr 16, 2002)

Cookiegal said:


> Anyway, you're in good hands with cybertech, malware or otherwise. :up:


Thanks Cookiegal for your kind words, but really I was addressing the Dell battery/AC problem as I see this often. The machine with a dead and unchargeable battery can cause problems which should go away if the battery is removed. In this case I suspect the motherboard since it has the same problem without the battery inserted. Additionally I do hope you are watching this thread and will feel free to respond to the HJT log as you know I am a bit over my head with other things at present time. 

*kenziesmom*

Perhaps you could post a hijackthis log for us to review to eliminate malware as a problem associated with the bad image message.

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


----------



## kenziesmom (Apr 11, 2005)

cookiegal: LOL I THOUGHT I had started a new thread. That's what I get for thinking!!

cybertec: Since my post really didn't have anything to do with a "bad image", will a HJT file be relevant to solving my AC adapter problem? I have done some searching online regarding Dell laptop AC adapters and there are lots of problems indicated. Even problems (within months or weeks) with new parts for many people. 

With motherboards-I'm stymied! I Googled "Dell laptop motherboard" and found prices from $29 to $980!! Geeze, I might as well buy a new computer! I don't know anything about which one I would need or how to put it in. Of course, I'm past the warranty...

I'd appreciate any advice on some options. Also, please let me know if a HJT would be helpful.

Thanks


----------



## Cookiegal (Aug 27, 2003)

I would go ahead and post a HijackThis log anyway. It can't do any harm and it will give us a picture of some of the programs you have running on your computer, which could be helpful.


----------



## kenziesmom (Apr 11, 2005)

Here is my HJT file...

Logfile of HijackThis v1.99.1
Scan saved at 4:34:16 PM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windowsisearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjongg%20-%20Ancient%20Mayas/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169882385892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177484547859
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F}: NameServer = 209.112.128.2 204.17.139.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 
Also, if you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots. *


----------



## kenziesmom (Apr 11, 2005)

cookiegal-
Thanks for your direction. After the scan, when I rebooted I got the same error message about the AC adapter not being determined; but I didn't expect that would solve my problem anyway. (that would be too easy!)

Attached are the Malware scan and the HJT file.
Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 3

4/10/2009 3:58:05 PM
mbam-log-2009-04-10 (15-58-05).txt

Scan type: Quick Scan
Objects scanned: 83445
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FilterProgram (Rogue.FilterProgram) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MSx (Rogue.MSAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Pam\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\848700 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Pam\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\Local Settings\Temp\xrg1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pam\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 5:12:05 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Pam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjongg%20-%20Ancient%20Mayas/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169882385892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177484547859
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F}: NameServer = 209.112.128.2 204.17.139.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## kenziesmom (Apr 11, 2005)

Hi cookiegal-
Hope this is where I'm supposed to post these. If not, sorry (again). For some unknown reason, my computer only intermittantly shows the "adapter can not be determined" message!? I haven't done anything different...I'm hoping it will stop all together. Maybe after you help me with these reports.

ComboFix 09-04-14.08 - Pam 04/15/2009 19:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.202 [GMT -8:00]
Running from: c:\documents and settings\Pam\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-15 09:36 . 2009-04-16 03:44	--------	d-----w	c:\documents and settings\Pam\humyo.store
2009-04-15 09:36 . 2009-04-15 09:36	--------	d-----w	c:\documents and settings\All Users\Application Data\humyo.com
2009-04-15 09:35 . 2009-04-02 16:38	237624	----a-w	c:\windows\system32\HrfsControlApplet.cpl
2009-04-15 09:35 . 2009-04-02 16:38	139320	----a-w	c:\windows\system32\hrfsnp.dll
2009-04-15 09:35 . 2009-04-02 16:38	144696	----a-w	c:\windows\system32\drivers\hrfsmrx.sys
2009-04-13 08:25 . 2009-04-15 09:50	--------	d-----w	c:\documents and settings\Pam\.thinupload
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\documents and settings\Pam\Application Data\Malwarebytes
2009-04-10 23:39 . 2009-04-06 23:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-10 23:39 . 2009-04-06 23:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-03 07:41 . 2009-04-03 07:45	--------	d-----w	c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-03 07:41 . 2009-04-03 07:41	--------	d-----w	c:\documents and settings\Pam\Application Data\Uniblue
2009-04-03 07:37 . 2009-04-03 07:42	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-01 11:26 . 2009-04-01 11:26	--------	d-----w	C:\GameHouse Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 12:15 . 2007-02-02 03:05	--------	d-----w	c:\documents and settings\All Users\Application Data\Google Updater
2009-04-15 09:35 . 2009-04-15 09:35	--------	d-----w	c:\program files\humyo.com Client
2009-04-15 03:23 . 2007-01-27 07:14	1246	----a-w	c:\documents and settings\Pam\Application Data\wklnhst.dat
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-03 07:41 . 2009-04-03 07:41	--------	d-----w	c:\program files\Uniblue
2009-04-01 11:25 . 2008-08-30 10:08	--------	d-----w	c:\program files\RealArcade
2009-03-19 06:39 . 2009-03-11 22:08	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-19 06:38 . 2007-01-11 08:41	--------	d-----w	c:\program files\Java
2009-03-18 12:07 . 2009-03-18 12:07	--------	d-----w	c:\program files\MahjongMedley_at
2009-03-02 01:06 . 2009-02-01 12:58	--------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-03-01 23:49 . 2009-03-01 23:49	--------	d-----w	c:\documents and settings\All Users\Application Data\cerasus.media
2009-03-01 23:49 . 2009-03-01 23:49	--------	d-----w	c:\documents and settings\Pam\Application Data\cerasus.media
2009-03-01 23:49 . 2009-03-01 23:47	--------	d-----w	c:\program files\Mahjongg - Ancient Mayas
2009-02-24 05:16 . 2007-01-28 08:29	--------	d-----w	c:\program files\HP
2009-02-19 07:56 . 2008-10-20 09:27	--------	d-----w	c:\program files\MyPlayCity
2009-02-09 11:13 . 2008-10-17 14:37	1846784	------w	c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2005-08-16 10:18	1846784	----a-w	c:\windows\system32\win32k.sys
2009-01-17 06:35 . 2007-01-11 08:42	3594752	----a-w	c:\windows\system32\dllcache\mshtml.dll
2008-09-24 03:29 . 2008-09-27 00:09	531	----a-w	c:\documents and settings\Pam\sysclean.bat
2008-09-09 02:25 . 2007-01-11 08:52	74800	-c--a-w	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-09 08:12 . 2008-08-09 08:10	127	----a-w	c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2007-02-03 04:15 . 2007-02-03 04:15	5971432	----a-w	c:\program files\Firefox Setup 2.0.0.1.exe
2007-02-01 11:56 . 2007-02-01 11:56	774144	----a-w	c:\program files\RngInterstitial.dll
2007-01-27 04:12 . 2007-01-27 04:11	126	----a-w	c:\documents and settings\Pam\Local Settings\Application Data\fusioncache.dat
2007-01-11 09:09 . 2008-08-09 08:10	72944	-c--a-w	c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-01-11 09:09 . 2007-01-27 04:11	72944	-c--a-w	c:\documents and settings\Pam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-01-11 09:09 . 2007-01-27 04:11	72944	-c--a-w	c:\documents and settings\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-08-17 02:52 . 2007-01-27 04:11	136	----a-w	c:\documents and settings\Default User\Local Settings\Application Data\fusioncache.dat
2005-08-17 02:52 . 2005-08-17 02:52	136	----a-w	c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-08-12 05:2007-02-02 04:38 59:08 .	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-02-19 07:57	1882136	----a-w	c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-11-01 321040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 241664]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
humyo.com Client.lnk - c:\program files\humyo.com Client\HrfsClient.exe [2009-4-15 1335352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-12 29744]
R4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-16 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-10 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-27 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-10 566872]
S3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2009-04-02 144696]
S3 humyo.com;humyo.com;c:\program files\humyo.com Client\hrfscore.exe [2009-04-02 2736184]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-11-10 280392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 22:45]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - 
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save Image To humyo.com - c:\program files\humyo.com Client\download.html
IE: Save Target To humyo.com - c:\program files\humyo.com Client\download.html
Trusted Zone: usda.gov\plants
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT772431&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\extensions\{7438fe9d-8bba-4796-be7b-218aa34089ac}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\HrfsFirefoxDownloader.dll
FF - plugin: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\extensions\[email protected]\plugins\npmozax.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 19:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2596)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\hrfsnp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-16 03:49

Pre-Run: 54,231,076,864 bytes free
Post-Run: 54,536,126,464 bytes free

215	--- E O F ---	2009-04-15 11:01

New HJT log
Logfile of HijackThis v1.99.1
Scan saved at 8:39:06 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\humyo.com Client\HrfsClient.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\humyo.com Client\hrfscore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: IEHelperObject - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\humyo.com Client\HrfsDownloader.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: humyo.com Client.lnk = C:\Program Files\humyo.com Client\HrfsClient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Image To humyo.com - C:\Program Files\humyo.com Client\download.html
O8 - Extra context menu item: Save Target To humyo.com - C:\Program Files\humyo.com Client\download.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjongg%20-%20Ancient%20Mayas/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169882385892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177484547859
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo.com Client\hrfscore.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Thanks!


----------



## Cookiegal (Aug 27, 2003)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

*JRE 6 Update 13*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## kenziesmom (Apr 11, 2005)

Hi again,

Here is the Kaspersky Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 17, 2009 12:50:55
Records in database: 2053593
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
H:\

Scan statistics:
Files scanned: 93026
Threat name: 2
Infected objects: 1
Suspicious objects: 2
Duration of the scan: 02:16:13

File name / Threat name / Threats count
C:\Documents and Settings\Pam\.housecall6.6\Quarantine\file[1].exe.bac_a01420	Infected: Packed.Win32.Tdss.c	1
C:\Documents and Settings\Pam\Desktop\Unused Desktop Shortcuts\NOPassword.zip	Suspicious: Password-protected-EXE	1
C:\Documents and Settings\Pam\Local Settings\Application Data\IM\Identities\{E62BCBF4-3A89-41D8-813E-14C001BDD8A7}\Message Store\Attachments\NOPassword.zip	Suspicious: Password-protected-EXE	1

The selected area was scanned.

Can you help me to "disinfect" my computer now?


----------



## Cookiegal (Aug 27, 2003)

What can you tell me about this? Is it something you downloaded? What is it for?

C:\Documents and Settings\Pam\Desktop\Unused Desktop Shortcuts\NOPassword.zip

It's in a folder called *Unused Desktop Shortcuts* that's on your desktop.


----------



## kenziesmom (Apr 11, 2005)

It is a file sent to me from TrendMicro. It's an application called* System Cleaner Tool* that is password protected, I haven't used that file since 2007 when they were helping me with a virus. Gee, is it my antivirus service provider that has infected my computer!? My subscrition is up next month. Maybe I should look for another antivirus company! Any suggestions? I've had McAfee and Symantec's Norton Antivirus and was not satisfied with their support. There are so many out there; but cost is a major factor for me. TM is under $50 which is as much as I can afford. Too bad there re so many malicious people in the world *sigh*...

Well, any advice you can offer will be greatly appreciated. Thanks for all your time on this.


----------



## Cookiegal (Aug 27, 2003)

No, it's only being flagged as suspicious because it was an e-mail attachment and it's password protected. There's nothing wrong with Trend Micro and they certainly wouldn't send you a virus.

My anti-virus of choice though would be Nod32 or what's called Eset Smart Security which is the suite that includes Nod32 anti-virus and firwall or Kaspersky Internet Security 2009. You should be able to get those programs for prices comparable to Trend.

Download GMER from: http://gmer.net/index.php

Save it on your desktop and unzip it.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## kenziesmom (Apr 11, 2005)

Here ya' go, cookiegal-
It amazes me that you know how to read all of these reports/logs! I will patiently wait for your next instructions.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-20 02:36:23
Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1760] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1760] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1760] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2504] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat B9F4BD20

AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\TDSSserv.sys

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\2DD30YDS\tips_w[1] 52 bytes
File C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\2DD30YDS\bodybg[1] 12254 bytes

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\Windows\System32\drivers\TDSSserv.sys

Driver::
TDSSserv

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## kenziesmom (Apr 11, 2005)

Here are the new CF and HJT logs. I'll have to post them separately as together they have too many characters. Actually, the CF log is too long for the whole thing in one post.

ComboFix 09-04-21.A0 - Pam 04/20/2009 22:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.260 [GMT -8:00]
Running from: c:\documents and settings\Pam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pam\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\System32\drivers\TDSSserv.sys
.

((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-17 09:58 . 2009-04-17 10:04	--------	d-----w	c:\documents and settings\Pam\.SunDownloadManager
2009-04-16 03:55 . 2009-04-16 03:55	15392	----a-w	C:\ComboFix.com
2009-04-15 23:54 . 2009-03-06 14:22	284160	------w	c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:54 . 2009-02-09 12:10	473600	------w	c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:54 . 2009-02-09 12:10	401408	------w	c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:54 . 2009-02-06 11:11	110592	------w	c:\windows\system32\dllcache\services.exe
2009-04-15 23:54 . 2009-02-06 10:39	35328	------w	c:\windows\system32\dllcache\sc.exe
2009-04-15 23:54 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:54 . 2009-02-09 12:10	729088	------w	c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:54 . 2009-02-09 12:10	714752	------w	c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:54 . 2009-02-09 12:10	617472	------w	c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:54 . 2009-02-09 12:10	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:46 . 2008-05-03 11:55	2560	------w	c:\windows\system32\xpsp4res.dll
2009-04-15 23:46 . 2008-04-21 12:08	215552	------w	c:\windows\system32\dllcache\wordpad.exe
2009-04-15 09:36 . 2009-04-21 02:39	--------	d-----w	c:\documents and settings\Pam\humyo.store
2009-04-15 09:36 . 2009-04-15 09:36	--------	d-----w	c:\documents and settings\All Users\Application Data\humyo.com
2009-04-15 09:35 . 2009-04-02 16:38	237624	----a-w	c:\windows\system32\HrfsControlApplet.cpl
2009-04-15 09:35 . 2009-04-02 16:38	139320	----a-w	c:\windows\system32\hrfsnp.dll
2009-04-15 09:35 . 2009-04-02 16:38	144696	----a-w	c:\windows\system32\drivers\hrfsmrx.sys
2009-04-13 08:25 . 2009-04-15 09:50	--------	d-----w	c:\documents and settings\Pam\.thinupload
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\documents and settings\Pam\Application Data\Malwarebytes
2009-04-10 23:39 . 2009-04-06 23:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-10 23:39 . 2009-04-06 23:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-03 07:41 . 2009-04-03 07:45	--------	d-----w	c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-03 07:41 . 2009-04-03 07:41	--------	d-----w	c:\documents and settings\Pam\Application Data\Uniblue
2009-04-03 07:37 . 2009-04-03 07:42	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-01 11:26 . 2009-04-01 11:26	--------	d-----w	C:\GameHouse Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 05:53 . 2007-02-02 03:05	--------	d-----w	c:\documents and settings\All Users\Application Data\Google Updater
2009-04-16 10:18 . 2009-02-01 12:58	--------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 09:01 . 2009-04-16 09:01	--------	d-----w	c:\program files\Mahjong Escape - Ancient China
2009-04-16 03:49 . 2009-04-16 03:49	15392	----a-w	C:\Combo-Fix.exe.txt
2009-04-15 09:35 . 2009-04-15 09:35	--------	d-----w	c:\program files\humyo.com Client
2009-04-15 03:23 . 2007-01-27 07:14	1246	----a-w	c:\documents and settings\Pam\Application Data\wklnhst.dat
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-03 07:41 . 2009-04-03 07:41	--------	d-----w	c:\program files\Uniblue
2009-04-01 11:25 . 2008-08-30 10:08	--------	d-----w	c:\program files\RealArcade
2009-03-21 14:06 . 2009-03-21 14:06	989696	------w	c:\windows\system32\dllcache\kernel32.dll
2009-03-19 06:39 . 2009-03-11 22:08	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-19 06:38 . 2007-01-11 08:41	--------	d-----w	c:\program files\Java
2009-03-18 12:07 . 2009-03-18 12:07	--------	d-----w	c:\program files\MahjongMedley_at
2009-03-06 14:22 . 2005-08-16 10:18	284160	----a-w	c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-01-11 08:42	826368	----a-w	c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2005-08-16 10:18	826368	----a-w	c:\windows\system32\wininet.dll
2009-03-01 23:49 . 2009-03-01 23:49	--------	d-----w	c:\documents and settings\All Users\Application Data\cerasus.media
2009-03-01 23:49 . 2009-03-01 23:49	--------	d-----w	c:\documents and settings\Pam\Application Data\cerasus.media
2009-03-01 23:49 . 2009-03-01 23:47	--------	d-----w	c:\program files\Mahjongg - Ancient Mayas
2009-02-28 04:54 . 2006-10-17 21:04	636072	------w	c:\windows\system32\dllcache\iexplore.exe
2009-02-24 05:16 . 2007-01-28 08:29	--------	d-----w	c:\program files\HP
2009-02-20 10:20 . 2007-05-10 07:33	13824	------w	c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 12:26	70656	------w	c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 12:25	161792	------w	c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2005-08-16 10:18	729088	----a-w	c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 10:18	401408	----a-w	c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 10:18	714752	----a-w	c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 10:18	617472	----a-w	c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-17 14:37	1846784	------w	c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2005-08-16 10:18	1846784	----a-w	c:\windows\system32\win32k.sys
2009-02-08 03:02 . 2008-10-17 14:44	2066048	------w	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2005-08-16 10:18	110592	----a-w	c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-17 14:44	2189056	------w	c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-17 14:44	2145280	------w	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2005-08-16 10:18	2145280	----a-w	c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 10:18	35328	----a-w	c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-17 14:44	2023936	------w	c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-04 04:59	2023936	----a-w	c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59	56832	------w	c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2005-08-16 10:18	56832	----a-w	c:\windows\system32\secur32.dll
2008-09-24 03:29 . 2008-09-27 00:09	531	----a-w	c:\documents and settings\Pam\sysclean.bat
2008-09-09 02:25 . 2007-01-11 08:52	74800	-c--a-w	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-09 08:12 . 2008-08-09 08:10	127	----a-w	c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2007-02-03 04:15 . 2007-02-03 04:15	5971432	----a-w	c:\program files\Firefox Setup 2.0.0.1.exe
2007-02-01 11:56 . 2007-02-01 11:56	774144	----a-w	c:\program files\RngInterstitial.dll
2007-01-27 04:12 . 2007-01-27 04:11	126	----a-w	c:\documents and settings\Pam\Local Settings\Application Data\fusioncache.dat
2007-01-11 09:09 . 2008-08-09 08:10	72944	-c--a-w	c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-01-11 09:09 . 2007-01-27 04:11	72944	-c--a-w	c:\documents and settings\Pam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-08-17 02:52 . 2005-08-17 02:52	136	----a-w	c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-08-12 05:2007-02-02 04:38 59:08 .	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-08 23:54 . 2008-09-08 23:54	32768	--sha-w	c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((( [email protected]_03.44.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 02:38 . 2009-04-21 02:38	16384 c:\windows\Temp\Perflib_Perfdata_f40.dat
- 2005-08-17 03:06 . 2007-07-27 17:41	26488 c:\windows\system32\spupdsvc.exe
+ 2005-08-17 03:06 . 2008-07-09 07:38	26488 c:\windows\system32\spupdsvc.exe
- 2007-06-06 06:08 . 2008-07-09 07:38	17272 c:\windows\system32\spmsg.dll
+ 2007-06-06 06:08 . 2007-11-30 12:39	17272 c:\windows\system32\spmsg.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	44544 c:\windows\system32\pngfilt.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	44544 c:\windows\system32\pngfilt.dll
+ 2005-08-16 10:18 . 2009-04-19 04:34	54682 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-03-12 19:34	54682 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:37 . 2008-06-12 14:23	91648 c:\windows\system32\mtxoci.dll
- 2005-08-16 10:37 . 2008-04-14 00:12	91648 c:\windows\system32\mtxoci.dll
- 2005-08-16 10:18 . 2008-04-14 00:12	66560 c:\windows\system32\mtxclu.dll
+ 2005-08-16 10:18 . 2008-06-12 14:23	66560 c:\windows\system32\mtxclu.dll
+ 2006-11-08 06:03 . 2009-02-20 18:09	52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 06:03 . 2008-12-20 23:15	52224 c:\windows\system32\msfeedsbs.dll
- 2005-08-16 10:37 . 2008-04-14 00:11	58880 c:\windows\system32\msdtclog.dll
+ 2005-08-16 10:37 . 2008-06-12 14:23	58880 c:\windows\system32\msdtclog.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	27648 c:\windows\system32\jsproxy.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 12:26 . 2009-02-20 10:20	13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 12:26 . 2008-12-19 09:10	13824 c:\windows\system32\ieudinit.exe
- 2005-08-16 10:18 . 2008-12-20 23:15	44544 c:\windows\system32\iernonce.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	44544 c:\windows\system32\iernonce.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	78336 c:\windows\system32\ieencode.dll
+ 2005-08-16 10:18 . 2009-02-20 10:20	70656 c:\windows\system32\ie4uinit.exe
- 2005-08-16 10:18 . 2008-12-19 09:10	70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 20:58 . 2009-02-20 18:09	63488 c:\windows\system32\icardie.dll
- 2006-10-17 20:58 . 2008-12-20 23:15	63488 c:\windows\system32\icardie.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23	91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23	66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-10 07:33 . 2008-12-20 23:15	52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-10 07:33 . 2009-02-20 18:09	52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23	58880 c:\windows\system32\dllcache\msdtclog.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-11-07 12:26 . 2009-02-20 18:09	44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-11-07 12:26 . 2008-12-20 23:15	44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09	78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-20 10:04 . 2009-02-20 18:09	63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-12-20 23:15	63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-04-24 23:51 . 2009-04-16 11:03	23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-16 11:08 . 2008-12-20 23:15	44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-16 11:08 . 2008-12-19 09:10	13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-16 11:08 . 2008-12-20 23:15	44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-16 11:08 . 2008-04-14 00:11	81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-16 11:08 . 2008-12-19 09:10	70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-16 11:08 . 2008-12-20 23:15	63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2007-04-24 23:51 . 2009-04-16 11:03	4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-08-16 10:18 . 2008-04-14 00:12	354304 c:\windows\system32\winhttp.dll
+ 2005-08-16 10:18 . 2008-12-16 12:30	354304 c:\windows\system32\winhttp.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	233472 c:\windows\system32\webcheck.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	233472 c:\windows\system32\webcheck.dll
+ 2005-08-16 10:37 . 2009-02-06 10:10	227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2005-08-16 10:37 . 2009-02-09 12:10	453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2005-08-16 10:37 . 2009-02-09 12:10	473600 c:\windows\system32\wbem\fastprox.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	105984 c:\windows\system32\url.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	105984 c:\windows\system32\url.dll
- 2005-08-16 10:18 . 2009-03-12 19:34	385164 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2009-04-19 04:34	385164 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2009-02-20 18:09	102912 c:\windows\system32\occache.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	102912 c:\windows\system32\occache.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	671232 c:\windows\system32\mstime.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	671232 c:\windows\system32\mstime.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	193024 c:\windows\system32\msrating.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	193024 c:\windows\system32\msrating.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	477696 c:\windows\system32\mshtmled.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 06:03 . 2009-02-20 18:09	459264 c:\windows\system32\msfeeds.dll
- 2006-11-08 06:03 . 2008-12-20 23:15	459264 c:\windows\system32\msfeeds.dll
- 2005-08-16 10:37 . 2008-04-14 00:11	161792 c:\windows\system32\msdtcuiu.dll
+ 2005-08-16 10:37 . 2008-06-12 14:23	161792 c:\windows\system32\msdtcuiu.dll
- 2005-08-16 10:37 . 2008-04-14 00:11	956928 c:\windows\system32\msdtctm.dll
+ 2005-08-16 10:37 . 2008-06-12 14:23	956928 c:\windows\system32\msdtctm.dll
+ 2005-08-16 10:37 . 2008-06-12 14:23	428032 c:\windows\system32\msdtcprx.dll
+ 2005-08-16 10:18 . 2009-03-21 14:06	989696 c:\windows\system32\kernel32.dll
- 2005-08-16 10:18 . 2008-04-14 00:11	989696 c:\windows\system32\kernel32.dll
+ 2006-10-17 20:57 . 2009-02-20 18:09	268288 c:\windows\system32\iertutil.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 20:27 . 2008-12-20 23:15	383488 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 20:27 . 2009-02-20 18:09	383488 c:\windows\system32\ieapfltr.dll
+ 2005-08-16 10:18 . 2009-02-20 05:14	161792 c:\windows\system32\ieakui.dll
- 2005-08-16 10:18 . 2008-12-19 05:23	161792 c:\windows\system32\ieakui.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	230400 c:\windows\system32\ieaksie.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	230400 c:\windows\system32\ieaksie.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	153088 c:\windows\system32\ieakeng.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	153088 c:\windows\system32\ieakeng.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	133120 c:\windows\system32\extmgr.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	133120 c:\windows\system32\extmgr.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	214528 c:\windows\system32\dxtrans.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	214528 c:\windows\system32\dxtrans.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	347136 c:\windows\system32\dxtmsft.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	347136 c:\windows\system32\dxtmsft.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30	354304 c:\windows\system32\dllcache\winhttp.dll
- 2006-11-08 06:03 . 2008-12-20 23:15	233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 06:03 . 2009-02-20 18:09	233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 21:05 . 2008-12-20 23:15	105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 21:05 . 2009-02-20 18:09	105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 21:04 . 2008-12-20 23:15	102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 21:04 . 2009-02-20 18:09	102912 c:\windows\system32\dllcache\occache.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	671232 c:\windows\system32\dllcache\mstime.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	193024 c:\windows\system32\dllcache\msrating.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-10 07:33 . 2009-02-20 18:09	459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-10 07:33 . 2008-12-20 23:15	459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23	161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23	956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23	428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-05-10 07:33 . 2009-02-20 18:09	268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 12:27 . 2009-02-20 18:09	385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-10 07:33 . 2008-12-20 23:15	383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-10 07:33 . 2009-02-20 18:09	383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 12:27 . 2008-12-20 23:15	230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 12:27 . 2009-02-20 18:09	230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 12:26 . 2008-12-20 23:15	153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 12:26 . 2009-02-20 18:09	153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 12:26 . 2009-02-20 18:09	124928 c:\windows\system32\dllcache\advpack.dll
- 2006-11-07 12:26 . 2008-12-20 23:15	124928 c:\windows\system32\dllcache\advpack.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	124928 c:\windows\system32\advpack.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	124928 c:\windows\system32\advpack.dll
+ 2007-04-24 23:51 . 2009-04-16 11:03	409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-04-24 23:51 . 2009-04-16 11:03	593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-04-24 23:51 . 2009-03-12 07:55	593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-16 11:08 . 2008-12-20 23:15	826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-16 11:08 . 2008-07-09 07:38	382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-16 11:08 . 2008-07-08 13:02	231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-16 11:08 . 2008-12-20 23:15	102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-16 11:08 . 2008-12-19 05:25	634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-16 11:08 . 2008-12-20 23:15	267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-16 11:08 . 2008-12-19 05:23	161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	1160192 c:\windows\system32\urlmon.dll
- 2005-08-16 10:18 . 2008-12-20 23:15	1160192  c:\windows\system32\urlmon.dll
+ 2005-08-16 10:18 . 2008-12-20 22:14	1288192 c:\windows\system32\quartz.dll
- 2005-08-16 10:18 . 2008-05-07 05:12	1288192 c:\windows\system32\quartz.dll
+ 2005-08-16 10:18 . 2009-02-20 18:09	3595264 c:\windows\system32\mshtml.dll
+ 2006-11-08 06:03 . 2009-02-20 18:09	6066176 c:\windows\system32\ieframe.dll
- 2006-09-06 08:01 . 2007-04-17 09:28	2455488 c:\windows\system32\ieapfltr.dat
+ 2006-09-06 08:01 . 2008-07-09 14:25	2455488 c:\windows\system32\ieapfltr.dat
+ 2007-01-11 08:42 . 2009-02-20 18:09	1160192 c:\windows\system32\dllcache\urlmon.dll
- 2007-01-11 08:42 . 2008-12-20 23:15	1160192 c:\windows\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2008-05-07 05:12	1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14	1288192 c:\windows\system32\dllcache\quartz.dll
+ 2007-01-11 08:42 . 2009-02-20 18:09	3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-10 07:33 . 2009-02-20 18:09	6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-10 07:33 . 2008-07-09 14:25	2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-05-10 07:33 . 2007-04-17 09:28	2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-16 11:08 . 2008-12-20 23:15	1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-16 11:08 . 2009-01-17 06:35	3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-16 11:08 . 2008-12-20 23:15	6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-16 11:08 . 2007-04-17 09:28	2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-17 14:44 . 2009-02-06 11:08	2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-17 14:44 . 2008-08-14 09:33	2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-17 14:44 . 2009-02-06 10:32	2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-17 14:44 . 2008-08-14 09:33	2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-17 14:44 . 2009-02-08 03:02	2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-17 14:44 . 2009-02-06 11:06	2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-17 14:44 . 2008-08-14 10:09	2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-01-28 04:39 . 2009-04-06 14:57	24921544 c:\windows\system32\MRT.exe-------------------------------------------------------------------------------


----------



## kenziesmom (Apr 11, 2005)

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-02-19 07:57	1882136	----a-w	c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-11-01 321040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 241664]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
humyo.com Client.lnk - c:\program files\humyo.com Client\HrfsClient.exe [2009-4-15 1335352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-12 29744]
R4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-16 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-10 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-27 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-10 566872]
S3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2009-04-02 144696]
S3 humyo.com;humyo.com;c:\program files\humyo.com Client\hrfscore.exe [2009-04-02 2736184]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-11-10 280392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - 
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save Image To humyo.com - c:\program files\humyo.com Client\download.html
IE: Save Target To humyo.com - c:\program files\humyo.com Client\download.html
Trusted Zone: usda.gov\plants
TCP: {DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F} = 209.112.128.2 204.17.139.2
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT772431&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\extensions\{7438fe9d-8bba-4796-be7b-218aa34089ac}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\HrfsFirefoxDownloader.dll
FF - plugin: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\extensions\[email protected]\plugins\npmozax.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 22:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(964)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\hrfsnp.dll
.
Completion time: 2009-04-21 22:35http://static.techguy.org/v38/images/editor/menupop.gif
ComboFix-quarantined-files.txt 2009-04-21 06:34

Pre-Run: 54,068,400,128 bytes free
429	--- E O F ---	2009-04-16 11:09
Post-Run: 54,163,308,544 bytes free]

*Again, sending you much gratitude~~~~*


----------



## Cookiegal (Aug 27, 2003)

Would you please run another scan with GMER and post the log as I need to see if something I had you fix with ComboFix was actually fixed.


----------



## kenziesmom (Apr 11, 2005)

Hope this tells you CF worked.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-22 01:48:09
Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1784] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1784] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1784] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3068] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat B9FB5D20

AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs  DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\TDSSserv.sys

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Sorry, we have to give it another go.

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*

Then reboot and run GMER again and post that log as well.


----------



## kenziesmom (Apr 11, 2005)

Here are the 2 reports you requested.

ComboFix 09-04-23.02 - Pam 04/22/2009 18:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.211 [GMT -8:00]
Running from: c:\documents and settings\Pam\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-21 07:08 . 2009-04-21 07:08	11	----a-w	C:\AuResult.ini
2009-04-17 09:58 . 2009-04-17 10:04	--------	d-----w	c:\documents and settings\Pam\.SunDownloadManager
2009-04-16 03:55 . 2009-04-16 03:55	15392	----a-w	C:\ComboFix.com
2009-04-15 23:54 . 2009-03-06 14:22	284160	------w	c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:54 . 2009-02-09 12:10	473600	------w	c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:54 . 2009-02-09 12:10	401408	------w	c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:54 . 2009-02-06 11:11	110592	------w	c:\windows\system32\dllcache\services.exe
2009-04-15 23:54 . 2009-02-06 10:39	35328	------w	c:\windows\system32\dllcache\sc.exe
2009-04-15 23:54 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:54 . 2009-02-09 12:10	729088	------w	c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:54 . 2009-02-09 12:10	714752	------w	c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:54 . 2009-02-09 12:10	617472	------w	c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:54 . 2009-02-09 12:10	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:46 . 2008-05-03 11:55	2560	------w	c:\windows\system32\xpsp4res.dll
2009-04-15 23:46 . 2008-04-21 12:08	215552	------w	c:\windows\system32\dllcache\wordpad.exe
2009-04-15 09:36 . 2009-04-23 01:45	--------	d-----w	c:\documents and settings\Pam\humyo.store
2009-04-15 09:36 . 2009-04-15 09:36	--------	d-----w	c:\documents and settings\All Users\Application Data\humyo.com
2009-04-15 09:35 . 2009-04-02 16:38	237624	----a-w	c:\windows\system32\HrfsControlApplet.cpl
2009-04-15 09:35 . 2009-04-02 16:38	139320	----a-w	c:\windows\system32\hrfsnp.dll
2009-04-15 09:35 . 2009-04-02 16:38	144696	----a-w	c:\windows\system32\drivers\hrfsmrx.sys
2009-04-13 08:25 . 2009-04-15 09:50	--------	d-----w	c:\documents and settings\Pam\.thinupload
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\documents and settings\Pam\Application Data\Malwarebytes
2009-04-10 23:39 . 2009-04-06 23:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-10 23:39 . 2009-04-06 23:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-03 07:41 . 2009-04-03 07:45	--------	d-----w	c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-03 07:41 . 2009-04-03 07:41	--------	d-----w	c:\documents and settings\Pam\Application Data\Uniblue
2009-04-03 07:37 . 2009-04-03 07:42	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-01 11:26 . 2009-04-01 11:26	--------	d-----w	C:\GameHouse Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 06:54 . 2007-02-02 03:05	--------	d-----w	c:\documents and settings\All Users\Application Data\Google Updater
2009-04-16 10:18 . 2009-02-01 12:58	--------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 09:01 . 2009-04-16 09:01	--------	d-----w	c:\program files\Mahjong Escape - Ancient China
2009-04-16 03:49 . 2009-04-16 03:49	15392	----a-w	C:\Combo-Fix.exe.txt
2009-04-15 09:35 . 2009-04-15 09:35	--------	d-----w	c:\program files\humyo.com Client
2009-04-15 03:23 . 2007-01-27 07:14	1246	----a-w	c:\documents and settings\Pam\Application Data\wklnhst.dat
2009-04-10 23:39 . 2009-04-10 23:39	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-03 07:41 . 2009-04-03 07:41	--------	d-----w	c:\program files\Uniblue
2009-04-01 11:25 . 2008-08-30 10:08	--------	d-----w	c:\program files\RealArcade
2009-03-21 14:06 . 2009-03-21 14:06	989696	------w	c:\windows\system32\dllcache\kernel32.dll
2009-03-19 06:39 . 2009-03-11 22:08	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-19 06:38 . 2007-01-11 08:41	--------	d-----w	c:\program files\Java
2009-03-18 12:07 . 2009-03-18 12:07	--------	d-----w	c:\program files\MahjongMedley_at
2009-03-06 14:22 . 2005-08-16 10:18	284160	----a-w	c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-01-11 08:42	826368	----a-w	c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2005-08-16 10:18	826368	----a-w	c:\windows\system32\wininet.dll
2009-03-01 23:49 . 2009-03-01 23:49	--------	d-----w	c:\documents and settings\All Users\Application Data\cerasus.media
2009-03-01 23:49 . 2009-03-01 23:49	--------	d-----w	c:\documents and settings\Pam\Application Data\cerasus.media
2009-03-01 23:49 . 2009-03-01 23:47	--------	d-----w	c:\program files\Mahjongg - Ancient Mayas
2009-02-28 04:54 . 2006-10-17 21:04	636072	------w	c:\windows\system32\dllcache\iexplore.exe
2009-02-24 05:16 . 2007-01-28 08:29	--------	d-----w	c:\program files\HP
2009-02-20 10:20 . 2007-05-10 07:33	13824	------w	c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 12:26	70656	------w	c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 12:25	161792	------w	c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2005-08-16 10:18	729088	----a-w	c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 10:18	401408	----a-w	c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 10:18	714752	----a-w	c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 10:18	617472	----a-w	c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-17 14:37	1846784	------w	c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2005-08-16 10:18	1846784	----a-w	c:\windows\system32\win32k.sys
2009-02-08 03:02 . 2008-10-17 14:44	2066048	------w	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2005-08-16 10:18	110592	----a-w	c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-17 14:44	2189056	------w	c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-17 14:44	2145280	------w	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2005-08-16 10:18	2145280	----a-w	c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 10:18	35328	----a-w	c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-17 14:44	2023936	------w	c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-04 04:59	2023936	----a-w	c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59	56832	------w	c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2005-08-16 10:18	56832	----a-w	c:\windows\system32\secur32.dll
2008-09-24 03:29 . 2008-09-27 00:09	531	----a-w	c:\documents and settings\Pam\sysclean.bat
2008-09-09 02:25 . 2007-01-11 08:52	74800	-c--a-w	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-09 08:12 . 2008-08-09 08:10	127	----a-w	c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2007-02-03 04:15 . 2007-02-03 04:15	5971432	----a-w	c:\program files\Firefox Setup 2.0.0.1.exe
2007-02-01 11:56 . 2007-02-01 11:56	774144	----a-w	c:\program files\RngInterstitial.dll
2007-01-27 04:12 . 2007-01-27 04:11	126	----a-w	c:\documents and settings\Pam\Local Settings\Application Data\fusioncache.dat
2007-01-11 09:09 . 2008-08-09 08:10	72944	-c--a-w	c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-01-11 09:09 . 2007-01-27 04:11	72944	-c--a-w	c:\documents and settings\Pam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-08-17 02:52 . 2005-08-17 02:52	136	----a-w	c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-08-12 05:2007-02-02 04:38 59:08 .	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-08 23:54 . 2008-09-08 23:54	32768	--sha-w	c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-21_06.32.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-23 01:44 . 2009-04-23 01:44	16384 c:\windows\Temp\Perflib_Perfdata_f2c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-02-19 07:57	1882136	----a-w	c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-02-19 1882136]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-11-01 321040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 241664]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
humyo.com Client.lnk - c:\program files\humyo.com Client\HrfsClient.exe [2009-4-15 1335352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-12 29744]
R4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-16 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-10 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-27 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-10 566872]
S3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2009-04-02 144696]
S3 humyo.com;humyo.com;c:\program files\humyo.com Client\hrfscore.exe [2009-04-02 2736184]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-11-10 280392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - 
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save Image To humyo.com - c:\program files\humyo.com Client\download.html
IE: Save Target To humyo.com - c:\program files\humyo.com Client\download.html
Trusted Zone: usda.gov\plants
TCP: {DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F} = 209.112.128.2 204.17.139.2
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT772431&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\extensions\{7438fe9d-8bba-4796-be7b-218aa34089ac}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\HrfsFirefoxDownloader.dll
FF - plugin: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\o58fdau0.default\extensions\[email protected]\plugins\npmozax.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3432)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\hrfsnp.dll
.
Completion time: 2009-04-23 18:47
ComboFix-quarantined-files.txt 2009-04-23 02:46
ComboFix2.txt 2009-04-21 06:35

Pre-Run: 54,129,172,480 bytes free
Post-Run: 54,115,098,624 bytes free

224	--- E O F ---	2009-04-16 11:09
Logfile of HijackThis v1.99.1
Scan saved at 7:06:40 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\humyo.com Client\HrfsClient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\humyo.com Client\hrfscore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Pam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: IEHelperObject - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\humyo.com Client\HrfsDownloader.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: humyo.com Client.lnk = C:\Program Files\humyo.com Client\HrfsClient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Image To humyo.com - C:\Program Files\humyo.com Client\download.html
O8 - Extra context menu item: Save Target To humyo.com - C:\Program Files\humyo.com Client\download.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169882385892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177484547859
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F}: NameServer = 209.112.128.2 204.17.139.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo.com Client\hrfscore.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


----------



## Cookiegal (Aug 27, 2003)

That ComboFix doesn't look like you ran the script I posted in my instructions. It looks like just a regular log. Please follow the instructions to run the script I posted.


----------



## kenziesmom (Apr 11, 2005)

cookiegal-
I'm confused...  In your last post the code in the box was: Registry:
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
I copied and pasted this into a Note Pad document, saved it as CFScript.txt and then dragged the Note Pad icon into the CF icon and a scan began. When it was finished, the (blue) screen closed and a CF log popped up. I coppied this log to my post. i thought I had fllowed your instructions. Where did I go wrong?


----------



## Cookiegal (Aug 27, 2003)

Let's try a different approach.

I'm attaching a Fixmom.zip file. Save it to your desktop. Unzip it and double-click the Fixmom.reg file and allow it to merge into the registry.

Then reboot the machine and run another GMER scan and post that log please.


----------



## kenziesmom (Apr 11, 2005)

Hope this gives you the information you need.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-27 00:27:22
Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1960] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1960] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat B9E5DD20

AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\TDSSserv.sys

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Ar you comfortable editing the registry manually?


----------



## kenziesmom (Apr 11, 2005)

I don't know how to do it. Is it something you can explain here? I'm willing to give it a shot if you think I'll be able to follow the instructions.


----------



## Cookiegal (Aug 27, 2003)

First, we need to backup your registry:

Please go to *Start *- *Run *and copy and paste the following and then click OK:

*regedit /e c:\registrybackup.reg*

It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

When it no longer has the hour glass, check in your C drive to be sure you have a file called* registrybackup.reg *before continuing. If you do not see that file, please let me know before doing anything else.

Now go to *Start *- *Run *and type in *regedit *and click OK to open the registry editor.

In the left-hand pane, click on the + that you see to the left of each of the following. Doing this will open up a new branch underneath each one.

HKEY_LOCAL_MACHINE
SYSTEM
ControlSet001
Services

Under Services do you see the following in the left-hand pane in the list of services that are in alphabetical order?

*TDSSserv*

If so, right-click on it and select "Delete".

Let me know how it goes please.


----------



## kenziesmom (Apr 11, 2005)

I got the following message when I tried to delete the TDSServ folder. * Cannot delete TDSServ. Error while deleting *I tried again and I got the *Are you sure you want to delete this file* message. Then I clicked "yes" and got the first message again.


----------



## Cookiegal (Aug 27, 2003)

Right click it and choose "Permissions". Under "Group or User Names", select your user profile name as administrator (probably My Computer).

Below that under "Permissions for Administrators", by "Full Control" put a check by "Allow".

Click Apply then OK. Now right click the *TDSSserv *key and delete it.


----------



## kenziesmom (Apr 11, 2005)

I got the same messages after following your last instructions. "*Are you sure you want to delete this file message?*" I clicked "yes" and got "*Cannot delete TDSServ. Error while deleting.*" .


----------



## Cookiegal (Aug 27, 2003)

Can you please post a screenshot of what you're seeing in the registry?


----------



## kenziesmom (Apr 11, 2005)

It took me a while to fgure out how to do this. Hope it's what you want
.


----------



## Cookiegal (Aug 27, 2003)

Try logging in as Administrator in safe mode and then open the registry editor and try deleting both of these services (the second one is just below it):

*TDSSserv
TDSSserv.sys*


----------



## kenziesmom (Apr 11, 2005)

Yeah...
got the 2 files deleted in SAFE MODE, rebooted and they are gone in regular mode, too. Which of your instructions should I do next?


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log and let me know if you're still having the same probably as you were initially or any others.


----------



## kenziesmom (Apr 11, 2005)

Despite all of this work, I'm still getting the error message about *the AC Adapter cannot be determined*. And the adapter does not charge the battery. The message says to press any key to continue; so I press any key and it boots up normally. I really haven't had any other problems. I appreciate all the time you spent to help me. Here's the HJT log. I guess if the virus is gone, you can mark this "solved".

Logfile of HijackThis v1.99.1
Scan saved at 11:56:16 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\humyo.com Client\HrfsClient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\humyo.com Client\hrfscore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: IEHelperObject - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\humyo.com Client\HrfsDownloader.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: humyo.com Client.lnk = C:\Program Files\humyo.com Client\HrfsClient.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Save Image To humyo.com - C:\Program Files\humyo.com Client\download.html
O8 - Extra context menu item: Save Target To humyo.com - C:\Program Files\humyo.com Client\download.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169882385892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177484547859
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F}: NameServer = 209.112.128.2 204.17.139.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo.com Client\hrfscore.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and then type *devmgmt.msc* and click OK
On the View menu click on *Show Hidden Devices*.

1) Do you see any device listed there that has a yellow exclamation mark beside it?

2) Browse to *Non-Plug and Play Drivers *and let me know if you see anything like TDSSserv.sys (or with TDSS in it).


----------



## kenziesmom (Apr 11, 2005)

1. The device manager shows no devices with yellow exclamation marks.
2. No TDSSserv.sys (or with TDSS in it) under Non-Plug and Play Drivers.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## kenziesmom (Apr 11, 2005)

I hope this is what you need. Under System there seemed to be a pattern with errors from the same sources. (W32Time; ati2mtag) I hope it's ok that I didn't copy all 8/18 of the entries. Let me know if you need all identical copies.

* APPLICATION*
Event Type:	Error
Event Source:	PerfNet
Event Category:	None
Event ID:	2004
Date: 5/7/2009
Time: 3:27:01 PM
User: N/A
Computer:	LAPTOP
Description:
Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 34 00 00 c0 4..À

Event Type:	Error
Event Source:	PerfNet
Event Category:	None
Event ID:	2004
Date: 5/7/2009
Time: 2:23:04 AM
User: N/A
Computer:	LAPTOP
Description:
Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 34 00 00 c0 4..À

Event Type:	Error
Event Source:	PerfNet
Event Category:	None
Event ID:	2004
Date: 5/6/2009
Time: 7:28:49 PM
User: N/A
Computer:	LAPTOP
Description:
Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 34 00 00 c0 4..À

Event Type:	Error
Event Source:	PerfNet
Event Category:	None
Event ID:	2004
Date: 5/5/2009
Time: 8:51:41 PM
User: N/A
Computer:	LAPTOP
Description:
Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 34 00 00 c0 4..À

Event Type:	Error
Event Source:	Application Hang
Event Category:	None
Event ID:	1001
Date: 5/4/2009
Time: 11:51:46 PM
User: N/A
Computer:	LAPTOP
Description:
Fault bucket 1203548446.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 31 32 30 33 35 34 38 34 12035484
0010: 34 36 0d 0a 46..

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 5/4/2009
Time: 11:51:28 PM
User: N/A
Computer:	LAPTOP
Description:
Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 37 re.exe 7
0020: 2e 30 2e 36 30 30 30 2e .0.6000.
0028: 31 36 38 32 37 20 69 6e 16827 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

*SYSTEM*
Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 5/7/2009
Time: 3:28:14 PM
User: N/A
Computer:	LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 5/7/2009
Time: 3:28:14 PM
User: N/A
Computer:	LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 5/7/2009
Time: 3:28:14 PM
User: N/A
Computer:	LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 5/7/2009
Time: 3:28:14 PM
User: N/A
Computer:	LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ati2mtag
Event Category:	DAL 
Event ID:	43015
Date: 5/7/2009
Time: 3:26:45 PM
User: N/A
Computer:	LAPTOP
Description:
I2c return failed
Data:
0000: 00 00 00 00 01 00 5a 00 ......Z.
0008: 2a 00 00 00 07 a8 00 c0 *....¨.À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 .......

THERE ARE 18 IDENTICAL ERRORS OF ABPVE DATA/ SOURCE: ati2mtag

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 5/7/2009
Time: 4:09:18 AM
User: N/A
Computer:	LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 119 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 5/7/2009
Time: 4:09:18 AM
User: N/A
Computer:	LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 5/7/2009
Time: 2:39:18 AM
User: N/A
Computer:	LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 5/7/2009
Time: 2:39:18 AM
User: N/A
Computer:	LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 5/7/2009
Time: 2:24:18 AM
User: N/A
Computer:	LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
THERE ARE 4 IDENTICAL ENTRIES LIKE THE ABOVE DATA/ SOURCE: W32Tine

Event Type:	Error
Event Source:	ati2mtag
Event Category:	DAL 
Event ID:	43015
Date: 5/7/2009
Time: 2:22:46 AM
User: N/A
Computer:	LAPTOP
Description:
I2c return failed
Data:
0000: 00 00 00 00 01 00 5a 00 ......Z.
0008: 2a 00 00 00 07 a8 00 c0 *....¨.À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
THERE ARE 18 IDENTICAL ENTRIES LIKE DATA ABOVE/ SOURCE: ati2mtag
\Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:21:40 AM
User: NT AUTHORITY\SYSTEM
Computer:	LAPTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:08:56 AM
User: LAPTOP\Administrator
Computer:	LAPTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:08:55 AM
User: LAPTOP\Administrator
Computer:	LAPTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:08:46 AM
User: LAPTOP\Administrator
Computer:	LAPTOP
Description:
DCOM got error "The dependency service or group failed to start. " attempting to start the service humyo.com with arguments "" in order to run the server:
{0D7F0A0F-4093-4397-A63E-1343A1646136}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:08:41 AM
User: LAPTOP\Administrator
Computer:	LAPTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 5/7/2009
Time: 2:07:45 AM
User: N/A
Computer:	LAPTOP
Description:
The following boot-start or system-start driver(s) failed to load: 
AFD
AmdK8
APPDRV
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
tmtdi

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
THERE ARE 8 IDENTICAL ENTRIES LIKE THE ABOVE DATA/ SOURCE: Service Control

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:07:19 AM
User: NT AUTHORITY\SYSTEM
Computer:	LAPTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 5/7/2009
Time: 2:07:17 AM
User: LAPTOP\Administrator
Computer:	LAPTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

No, that's fine.

Download *OTScanIt2.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt2* on your desktop.

Close any open browsers.
Open the *OTScanit2* folder and double-click on *OTScanit2.exe* to start the program.
If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
In the *Processes * group click *ALL* 
In the * Services * group click *Safe List* 
In the *Drivers* group click *Safe List* 
In the *Registry * group click *ALL*
In the *Rootkit Search* group select *YES* 
In the *Files Age* drop down box click *60 days* 
Make sure *Use White List *and *Include All Unicode Names *boxes are checked
 In the Files Created and Files Modified groups select *Whitelist/File age *
in the *Additional scans sections* please press select * Everything *and make sure Safe List box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Use the * Reply* button and *attach the notepad file here*. I will review it when it comes in. 

It will be much too big so you will need to zip the file before it will be able to be uploaded.


----------



## kenziesmom (Apr 11, 2005)

I tried to run the scan 4 times and each time it froze up after only about 15 seconds of scanning. I tried it both with and without my Real time virus protection running. I sent error reports each time. I'm beginning to wonder if my computer is beyond hope!! I followed your instructions carefully, I wouldn't blame you if you "threw in the towel" on this one...I'm about ready to throw this thing OUT THE WINDOW!!


----------



## Cookiegal (Aug 27, 2003)

Try running the scan in safe mode and see if that works.


----------



## kenziesmom (Apr 11, 2005)

Hope I did this right


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Unregister Dlls]
[Processes - All]
YN -> ~EmptyValue -> %SystemRoot%\System32\hidserv.dll [HidServ]
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: SearchURL\w\\"" -> http://windowsisearch.com/search?q=%s
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Google Desktop Search" -> ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup]
YN -> "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k]
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2729623650-483480115-1234546758-1006\] > -> HKEY_USERS\S-1-5-21-2729623650-483480115-1234546758-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 4 domain(s) and sub-domain(s) not assigned to a zone. -> 
[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.]
[Files/Folders - Created Within 60 Days]
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 60 Days]
NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 27 C:\Documents and Settings\Pam\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Pam\Local Settings\Temp\*.tmp
NY -> 27 C:\Documents and Settings\Pam\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Pam\Local Settings\Temp\*.tmp
NY -> ErrorSmart Scheduled Scan.job -> %SystemRoot%\tasks\ErrorSmart Scheduled Scan.job
NY -> bgroykfc.dll -> %UserProfile%\Local Settings\Temp\bgroykfc.dll
[File - Lop Check]
NY -> ErrorSmart -> C:\Documents and Settings\Pam\Application Data\ErrorSmart
[CatchMe Rootkit Scan by GMER]
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887 102 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:40E5AD89 107 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:4A9220C3 104 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:751C6A80 128 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:AF0F33E9 104 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D 102 bytes -> 
[Alternate Data Streams]
NY -> @Alternate Data Stream - 102 bytes -> %AllUsersProfile%\Application Data\TEMP:211ED887
NY -> @Alternate Data Stream - 102 bytes -> %AllUsersProfile%\Application Data\TEMP:DA18FD1D
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:4A9220C3
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:AF0F33E9
NY -> @Alternate Data Stream - 107 bytes -> %AllUsersProfile%\Application Data\TEMP:40E5AD89
NY -> @Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:751C6A80
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```
Also, please do this:

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.

Can you tell me what this zipped file is on your desktop?

*lpt976.zip*


----------



## kenziesmom (Apr 11, 2005)

lpt976.zip is a file from TrendMicro. This is what the text says:

"Trend Micro
New Virus Pattern Release
-----------------------------------------------------------------------------

Pattern Version: 5.976.05
Release Type: Control Release
Notes:

April 20, 2009, 02:35:33 (GMT - 08:00)"
Then there is a long list of viruses.

Here is the OTScan log
Process Explorer.EXE killed successfully!
[Processes - All]
No active process named ~EmptyValue was found!
[Registry - All]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL\w\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Desktop Search deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winnt32.exe\ deleted successfully.
[Files/Folders - Created Within 60 Days]
[Files/Folders - Modified Within 60 Days]
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temp\~DFAB97.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temp\~DFAB97.tmp scheduled to be deleted on reboot.
C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job moved successfully.
File C:\Documents and Settings\Pam\Local Settings\Temp\bgroykfc.dll not found!
[File - Lop Check]
C:\Documents and Settings\Pam\Application Data\ErrorSmart\Registry Backups folder moved successfully.
C:\Documents and Settings\Pam\Application Data\ErrorSmart\Log folder moved successfully.
C:\Documents and Settings\Pam\Application Data\ErrorSmart folder moved successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:211ED887 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPA18FD1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A9220C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF0F33E9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40E5AD89 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:751C6A80 deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_418.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temp\~DFAB97.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\VCW2B7NG\newreply[4].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f18.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.14.0 fix logfile created on 05112009_002603

Files moved on Reboot...
C:\Documents and Settings\Pam\Local Settings\Temp\~DFAB97.tmp moved successfully.
File C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_418.dat not found!
File C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_d0.dat not found!
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\VCW2B7NG\newreply[4].htm moved successfully.
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_f18.dat not found!

Registry entries deleted on Reboot...

new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 1:03:44 AM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\humyo.com Client\HrfsClient.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\humyo.com Client\hrfscore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070111
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: IEHelperObject - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\humyo.com Client\HrfsDownloader.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: humyo.com Client.lnk = C:\Program Files\humyo.com Client\HrfsClient.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Save Image To humyo.com - C:\Program Files\humyo.com Client\download.html
O8 - Extra context menu item: Save Target To humyo.com - C:\Program Files\humyo.com Client\download.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169882385892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177484547859
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mahjongescapeancientjapan/SpinTopGamesLauncher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE13F32C-EECC-4FF4-A5D4-D55C29C1F60F}: NameServer = 209.112.128.2 204.17.139.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo.com Client\hrfscore.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Processlist.txtProcess list saved on 1:09:06 AM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)

[pid]	[full path to filename] [file version]	[company name]
1216	C:\WINDOWS\System32\smss.exe 5.1.2600.5512	Microsoft Corporation
1292	C:\WINDOWS\system32\winlogon.exe 5.1.2600.5512	Microsoft Corporation
1336	C:\WINDOWS\system32\services.exe 5.1.2600.5755	Microsoft Corporation
1348	C:\WINDOWS\system32\lsass.exe 5.1.2600.5512	Microsoft Corporation
1572	C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4149	ATI Technologies Inc.
1592	C:\WINDOWS\system32\svchost.exe 5.1.2600.5512	Microsoft Corporation
1884	C:\WINDOWS\System32\svchost.exe 5.1.2600.5512	Microsoft Corporation
568	C:\WINDOWS\System32\WLTRYSVC.EXE 
600	C:\WINDOWS\System32\bcmwltry.exe 4.10.47.3	Dell Inc.
668	C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4149	ATI Technologies Inc.
820	C:\WINDOWS\system32\spoolsv.exe 5.1.2600.5512	Microsoft Corporation
660	C:\WINDOWS\Explorer.EXE 6.0.2900.5512	Microsoft Corporation
1180	C:\WINDOWS\notepad.exe 5.1.2600.5512	Microsoft Corporation
1816	C:\WINDOWS\ehome\ehtray.exe 5.1.2715.2765	Microsoft Corporation
1824	C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 8.2.4.6	Synaptics, Inc.
1836	C:\Program Files\Dell\QuickSet\quickset.exe 7.1.13.0	Dell Inc
1848	C:\WINDOWS\system32\WLTRAY.exe 4.10.47.3	Dell Inc.
1872	C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe 3.0.0.0	CyberLink Corp.
1908	C:\WINDOWS\System32\DLA\DLACTRLW.EXE 5.20.8.0	Sonic Solutions
1996	C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 3.10.100.1155	InstallShield Software Corporation
200	C:\Program Files\HP\hpcoretech\hpcmpmgr.exe 2.1.1.0	Hewlett-Packard Company
196	C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe 3.2.0.12228	Adobe Systems Incorporated
188	C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE 1.11.0.0	ATI Technologies Inc.
228	C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe 14.60.0.1195	Trend Micro Inc.
304	C:\WINDOWS\stsystra.exe 1.0.5143.0	SigmaTel, Inc.
336	C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.1.45	RealNetworks, Inc.
364	C:\Program Files\Java\jre6\bin\jusched.exe 6.0.120.4	Sun Microsystems, Inc.
376	C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2.0.301.1654	Google Inc.
444	C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe 3.53.0.1042	Trend Micro Inc.
472	C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512	Microsoft Corporation
764	C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5.31.0.147	Hewlett-Packard Co.
996	C:\Program Files\humyo.com Client\HrfsClient.exe 2.0.6.0	humyo.com Ltd.
112	C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe 2.1.5.0	Hewlett-Packard Company
3432	C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1.14.0.0	Apple, Inc.
3456	C:\WINDOWS\eHome\ehRecvr.exe 5.1.2715.3011	Microsoft Corporation
3468	C:\WINDOWS\eHome\ehSched.exe 5.1.2710.2732	Microsoft Corporation
3580	C:\Program Files\Java\jre6\bin\jqs.exe 6.0.120.4	Sun Microsystems, Inc.
3724	C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.0.9466.0	Microsoft Corporation
3840	C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe 7.0.7.0	Dell Inc.
276	C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe 14.60.0.1206	Trend Micro Inc.
1392	C:\WINDOWS\system32\svchost.exe 5.1.2600.5512	Microsoft Corporation
2200	C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe 14.60.0.1198	Trend Micro Inc.
340	C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe 2.6.0.1050	Trend Micro Inc.
2276	C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe 2.1.0.1050	Trend Micro Inc.
3956	C:\Program Files\humyo.com Client\hrfscore.exe 2.0.6.0	humyo.com Ltd.
2740	C:\WINDOWS\system32\dllhost.exe 5.1.2600.5512	Microsoft Corporation
2900	C:\WINDOWS\eHome\ehmsas.exe 5.1.2710.2732	Microsoft Corporation
424	C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 1.11.0.0	ATI Technologies Inc.
3084	C:\Program Files\Outlook Express\msimn.exe 6.0.2900.5512	Microsoft Corporation
404	C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OE.exe 3.53.0.1042	Trend Micro Inc.
1584	C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001	Microsoft Corporation
528	C:\Program Files\Internet Explorer\IEXPLORE.EXE 7.0.6000.16827	Microsoft Corporation
968	C:\WINDOWS\system32\NOTEPAD.EXE 5.1.2600.5512	Microsoft Corporation
3668	C:\Documents and Settings\Pam\Desktop\HijackThis.exe 1.99.0.1	Soeperman Enterprises Ltd.


----------



## Cookiegal (Aug 27, 2003)

That's a processess log and not the one I asked for. What I would like to see is the uninstall list.


----------



## kenziesmom (Apr 11, 2005)

Sorry about that!

Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
AMD Processor Driver
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Support 3.2.1
Dell Wireless WLAN Card
DellConnect
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
ebgcInfra
ebgcRes
ebgcRes
ebgcSDK
ebgcSDK
EducateU
ESPNMotion
Foxit Reader
FoxyTunes for Firefox
GameHouse
Games, Music, & Photos Launcher
Get High Speed Internet!
getPlus(R)
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo & Imaging 3.1
HP Photosmart Cameras 6.0
HP Print Diagnostic Utility
HP PSC & OfficeJet 3.0
HP Software Update
HP Unload DLL Patch
humyo.com Client
ieSpell
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Jigsaw Deluxe
Learn2 Player (Uninstall Only)
Mahjong Escape - Ancient China
Mahjong Escape - Ancient Japan
Mahjong Medley Free Trial
Mahjongg - Ancient Mayas
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Modem Helper
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Free Mahjong
MyDSC2
MyPlayCity Toolbar
NetWaiting
NetZeroInstallers
Otto
overland
Picasa 2
Play Mahjong Forever
PowerDVD 5.7
QuickSet
QuickTime
RealArcade
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samantha Swift and the Hidden Roses of Athena
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sharpcast Photos
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Super Mahjong
Synaptics Pointing Device Driver
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove Programs and remove these:

*J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player*

Read here about MyPlayCity Toolbar and then decide if you still want to keep it. If not, uninstall it the same way as above:

http://www.systemlookup.com/CLSID/52997-tbMyPl_dll_tbMyP0_dll_tbMyP1_dll.html

Why are you still running such an older version of Ad-Aware? I would uninstall that as well.

Now, go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## kenziesmom (Apr 11, 2005)

I am still getting the *"AC adapter cannot be determined" *message when I boot up. Occasionally it doesn't come up; but mostly it does. And the adapter is still not charging the battery. I have a feeling the only way to fix this problem is a new adapter (which I can't afford now). Other than not being able to use my battery, it is working ok. If I had a virus, all those things you had me do must have gotten rid of it. All of my TrendMicro scans have been clean. I guess you can close out this thread. I greatly appreciate all of your time and expertise. Thank you so much!.


----------



## Cookiegal (Aug 27, 2003)

There definitely was a lot of infection but it appears this problem is not related.

Is there any change the computer is still under warranty?

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.


----------



## kenziesmom (Apr 11, 2005)

My computer is not still under warranty. Thanks for the final instructions.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

