Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe CPU hog, browser redirect, IE out of control


  • This topic is locked This topic is locked
43 replies to this topic

#1 Hooverjo

Hooverjo

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 04 December 2011 - 07:15 AM

Hi,

I, too, have ping.exe popping up from time to time on Task Manager, chewing up CPU. In addiiton, iexplore.exe runs from time to time without my control. Finally, I have the "find answers fast" browser redirect thingie that affects Firefox.

I tried to run DDS, but it hung up after 5-6 minutes. It took me 4 tries to get GMER to finish, producing BSODs on the first 3 tries.

Attached Files

  • Attached File  ark.txt   67.19KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 07 December 2011 - 10:59 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 08 December 2011 - 06:58 AM

Gringo,

Thanks for your help. I am running unhide.exe now and will generate OTL logs tonight. Do you need me to cut and paste the GMER log, which was attached to the OP?

I am in no rush, as this is a back-up laptop.

John

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 08 December 2011 - 09:53 AM

no just send me the OTL report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 09 December 2011 - 05:49 AM

Gringo:

I tried unsuccessfully to run OTL several times. Either the program hung up or I got a BSOD. I noticed that several Online Armor programs were chewing up CPU in Task Manager. I had used OA to block outgoing applications (ping.exe and iexplore.exe), and that seemed to stop them from running and/or using a lot of CPU.

So, I disabled my wireless internet connection and shut down Online Armor. I ran OTL and it finished. I will try the same procedure with DDS, if you would like.


OTL logfile created on: 12/9/2011 5:31:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\John Hoover\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.43 Mb Total Physical Memory | 471.53 Mb Available Physical Memory | 46.07% Memory free
1.39 Gb Paging File | 1.02 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): C:\pagefile.sys 500 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.39 Gb Total Space | 8.34 Gb Free Space | 15.33% Space Free | Partition Type: NTFS
Drive I: | 1.47 Gb Total Space | 1.38 Gb Free Space | 93.50% Space Free | Partition Type: NTFS

Computer Name: DAD | User Name: John Hoover | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John Hoover\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - C:\Documents and Settings\John Hoover\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Dell V715w\ezprint.exe ()
PRC - C:\Program Files\Dell V715w\dleemon.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\WINDOWS\SYSTEM32\dleecoms.exe ( )
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
PRC - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe (Christian Diefer)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe (HP)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\Common Files\Akamai\netsession_win_d768ebc.dll ()
MOD - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Webroot\Washer\sqlite3.dll ()
MOD - C:\Program Files\Dell V715w\ezprint.exe ()
MOD - C:\Program Files\Dell V715w\dleemon.exe ()
MOD - C:\Program Files\Dell V715w\dleedrs.dll ()
MOD - C:\Program Files\Dell V715w\dleescw.dll ()
MOD - C:\Program Files\Dell V715w\DLEEcfg.dll ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\dleedrpp.dll ()
MOD - C:\WINDOWS\SYSTEM32\Primomonnt.dll ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dleedatr.dll ()
MOD - C:\Program Files\Dell V715w\iptk.dll ()
MOD - C:\Program Files\Dell V715w\epoemdll.dll ()
MOD - C:\Program Files\Dell V715w\epstring.dll ()
MOD - C:\Program Files\Dell V715w\epwizres.dll ()
MOD - C:\Program Files\Dell V715w\epwizard.dll ()
MOD - C:\Program Files\Dell V715w\customui.dll ()
MOD - C:\Program Files\Dell V715w\epfunct.dll ()
MOD - C:\Program Files\Dell V715w\eputil.dll ()
MOD - C:\Program Files\Dell V715w\imagutil.dll ()
MOD - C:\Program Files\Dell V715w\dleecaps.dll ()
MOD - C:\Program Files\Dell V715w\dleecnv4.dll ()
MOD - C:\Program Files\Dell V715w\dleeptp.dll ()
MOD - C:\WINDOWS\SYSTEM32\DLEEsmr.dll ()
MOD - C:\WINDOWS\SYSTEM32\DLEEsm.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\SYSTEM32\bcm1xsup.dll ()


========== Win32 Services (SafeList) ==========

SRV - (V2i Protector) -- File not found
SRV - (RegService) -- File not found
SRV - (MDM) -- File not found
SRV - (Avg7UpdSvc) -- File not found
SRV - (Avg7Alrt) -- File not found
SRV - (ATI Smart) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_d768ebc.dll ()
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\OAcat.exe (Emsi Software GmbH)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (dlee_device) -- C:\WINDOWS\System32\dleecoms.exe ( )
SRV - (dleeCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe ()
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (DMSVC) -- C:\Program Files\Microsoft Windows Feedback Panel\DMSVCAPP.exe (Microsoft)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (oahlpXX) -- C:\WINDOWS\SYSTEM32\DRIVERS\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\SYSTEM32\DRIVERS\OAnet.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys ()
DRV - (OAmon) -- C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys (Emsisoft)
DRV - (fssfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (NTPASp50) -- C:\WINDOWS\SYSTEM32\DRIVERS\NtpaSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS (Avanquest Software)
DRV - (NwlnkIpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmbo.sys (Nokia)
DRV - (AR5211) -- C:\WINDOWS\SYSTEM32\DRIVERS\ar5211.sys (WildPackets, Inc. and Atheros Communications, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (PAC7302) -- C:\WINDOWS\SYSTEM32\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (PAC7311) -- C:\WINDOWS\SYSTEM32\DRIVERS\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (fanio) -- C:\WINDOWS\SYSTEM32\DRIVERS\fanio.sys (Christian Diefer)
DRV - (giveio) -- C:\WINDOWS\SYSTEM32\giveio.sys ()
DRV - (Avg7Core) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (BCM43XX) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS (Broadcom Corporation)
DRV - (ZSMC301b) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbVM31b.sys (VM)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (PRISM_A02) -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\LCCFLTR.SYS (Logitech, Inc.)
DRV - (cur_serd) Curitel Packet Service Diagnostic Serial Port (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\cur_serd.sys (MCCI)
DRV - (cur_mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\cur_mdm.sys (MCCI)
DRV - (cur_mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\cur_mdfl.sys (MCCI)
DRV - (cur_bus) Curitel USB Composite Device driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\cur_bus.sys (MCCI)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (SaiNtHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtHid.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiMini.sys (Saitek)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS (Microsoft Corporation)
DRV - (cs429x) -- C:\WINDOWS\SYSTEM32\DRIVERS\cwawdm.sys (Cirrus Logic, Inc.)
DRV - (SaiClass) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtBus.sys (Saitek)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys (Logitech Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\el90Xbc5.SYS (3Com Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (pelusblf) -- C:\WINDOWS\SYSTEM32\DRIVERS\pelusblf.sys (Primax Electronics Ltd.)
DRV - (FA411) -- C:\WINDOWS\SYSTEM32\DRIVERS\FA411ND5.sys (NETGEAR Inc. )
DRV - (KMW_SYS) -- C:\WINDOWS\SYSTEM32\DRIVERS\KMW_SYS.sys (Kensington Technology Group)
DRV - (KID_USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\KID_USB.sys (Kensington Technology Group)
DRV - (SS1012) -- C:\WINDOWS\SYSTEM32\DRIVERS\SS1012.sys (Siemens.)
DRV - (CBEN5) -- C:\WINDOWS\SYSTEM32\DRIVERS\cben5.sys (Xircom, Inc.)
DRV - (IFCUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\IFCUSB.SYS (InFocus)
DRV - (pelmouse) -- C:\WINDOWS\SYSTEM32\DRIVERS\PELMOUSE.SYS (Primax Electronics Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3007394
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http:/www.yahoo.com"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/20 16:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 17:00:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/18 19:30:00 | 000,000,000 | ---D | M]

[2011/08/07 06:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Hoover\Application Data\Mozilla\Extensions
[2011/11/22 07:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Hoover\Application Data\Mozilla\Firefox\Profiles\a5fvl2go.default\extensions
[2011/10/17 08:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/26 21:42:23 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\DOCUMENTS AND SETTINGS\JOHN HOOVER\APPLICATION DATA\COMETNETWORK\COMETBIRD\PROFILES\SOSXZQ7Q.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360}
[2011/10/11 18:55:38 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2011/10/11 18:55:38 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2011/10/11 18:55:38 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2011/10/11 18:55:38 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\BOOKMARKS@COMETMARKS.COM
[2011/10/11 18:55:38 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE
[2011/11/22 17:00:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2009/04/01 07:35:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2002/09/27 07:59:00 | 000,090,112 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NpPopup.dll
[2008/09/08 17:00:16 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/22 17:00:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: AmericanGreetings.com Popup Plugin 1.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\John Hoover\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2004/06/12 05:00:44 | 000,000,848 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dleemon.exe] C:\Program Files\Dell V715w\dleemon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V715w\ezprint.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [ObihaiMiddleWare] C:\Program Files\OBIHAI\mware.exe File not found
O4 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Hoover\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006..\Run: [Dropbox] C:\Documents and Settings\John Hoover\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe (Christian Diefer)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\John Hoover\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\John Hoover\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4255007780-661718839-1719313649-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9%5

#6 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 09 December 2011 - 06:31 AM

By following the same procedure, I was able to run DDS and generated two text files. Please advise if you want me to post them.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 09 December 2011 - 07:58 AM

yes please post them as the OTL report is not complete



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 09 December 2011 - 08:18 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by John Hoover at 6:19:13.44 on Fri 12/09/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.554 [GMT -5:00]

AV: AVG Anti-Virus 7.1.410 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\dleecoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Dell V715w\dleemon.exe
C:\Program Files\Dell V715w\ezprint.exe
C:\Documents and Settings\John Hoover\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Documents and Settings\John Hoover\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\John Hoover\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\John Hoover\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.att.net
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {52706ef7-d7a2-49ad-a615-e903858cf284} - X1IEHook Class
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {257079CA-2FFD-4C92-A1B5-3AE466ECEF22} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Dropbox] c:\documents and settings\john hoover\application data\dropbox\bin\Dropbox.exe
uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [Akamai NetSession Interface] c:\documents and settings\john hoover\local settings\application data\akamai\netsession_win.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [ObihaiMiddleWare] c:\program files\obihai\mware.exe
mRun: [dleemon.exe] "c:\program files\dell v715w\dleemon.exe"
mRun: [EzPrint] "c:\program files\dell v715w\ezprint.exe"
StartupFolder: c:\docume~1\johnho~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\john hoover\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: Add to Google Photos Screensa&ver
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: adobe.com\www
Trusted Zone: adultfriendfinder.com\www
Trusted Zone: americanexpress.com\www68
Trusted Zone: bluemountain.com\www
Trusted Zone: capitalone.com\www
Trusted Zone: dell.com\finance
Trusted Zone: ebay.com\cgi
Trusted Zone: ebay.com\search
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\www
Trusted Zone: yahoo.com
Trusted Zone: yahoo.com\*.mail
Trusted Zone: yahoo.com\mail
Trusted Zone: yahoo.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: symsupportutil - hxxps://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - hxxp://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125579250672
DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} - hxxp://public2.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c4/v16.607/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - hxxps://accounting.quickbooks.com/v12.281/qboax8.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37869.8121759259
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {E5BBD447-F3B0-4E29-A8E8-D49A7CEB0CD1} = 4.2.2.1,4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnho~1\applic~1\mozilla\firefox\profiles\a5fvl2go.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\john hoover\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2006-3-27 4288]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-6-9 14464]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-28 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-28 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-11-28 29464]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-28 14336]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-26 54752]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-11-28 207936]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-1-28 583640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2007-11-6 618896]
R3 PAC7311;PC VGA Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-14 449024]
S?2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-11-28 4363040]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\elbyvcd.sys --> c:\windows\system32\drivers\ElbyVCD.sys [?]
S0 PQV2i;PQV2i; [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-5-24 778656]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-27 27904]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-28 40296]
S1 PQIMount;PQIMount; [x]
S2 Avg7Alrt;AVG7 Alert Manager Server; [x]
S2 Avg7UpdSvc;AVG7 Update Service; [x]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2011-12-4 193192]
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\bwndis5.sys --> c:\windows\system32\BWNDIS5.SYS [?]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2009-10-9 46108]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [2004-6-7 51040]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [2004-6-7 6064]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [2004-6-7 82640]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [2004-6-7 64096]
S3 DMSVC;DMSVC;c:\program files\microsoft windows feedback panel\DMSVCAPP.exe [2004-11-24 65536]
S3 FA411;NETGEAR FA411 PCMCIA Mobile Adapter;c:\windows\system32\drivers\FA411ND5.sys [2005-12-19 16512]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 IFCUSB;IFCUSB;c:\windows\system32\drivers\IFCUSB.SYS [2004-6-11 17260]
S3 KID_USB;Kensington Input Devices USB filter driver;c:\windows\system32\drivers\KID_USB.sys [2001-9-5 16344]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2011-6-21 17536]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SS1012;Siemens SpeedStream CardBus 10/100 Driver;c:\windows\system32\drivers\SS1012.sys [2011-6-28 33965]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2011-12-04 16:02:18 0 d-----w- c:\documents and settings\all users\Dl_cats
2011-12-04 15:58:09 40960 ----a-w- c:\windows\system32\dleevs.dll
2011-12-04 15:57:57 442368 ----a-w- c:\windows\system32\dleecoin.dll
2011-12-04 15:56:58 983121 ----a-w- c:\windows\system32\lxk_gf.dll
2011-12-04 15:56:58 65106 ----a-w- c:\windows\system32\dleeprpr.chm
2011-12-04 15:56:57 86016 ----a-w- c:\windows\system32\dleegcfg.dll
2011-12-04 15:56:52 294912 ----a-w- c:\windows\system32\dleecui.dll
2011-12-04 15:56:52 110592 ----a-w- c:\windows\system32\dleecuir.dll
2011-12-04 15:56:49 8696 ----a-w- c:\windows\system32\dleecommuilogo_rtl.bmp
2011-12-04 15:56:49 8696 ----a-w- c:\windows\system32\dleecommuilogo.bmp
2011-12-04 15:56:26 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-12-04 15:56:26 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-12-04 15:35:19 372736 ----a-w- c:\windows\system32\DLEEwupd.dll
2011-12-04 15:35:19 213672 ----a-w- c:\windows\system32\DLEEwupd.exe
2011-12-04 15:30:50 0 d-----w- c:\program files\Dell Toolbar
2011-12-04 15:29:56 0 d-----w- c:\program files\Dell Printable Web
2011-12-04 15:28:26 7680 ----a-w- c:\windows\system32\NativeCall.dll
2011-12-04 15:25:49 28672 ----a-w- c:\windows\system32\DLEEsmr.dll
2011-12-04 15:25:49 0 d-----w- c:\program files\Dell V715w
2011-12-04 15:25:48 299008 ----a-w- c:\windows\system32\DLEEsm.dll
2011-12-03 13:17:24 0 ----a-w- c:\documents and settings\john hoover\defogger_reenable
2011-12-02 18:24:03 0 d-----w- c:\program files\OBIHAI
2011-12-01 22:23:00 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-12-01 22:21:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications
2011-11-28 12:34:58 0 d-----w- c:\docume~1\johnho~1\applic~1\OnlineArmor
2011-11-28 12:34:58 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-11-28 12:34:37 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-11-28 12:34:37 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-11-28 12:34:37 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-11-28 12:34:37 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-11-28 12:34:31 0 d-----w- c:\program files\Online Armor
2011-11-27 03:23:26 0 dc----w- C:\Data
2011-11-27 02:44:17 0 d-----w- c:\docume~1\johnho~1\applic~1\QuickScan
2011-11-27 00:21:13 111616 ----a-w- c:\windows\system32\E4j7a.com
2011-11-26 20:40:39 0 ----a-w- c:\windows\system32\E4j7a.com.b
2011-11-26 20:34:10 112 ----a-w- c:\docume~1\alluse~1\applic~1\Y1LDai.dat
2011-11-26 20:33:55 111616 ----a-w- c:\windows\system32\E4j7a.com_
2011-11-26 12:31:12 0 d-----w- c:\docume~1\johnho~1\applic~1\FaaxTGNpzF8lFlD
2011-11-26 12:31:11 0 d-----w- c:\docume~1\johnho~1\applic~1\KrrfIK2dvJ1cH
2011-11-26 12:30:31 0 d-----w- c:\program files\FAF5E
2011-11-26 12:29:52 0 d-----w- c:\docume~1\johnho~1\applic~1\049FA
2011-11-26 12:29:47 0 d-----w- c:\program files\LP
2011-11-26 12:28:57 0 d-----w- c:\docume~1\johnho~1\applic~1\uZn3fKwxzEujAyZ
2011-11-26 12:28:47 0 d-----w- c:\docume~1\johnho~1\applic~1\T3ddqBDhg
2011-11-22 12:21:41 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-11-22 12:21:41 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-11-22 12:21:41 143872 ----a-w- c:\windows\system32\xvid.ax
2011-11-22 11:31:25 0 d-----w- c:\program files\Conduit
2011-11-18 01:52:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 01:52:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2011-11-28 12:18:38 5008 ----a-w- c:\windows\system32\d3d9caps.dat
2011-11-06 09:54:01 524598 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-19 23:36:54 19558 ----a-w- c:\windows\hpoins01.dat
2011-10-07 11:32:09 36377 ----a-w- c:\windows\system32\nvModes.dat
2011-10-05 16:47:08 89568 ----a-w- c:\docume~1\johnho~1\applic~1\GDIPFONTCACHEV1.DAT
2009-12-11 13:03:16 336 ----a-w- c:\program files\temp995.bat
2007-06-07 11:32:27 28391811 ----a-w- c:\program files\NAV2006EN.EXE
2004-08-26 12:28:19 160520312 ----a-w- c:\program files\Program Files
2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2002-10-07 19:16:20 39552 -c----w- c:\windows\inf\ser2pl.sys
2000-06-08 08:00:00 41520 -c----w- c:\windows\inf\CCPORT.SYS
2000-06-08 08:00:00 22208 -c----w- c:\windows\inf\usbser.sys
2004-09-14 12:41:16 56 --sh--r- c:\windows\system32\9517723EEB.sys
2008-01-12 10:47:03 2202 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-16 22:47:59 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-29 16:55:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 6:20:59.74 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2003 2:10:07 PM
System Uptime: 12/9/2011 6:03:04 AM (0 hours ago)

Motherboard: Dell Computer Corporation | | Inspiron 8200
Processor: Mobile Intel® Pentium® 4 - M CPU 2.40GHz | Microprocessor | 2392/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 54 GiB total, 8.329 GiB free.
D: is CDROM ()
I: is FIXED (NTFS) - 1 GiB total, 1.375 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5001X+ Mini PCI Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_7057144F&REV_01\4&139E449D&0&18F0
Manufacturer: Atheros
Name: Atheros AR5001X+ Mini PCI Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_7057144F&REV_01\4&139E449D&0&18F0
Service: AR5211

==== Installed Programs ======================

7-Zip 9.20
AC97 SoftV92 Data Fax Modem
Acrobat.com
Actiontec 54Mbps USB Wireless Adapter
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator 10
Adobe Media Player
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader X (10.1.1)
AIM 7
Akamai NetSession Interface
ALPS Touch Pad Driver
ArcSoft VideoImpression 2
Atheros Client Installation Program
ATI Control Panel
Avery Wizard 4.0
Avery® Wizard 2.1 for Microsoft® Word 2002
CaptureWizPro 4.50
Carbonite
CCleaner
CometBird 7.0.1 (x86 en-US)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Curitel Packet Service Software
Cypress USB Mass Storage Driver Installation
Dell Driver Download Manager
Dell Solution Center
Dell Toolbar
Dell V715w
Dell Wireless WLAN Card
Desktop Maestro 3.1
Diff Doc
Driver Cleaner 2
Dropbox
DVDSentry
Eusing Free Registry Cleaner
Free File Opener v2011.7.0.1
FriendFinder Messenger v4.1
Google Chrome
GoToMeeting 4.8.0.723
Help and Support Customization
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5550 series
hp deskjet 5550 series (Remove only)
HP Deskjet 5700
HP Install Network Printer Wizard
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential
HP Update
I8kfanGUI V3.1
InstallIQ Updater
IntelliGolf
InterVideo WinDVD
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.2_08
Java™ 6 Update 17
Junk Mail filter update
K-Lite Codec Pack 6.5.0 (Basic)
LeaseWizard® 3.4 - Reports Update
Links Magazine Screen Saver
Linksys Cordless Internet Telephony Kit
LizardTech DjVu Control
Logitech MouseWare 9.79.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.2.1300
MAPS
Merciless 1942 - Historic Addon (Ver.3.7) by Merciless Creations
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Arnold Palmer Course Designer 1.5
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office Live Small Business Image Uploader
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Project Professional 2010
Microsoft Publisher 2002
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft VC9 runtime libraries
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Feedback Panel 2.0
Microsoft Windows Journal Viewer
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Modem Helper
Mouse Suite
MSN Music Assistant
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multi-Card Reader / Flash Disk
MultiRes (remove only)
MYRIAD 7.0
Napster
Napster Burn Engine
Nasty File Remover v0.71 (remove only)
NETGEAR MA701 Wireless CF Card Configuration Utility
NetZero Connection Wizard
NetZero Internet
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Windows 2000/XP Display Drivers
OBiAPP For OBiTALK version 1.1.0(1944)
Online Armor 5.1
Opera 11.50
Paint Shop Pro 7 Anniversary Edition
PartitionMagic
PC Connectivity Solution
PC VGA Camer@
PC VGA Camer@ Plus
PC VGA Camera
Philips SPC 200NC PC Camera
PowerPlugs: Stationery
PowerPlugs: Stationery for Outlook Express
PowerQuest Drive Image 7.0
PowerQuest PartitionMagic 8.0
PrimoPDF -- by Nitro PDF Software
Prism Video File Converter
QuickBooks
QuickBooks Online Edition
QuickBooks Pro 2009
QuickCam
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Resco Picture Viewer
SanDisk ImageMate Reader/Writer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SimpleOCR 3.1
SIPPS
Skype™ 4.2
SmartDraw VP
SpeedswitchXP V1.5
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SSC Service Utility v4.20
Startup Manager 2.4.2
Sweepi 5.4.00
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 3 Client
Trillian
TrueClean
TrueMobile 1300 USB 2.0 WLAN
TrueWatch
Turbo Lister 2
Uninstall Startup Inspector for Windows
Universal Documents Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB MEDIA 2.0
USB Storage Adapter FX (SM1)
VLC media player 1.1.7
VZAccess Manager
Webcam32
WebEx
WebFldrs XP
WebIQ Client Software
Window Washer
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xircom Ethernet + Modem 56
XMind
Xvid Video Codec
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== End Of File ===========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 09 December 2011 - 01:04 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 10 December 2011 - 08:16 AM

Hi Gringo:

I started to run Combo Fix. My internet connection shut down in the middle of running it, so it could not finish. I am trying to repair the connection now. Both wireless and ethernet connections says "acquiring network address" but never complete connection.

The printer communication system has also shut down, so that I no longer can access any printers from the laptop.

John

Edited by Hooverjo, 10 December 2011 - 09:36 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 10 December 2011 - 11:57 AM

rerun combofix and see if it fixes the connection


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 10 December 2011 - 02:54 PM

I ran ComboFix again. It extracted files and then I got pop-ups that said AVG is running, although I had previously uninstalled AVG. I am unable to run the AVG clean-up utility. After clearing the two pop-ups, I get to a window with a C: prompt, and a statement that CF was beginning to run and creating a System Restore point. Then I got pop-ups relating to Windows Recovery Console, which CF could not download because I can't connect to the internet. CF then continued to scan for infected files. CF stopped running (hung up) after about 10 minutes and the laptop froze up.

Spooler Subsystem App and Printer Communication Service both shut down on start-up. Internet connection is still down.

Edited by Hooverjo, 10 December 2011 - 03:04 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 10 December 2011 - 11:13 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Hooverjo

Hooverjo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 12 December 2011 - 09:34 AM

As before, CF hung up and the laptop froze. I still cannot get to the internet and CF says AVG is running when I can't see it on Task Manager.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 13 December 2011 - 12:21 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users