# Proxy keeps getting checked



## phosphoros (Jun 20, 2011)

I have been having trouble getting on the internet and discovered that in the internet options under connections (LAN settings) somehow the use proxy server box keeps getting checked. I have never had any of the boxes checked in this area. I unchecked the proxy server box and I can access the internet, I shut down my computer and the next day it's checked again. Also while I'm surfing the web, it will sometimes (unlikely) check the box again. What is causing this? 

I'm on a Windows 7.


----------



## phosphoros (Jun 20, 2011)

Also, when I uncheck the box, I exit out, but i go check again because my internet starts acting up and it might be checked and it also has 80 in the port number box. I just want it to stop.


----------



## Couriant (Mar 26, 2002)

Do you have any internet Security programs? If not then you may have a virus/malware that keeps changing it. In that case you would want to get this thread in the malware forum.


----------



## phosphoros (Jun 20, 2011)

I do in fact have Webroot AntiVirus with SpySweeper. Scanned all the time and nothing.


----------



## Couriant (Mar 26, 2002)

well it could be the antivirus program changing it... i have seen that done before... just to confirm, is this a work machine, or personal?


----------



## phosphoros (Jun 20, 2011)

Its a personal.


----------



## Couriant (Mar 26, 2002)

OK, i have asked to get this to malware forums just in case because it may be something that your webroot is not seeing.


----------



## phosphoros (Jun 20, 2011)

Now do I move it or, will you? I'm not really clear.


----------



## Couriant (Mar 26, 2002)

i have done it


----------



## Cookiegal (Aug 27, 2003)

Please go * here* to download *HijackThis*.

To the right of the green arrow under *HijackThis downloads* click on the *Executable *button and download the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*


----------



## phosphoros (Jun 20, 2011)

Ok, here it is.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:33 AM, on 7/8/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\HideIPEasy\HideIPEasy.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBXCATS] "rundll32" C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [LWS] "C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" -hide
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Hide IP Easy] "C:\Program Files\HideIPEasy\HideIPEasy.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Stewart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxbx_device - - C:\Windows\system32\lxbxcoms.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

--
End of file - 9304 bytes


----------



## phosphoros (Jun 20, 2011)

sorry for the slow reply


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## phosphoros (Jun 20, 2011)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7050

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/8/2011 3:47:17 PM
mbam-log-2011-07-08 (15-47-17).txt

Scan type: Quick scan
Objects scanned: 156911
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## phosphoros (Jun 20, 2011)

This is the correct one! When i restarted, I couldn't find the log, just found it.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7050

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/8/2011 3:25:18 PM
mbam-log-2011-07-08 (15-25-18).txt

Scan type: Quick scan
Objects scanned: 157227
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Stewart\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## phosphoros (Jun 20, 2011)

.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Stewart at 19:19:42 on 2011-07-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1913 [GMT -7:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxbxcoms.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Logitech\LWS\LU\LULnchr.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Hide IP Easy] c:\program files\hideipeasy\HideIPEasy.exe
mRun: [lxbxmon.exe] "c:\program files\lexmark 7100 series\lxbxmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7100 series\ezprint.exe"
mRun: [LXBXCATS] "rundll32" c:\windows\system32\spool\drivers\w32x86\3\LXBXtime.dll,[email protected]
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [LWS] "c:\program files\logitech\lws\webcam software\LWS.exe" -hide
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /install /silent
mRunOnce: [*WerKernelReporting] "%SYSTEMROOT%\SYSTEM32\WerFault.exe" -k -rq
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to iPhone Converter - c:\users\stewart\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoiphoneconverter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DDFBE5A6-16A1-4091-8080-15F1A10CDDA4} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: WRNotifier - WRLogonNTF.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stewart\appdata\roaming\mozilla\firefox\profiles\cwny2nwj.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\stewart\appdata\roaming\mozilla\firefox\profiles\cwny2nwj.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\stewart\appdata\roaming\mozilla\firefox\profiles\cwny2nwj.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-6-7 1775432]
R2 SSFMONM;SSFMONM;c:\windows\system32\drivers\ssfmonm.sys [2011-1-24 47120]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-7 341832]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-31 428640]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-1-24 3900032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-5-19 3276136]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-3-31 20448]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-24 15872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-07-08 22:11:36 -------- d-----w- c:\users\stewart\appdata\roaming\Malwarebytes
2011-07-08 22:11:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-08 22:11:21 -------- d-----w- c:\programdata\Malwarebytes
2011-07-08 22:11:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-08 22:11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-08 17:24:47 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a469c33f-8535-4f5b-b384-92781e131e3e}\mpengine.dll
2011-07-08 17:17:50 388096 ----a-r- c:\users\stewart\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-08 02:22:45 -------- d-----w- c:\program files\Trend Micro
2011-07-01 17:57:02 -------- d-----w- c:\programdata\Splashtop
2011-07-01 17:56:33 -------- d-----w- c:\program files\Splashtop
2011-06-28 20:25:04 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 20:24:46 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 20:24:46 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 20:24:45 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 20:24:45 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 20:24:45 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 20:24:44 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 20:24:44 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 20:24:44 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 20:24:44 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 05:51:22 -------- d-----w- c:\users\stewart\appdata\local\{7FED0760-B492-44D6-AE05-6591BF0E0AE3}
2011-06-27 17:05:58 -------- d-----w- c:\users\stewart\appdata\local\{7ED14B6E-7B71-4853-8418-0D9095A8B29A}
2011-06-25 17:37:30 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 17:37:30 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-24 23:49:43 -------- d-----w- c:\users\stewart\appdata\local\Rockstar Games
2011-06-24 20:40:47 -------- d-----w- c:\users\stewart\appdata\local\LogMeIn Hamachi
2011-06-24 20:39:09 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-24 19:39:05 -------- d-----w- c:\program files\Microsoft XNA
2011-06-24 07:46:39 -------- d-----w- c:\users\stewart\appdata\roaming\DVDVideoSoftIEHelpers
2011-06-24 07:46:11 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-06-24 07:46:10 -------- d-----w- c:\program files\DVDVideoSoft
2011-06-20 02:35:13 -------- d-----w- c:\users\stewart\appdata\roaming\AVG
2011-06-20 02:13:56 -------- d-----w- c:\program files\AVG
2011-06-20 01:56:50 -------- d-----w- c:\users\stewart\appdata\roaming\AVG10
2011-06-20 01:55:35 -------- d--h--w- c:\programdata\Common Files
2011-06-20 01:53:10 -------- d-----w- c:\programdata\AVG10
2011-06-20 01:48:42 -------- d-----w- c:\programdata\MFAData
2011-06-19 21:49:24 -------- d-----w- c:\program files\Bethesda Softworks
2011-06-19 21:48:11 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-06-19 21:48:10 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-06-19 21:48:10 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-06-19 21:48:10 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-06-19 21:48:10 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-06-19 21:48:10 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-06-19 21:48:09 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-06-19 21:48:09 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-06-19 21:48:06 -------- d-----w- c:\users\stewart\appdata\local\Oblivion
2011-06-14 20:04:25 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-14 20:04:25 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-14 20:04:25 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-14 20:04:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-14 20:04:22 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 20:04:16 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 20:03:44 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 20:02:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 20:02:41 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 20:02:41 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 04:14:08 -------- d-----w- c:\users\stewart\appdata\roaming\VBA-M
2011-06-11 17:18:45 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-06-25 17:38:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 04:37:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 22:08:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-20 09:43:42 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 09:09:20 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 09:09:06 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 09:07:04 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 09:05:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 09:04:38 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 09:04:08 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 09:02:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 09:02:44 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 09:02:32 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 09:02:24 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 09:02:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 08:59:22 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 08:46:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 08:46:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 08:42:06 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 08:40:16 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 08:38:06 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 08:30:38 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 08:27:00 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 08:23:06 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 08:22:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 08:22:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 08:22:10 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 08:21:40 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 08:21:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 08:21:02 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-20 08:20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 08:13:30 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 08:13:30 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-19 01:05:08 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-04-19 01:05:06 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-04-19 01:05:04 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
.
============= FINISH: 19:22:06.68 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2010 9:00:29 PM
System Uptime: 7/8/2011 7:16:59 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA3
Processor: AMD Phenom(tm) 8400 Triple-Core Processor | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 587 GiB total, 262.218 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.26 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP240: 6/24/2011 8:00:14 PM - Windows Update
RP241: 6/28/2011 8:00:12 PM - Windows Update
RP242: 6/28/2011 8:24:39 PM - Windows Update
RP243: 6/29/2011 6:07:34 PM - Removed AVG 2011
RP244: 6/29/2011 6:09:33 PM - Removed AVG 2011
RP245: 7/1/2011 10:55:50 AM - Installed Splashtop Remote
RP246: 7/5/2011 6:42:37 AM - Windows Update
RP247: 7/7/2011 7:13:46 PM - Windows Update
RP248: 7/8/2011 10:17:27 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.3.13 (Unicode)
AVG PC Tuneup 2011 10.0.0.24
AVS Update Manager 1.0
AVS Video Converter 7
BitTorrent
BitTorrentBar Toolbar
Bonjour
CameraHelperMsi
Conduit Engine 
D3DX10
erLT
FLV Player
Fraps (remove only)
Free YouTube to iPhone Converter version 2.10.35.602
Garry's Mod
HiJackThis
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Left 4 Dead 2
Lexmark 7100 Series
Logitech Vid HD
Logitech Webcam Software
LogMeIn Hamachi
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliType Pro 8.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.5.5
NVIDIA Drivers
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.0
Soft Data Fax Modem with SmartCP
Splashtop Remote
StarCraft II
Steam
System Requirements Lab
System Requirements Lab CYRI
Terraria
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
VLC media player 1.1.5
Webroot Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 3 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
7/8/2011 7:17:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x00007990, 0xa35bfa6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070811-20233-01.
7/5/2011 7:07:30 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer HARLEY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{79A6FCE3-AEF7-4E1D-ACA6-62C5C45C. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

the GMER shuts down my computer when i press scan.


----------



## Cookiegal (Aug 27, 2003)

Uninstall these two items via the Control Panel - Add or Remove Programs:

Ask Toolbar
Conduit Engine

In order to run the following program, you will have to uninstall AVG as there is a compatibility issue. Please uninstall it and then run the AVG removal tool that you will find at the following link:

http://www.avg.com/us-en/utilities

After that, reboot the machine and install another free anti-virus program, such as Avira Antivir:

http://www.avira.com/en/avira-free-antivirus

Once you've done that:

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------

