my computer has been freezing randomly. I downloaded and ran avira antivir and it found a few things and quarantined them.
Here they are:
Virus or unwanted program 'TR/Dldr.Agent.boey [trojan]'
'ADSPY/Coupons.A.2' [adware]
HEUR/Malware' [heuristic]

I rebooted but am still having a bit of a problem although it isn't as bad as it was before.
Please help.

Here is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:16 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir Desktop\sched.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
J:\Program Files\Avira\AntiVir Desktop\avguard.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\cisvc.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
J:\WINDOWS\ALCXMNTR.EXE
J:\WINDOWS\AGRSMMSG.exe
J:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
J:\Program Files\MozyHome\mozybackup.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\Program Files\Avira\AntiVir Desktop\avgnt.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
J:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Program Files\MozyHome\mozystat.exe
J:\QBOOKSW\Components\QBAgent\qbdagent2001.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
J:\WINDOWS\system32\RAMASST.exe
J:\WINDOWS\system32\tcpsvcs.exe
J:\Program Files\Common Files\Sonic Shared\CineTray.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\mrtMngr.EXE
J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\system32\cidaemon.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe
J:\WINDOWS\system32\NOTEPAD.EXE
j:\program files\avira\antivir desktop\avcenter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - J:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - J:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - J:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - J:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - J:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - J:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] J:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] "J:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "J:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BounceBack Setup] "J:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [AppleSyncNotifier] J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] J:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "J:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Error Fix] J:\Program Files\Error Fix\Error Fix.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] J:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.noggin.com/games/doodlepad/"
O4 - Global Startup: Adobe Gamma Loader.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = J:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = J:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = J:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MozyHome Status.lnk = J:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = J:\QBOOKSW\Components\QBAgent\qbdagent2001.exe
O4 - Global Startup: RAMASST.lnk = J:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = J:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://J:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210105455578
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///J:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///J:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///J:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///J:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - AppInit_DLLs: J:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - J:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - J:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - J:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - J:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - J:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - J:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - J:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - J:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - J:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LU6D90~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - J:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Norton Internet Security - Symantec Corporation - J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - J:\WINDOWS\system32\HPZipm12.exe

--
End of file - 17783 bytes

Hello yvette,
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your HijackThis log now, I will post back shortly with instructions.

Hello yvette,

• You may want to print out these instructions for reference prior to proceeding.
• This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
• If you have any questions, or are uncertain about any steps please ask 'before' proceeding.

- - - - - Next - - - - -

You log currently shows that you are running two (2) Anti-Virus programs, Avira and Norton. It is important that only one (1) Anti-Virus program
is running at any one time. The choice is yours but you must remove one of these programs before we proceed. This process can be done via Add/Remove Programs in your Control Panel.

I would recommend that you keep the Norton Security Suite for the time being until we get your computer free of malware. It has better overall protection than the Avira Anti-Virus.
But the choice is yours. Please use the appropriate step below to remove one (1) of them.

- - - - - Next - - - - -

If you choose to remove Norton, please use the Norton Removal Tool (directions below)

Download the Norton Removal Tool from ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe and save it to your desktop.

Next Double click on Norton_Removal_Tool.exe to run the tool.

Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

- - - - - Next - - - - -

If removing Avira use the directions below

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate one the following program:

• Avira
  

Select the program, then select remove.

Exit the Control Panel when finished.

- - - - - Next - - - - -

Please download ATF Cleaner by Atribune.
Download - http://www.nutnworks.com/downloads/ATF_Cleaner.exe

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

- - - - - Next - - - - -

Please download Malwarebytes' Anti-Malware from here or here

Double Click mbam-setup.exe to install the application.

• Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.< < Don't forget this!
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  (The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.)
  
• Copy and Paste the entire report in your next reply.

- - - - - Next - - - - -

Please download DDS by sUBs from one of the following links and save it to your desktop.

• DDS.scr
• DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs) < < Important
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
  
• Tell me how your computer is running at the moment.
• What firewall are you currently using?

Thank you!!
So far everything seems to be running much faster. IE hasn't frozen on me and Outlook express is loading without delay or freezing.
I am currently using Norton Smart Firewall

Here are the log files you requested:

Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.1.2600 Service Pack 3

6/28/2009 10:20:52 AM
mbam-log-2009-06-28 (10-20-52).txt

Scan type: Quick Scan
Objects scanned: 112570
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




DDS (Ver_09-06-26.01) - NTFSx86
Run by Yvette at 10:25:10.96 on Sun 06/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.756 [GMT -7:00]


============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\WINDOWS\system32\spoolsv.exe
svchost.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\cisvc.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\MozyHome\mozybackup.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
J:\WINDOWS\system32\tcpsvcs.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\WINDOWS\ALCXMNTR.EXE
J:\WINDOWS\AGRSMMSG.exe
J:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
J:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Program Files\MozyHome\mozystat.exe
J:\QBOOKSW\Components\QBAgent\qbdagent2001.exe
J:\WINDOWS\system32\RAMASST.exe
J:\Program Files\Common Files\Sonic Shared\CineTray.exe
J:\WINDOWS\system32\mrtMngr.EXE
J:\Program Files\iPod\bin\iPodService.exe
J:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\WINDOWS\system32\cidaemon.exe
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Documents and Settings\Yvette\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - j:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - j:\program files\google\googletoolbarnotifier\4.1.509.5470\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - j:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - j:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - j:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Autodesk DWF: {f03966d3-8ea0-47b4-bbe0-85bfe6cbc8ac} - j:\program files\autodesk\autodesk dwf writer\dwf addin\DWFIEAddin.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ctfmon.exe] j:\windows\system32\ctfmon.exe
uRun: [swg] j:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Error Fix] j:\program files\error fix\Error Fix.exe -boot
uRun: [SUPERAntiSpyware] j:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] j:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.noggin.com/games/doodlepad/"
mRun: [Symantec PIF AlertEng] "j:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "j:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [MaxBlastMonitor.exe] j:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [HP Software Update] "j:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "j:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [BounceBack Setup] "j:\program files\cms peripherals\bounceback express\AppLaunch.exe" /Launchit
mRun: [AppleSyncNotifier] j:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AcronisTimounterMonitor] j:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "j:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [ArcSoft Connection Service] j:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "j:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "j:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "j:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "j:\program files\java\jre6\bin\jusched.exe"
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - j:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - j:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - j:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - j:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - j:\program files\mozyhome\mozystat.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - j:\qbooksw\components\qbagent\qbdagent2001.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - j:\windows\system32\RAMASST.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - j:\program files\common files\sonic shared\CineTray.exe
IE: Add to Google Photos Screensa&ver - j:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - j:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///J:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210105455578
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///J:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///J:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///J:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///J:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - j:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - j:\program files\superantispyware\SASWINLO.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - j:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;j:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-3-18 310320]
R1 AW_HOST;AW_HOST;j:\windows\system32\drivers\AW_HOST5.sys [2002-2-11 33496]
R1 awlegacy;awlegacy;j:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R1 BHDrvx86;Symantec Heuristics Driver;j:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-3-18 258608]
R1 ccHP;Symantec Hash Provider;j:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-3-18 482352]
R1 IDSxpx86;IDSxpx86;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090623.001\IDSXpx86.sys [2009-6-23 276344]
R1 mozyFilter;mozyFilter;j:\windows\system32\drivers\mozy.sys [2009-1-20 53752]
R1 SASDIFSV;SASDIFSV;j:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;j:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;j:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 Iprip;RIP Listener;j:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 Norton Internet Security;Norton Internet Security;j:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-3-18 115560]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;j:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 portD;CMS PortIO Service;j:\windows\system32\drivers\portd2k.sys [2008-5-15 14976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;j:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-16 101936]
R3 NAVENG;NAVENG;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090628.006\NAVENG.SYS [2009-6-28 89104]
R3 NAVEX15;NAVEX15;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090628.006\NAVEX15.SYS [2009-6-28 876144]
R3 SASENUM;SASENUM;j:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 awhost32;pcAnywhere Host Service;j:\program files\symantec\pcanywhere\AWHOST32.EXE [2008-5-5 114749]
S3 getPlus® Helper;getPlus® Helper;j:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-21 33752]

=============== Created Last 30 ================

2009-06-23 13:49 <DIR> --d----- j:\program files\Trend Micro
2009-06-21 14:39 <DIR> --d----- j:\docume~1\yvette\applic~1\Malwarebytes
2009-06-21 14:39 38,160 a------- j:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 14:39 19,096 a------- j:\windows\system32\drivers\mbam.sys
2009-06-21 14:39 <DIR> --d----- j:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-21 14:39 <DIR> --d----- j:\program files\Malwarebytes' Anti-Malware
2009-06-21 12:22 1,342,377 a------- J:\MGtools.exe
2009-06-21 11:22 <DIR> --d----- j:\documents and settings\yvette\.SunDownloadManager
2009-06-21 10:44 55,640 a------- j:\windows\system32\drivers\avgntflt.sys
2009-06-21 10:30 <DIR> --d----- j:\docume~1\yvette\applic~1\Error Fix
2009-06-10 20:05 246,272 -c------ j:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:05 12,800 -c------ j:\windows\system32\dllcache\xpshims.dll
2009-06-02 14:55 <DIR> --d----- j:\program files\Avery

==================== Find3M ====================

2009-06-21 11:52 410,984 a------- j:\windows\system32\deploytk.dll
2009-05-13 12:47 7,490,144 a------- j:\documents and settings\yvette\Arch Drawings.zip
2009-05-13 12:44 10,774,963 a------- j:\documents and settings\yvette\Club fit monterey 11-06-07 Bruce's dwg.zip
2009-05-12 22:15 915,456 a------- j:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- j:\windows\system32\localspl.dll
2009-05-01 11:30 3,366,912 a------- j:\windows\system32\GPhotos.scr
2009-04-17 05:26 1,847,168 a------- j:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- j:\windows\system32\rpcrt4.dll
2008-09-12 09:45 60,744 -------- j:\documents and settings\yvette\g2mdlhlpx.exe
2008-05-06 14:20 32,768 a--sh--- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008042820080505\index.dat
2008-05-06 14:20 32,768 a--sh--- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050620080507\index.dat

============= FINISH: 10:25:40.03 ===============

yvette,

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:

• SelectRebates
• Error Fix
• Java™ 6 Update 5
• Java™ 6 Update 6
• Java™ 6 Update 7

Select each one of the programs, then select remove.
(if the program is not listed don't be alarmed, just continue with the list)

Exit the Control Panel when finished.

- - - - - Next - - - - -

Please locate the following folders in red and delete them and it's entire contents.
Be sure to delete the entire folder that is designated.

• C:\Program Files\SelectRebates
• C:\Program Files\Error Fix

Right click the file or folder, select Delete.

- - - - - Next - - - - -

Run HijackThis and select Do a System Scan Only

Before proceeding, make sure all programs and browser windows are closed, EXCEPT HijackThis
Place check marks next to the following items:

• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
• O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
• O4 - HKCU\..\Run: [Error Fix] J:\Program Files\Error Fix\Error Fix.exe -boot
  

Now with all browsers closed, click on Fix Checked, then EXIT the program

- - - - - Next - - - - -

Please re-run the: Eset Online Scanner
(You will need Internet Explorer to run this scan)

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button.
• Click Start. The scanner engine will initialize and update.
• Place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes click the Details tab.
• Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

- - - - - Next - - - - -

Do another scan with DDS

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• ESET log.txt
• Post the contents of the DDS.txt report in your next reply (no attach.txt required)
• Tell me how your computer is running at the moment.

Hi OCD,
I looked for the two folders you specified to remove and they are not there.
I tried to run Eset Online Scanner and got an error message .

yvette,

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• SmitfraudFix log
• Tell me how your computer is running at the moment.

Hi OCD,
I was able to run Smitfraudfix log and have pasted the log below
Now I'm getting random Application Errors. The most recent was:
The Instruction at "0x0700609c" referenced memory at "0x00000014". The memory could not be "read"
Click on OK to terminate the program.
What's going on??
Thank you for your time, I very much appreciate your help.


SmitFraudFix v2.423

Scan done at 11:23:53.84, Tue 06/30/2009
Run from J:\Documents and Settings\Yvette\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\cisvc.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\MozyHome\mozybackup.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
J:\WINDOWS\system32\tcpsvcs.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\SearchIndexer.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\WINDOWS\AGRSMMSG.exe
J:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Program Files\MozyHome\mozystat.exe
J:\WINDOWS\system32\RAMASST.exe
J:\Program Files\Common Files\Sonic Shared\CineTray.exe
J:\Program Files\Windows Desktop Search\WindowsSearch.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\system32\SearchProtocolHost.exe
J:\WINDOWS\system32\cidaemon.exe
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Documents and Settings\Yvette\Desktop\SmitfraudFix\Policies.exe
J:\WINDOWS\system32\cmd.exe
J:\WINDOWS\system32\SearchProtocolHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» J:\


»»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS

J:\WINDOWS\Tasks\At?.job FOUND !
J:\WINDOWS\Tasks\At??.job FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» J:\Documents and Settings\Yvette


»»»»»»»»»»»»»»»»»»»»»»»» J:\DOCUME~1\Yvette\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» J:\Documents and Settings\Yvette\Application Data

J:\Documents and Settings\Yvette\Application Data\Skinux FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» J:\DOCUME~1\Yvette\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» J:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="J:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 205.171.2.65
DNS Server Search Order: 205.171.3.65

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

This post has been edited by yvette: Jun 30 2009, 02:02 PM

yvette,

QUOTE (yvette @ Jun 30 2009, 03:30 PM)

Now I'm getting random Application Errors. The most recent was:
The Instruction at "0x0700609c" referenced memory at "0x00000014". The memory could not be "read"
Click on OK to terminate the program.
What's going on??

Can you tell me what you where doing or trying to do when your received the error messages? (i.e what programs were running, browser etc)

QUOTE (yvette @ Jun 29 2009, 12:35 PM)

I tried to run Eset Online Scanner and got an error message .

Can you tell me what the error message said when you tried to run the ESET online scan from the previous instructions?

- - - - - Next - - - - -

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

1. Please reboot your computer in Safe Mode by doing the following :

• Restart your computer.
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually.
• Instead of Windows loading as normal, a menu with options should appear.
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

2. Once in Safe Mode

• Double-click SmitfraudFix.exe
• Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
• You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter".

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at C:\rapport.txt.

Warning : running option #2 on a non infected computer will remove your Desktop background.

- - - - - Next - - - - -

Please re-run DDS by sUBs.

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• rapport.txt
• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
• Tell me how your computer is running at the moment.
• Please answer my questions as accurately as possible

I was running IE when I got the random application errors. Not sure exactly what triggered it.

When I tried to run "Eset Online Scanner" I got this application error message:
The Instruction at "0x0be50068" referenced memory at "0x0be50068". The memory could not be "read"
Click on OK to terminate the program.

Two days ago my husband downloaded "The weather Channel Desktop" without telling me. It really slows things up a lot on startup. Now I can't uninstall it, I've tried thru Add/Remove and I get this error message.
The file J:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannnelCustomuninstall.exe could not be opened.
So i tried going to the weatherchannel folder and trying the uninstall there and got the same message.

I ran DDS and saved the logs, then I went to open outlookexpress to get the link in my email to post my reply and everything froze after outlookexpress opened. I tried ctrl-alt-del but that didn't work and I couldn't get to the shut down menu so i had to turn off/on the computer by pressing the tower button.
It took a good ten minutes for everything to load. That weather channel thing takes forever.

Here are the logs you asked for:

SmitFraudFix v2.423

Scan done at 8:48:01.46, Wed 07/01/2009
Run from J:\Documents and Settings\Yvette\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

J:\WINDOWS\Tasks\At?.job Deleted
J:\Documents and Settings\Yvette\Application Data\Skinux\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8F1271F-355A-4D3D-913A-DC865DE2FC1B}: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=205.171.2.65 205.171.3.65


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



DDS (Ver_09-06-26.01) - NTFSx86
Run by Yvette at 9:11:41.54 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.818 [GMT -7:00]


============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\WINDOWS\system32\spoolsv.exe
svchost.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\cisvc.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\MozyHome\mozybackup.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
J:\WINDOWS\system32\tcpsvcs.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\WINDOWS\system32\SearchIndexer.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
J:\WINDOWS\AGRSMMSG.exe
J:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
J:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Program Files\MozyHome\mozystat.exe
J:\QBOOKSW\Components\QBAgent\qbdagent2001.exe
J:\WINDOWS\system32\RAMASST.exe
J:\Program Files\Common Files\Sonic Shared\CineTray.exe
J:\Program Files\Windows Desktop Search\WindowsSearch.exe
J:\WINDOWS\system32\SearchProtocolHost.exe
J:\WINDOWS\system32\mrtMngr.EXE
J:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\Documents and Settings\Yvette\Desktop\dds.pif

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - j:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - j:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - j:\program files\google\googletoolbarnotifier\4.1.509.5470\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - j:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - j:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - j:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Autodesk DWF: {f03966d3-8ea0-47b4-bbe0-85bfe6cbc8ac} - j:\program files\autodesk\autodesk dwf writer\dwf addin\DWFIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ctfmon.exe] j:\windows\system32\ctfmon.exe
uRun: [swg] j:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DW6] "j:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRunOnce: [Shockwave Updater] j:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.noggin.com/games/doodlepad/"
mRun: [Symantec PIF AlertEng] "j:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "j:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [MaxBlastMonitor.exe] j:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [HP Software Update] "j:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "j:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [BounceBack Setup] "j:\program files\cms peripherals\bounceback express\AppLaunch.exe" /Launchit
mRun: [AppleSyncNotifier] j:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AcronisTimounterMonitor] j:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "j:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [ArcSoft Connection Service] j:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "j:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "j:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "j:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "j:\program files\java\jre6\bin\jusched.exe"
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - j:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - j:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - j:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - j:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - j:\program files\mozyhome\mozystat.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - j:\qbooksw\components\qbagent\qbdagent2001.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - j:\windows\system32\RAMASST.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - j:\program files\common files\sonic shared\CineTray.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - j:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - j:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - j:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - j:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///J:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210105455578
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///J:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///J:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///J:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///J:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - j:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - j:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;j:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-3-18 310320]
R1 AW_HOST;AW_HOST;j:\windows\system32\drivers\AW_HOST5.sys [2002-2-11 33496]
R1 awlegacy;awlegacy;j:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R1 BHDrvx86;Symantec Heuristics Driver;j:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-3-18 258608]
R1 ccHP;Symantec Hash Provider;j:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-3-18 482352]
R1 IDSxpx86;IDSxpx86;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090625.003\IDSXpx86.sys [2009-6-30 276344]
R1 mozyFilter;mozyFilter;j:\windows\system32\drivers\mozy.sys [2009-1-20 53752]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;j:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 Iprip;RIP Listener;j:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 Norton Internet Security;Norton Internet Security;j:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-3-18 115560]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;j:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 portD;CMS PortIO Service;j:\windows\system32\drivers\portd2k.sys [2008-5-15 14976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;j:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-16 101936]
S3 awhost32;pcAnywhere Host Service;j:\program files\symantec\pcanywhere\AWHOST32.EXE [2008-5-5 114749]
S3 getPlus® Helper;getPlus® Helper;j:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-21 33752]
S3 NAVENG;NAVENG;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090701.004\NAVENG.SYS [2009-7-1 89104]
S3 NAVEX15;NAVEX15;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090701.004\NAVEX15.SYS [2009-7-1 876144]

=============== Created Last 30 ================

2009-07-01 08:59 <DIR> --d----- j:\docume~1\yvette\applic~1\Skinux
2009-06-30 12:20 <DIR> --d----- j:\docume~1\yvette\applic~1\Windows Search
2009-06-30 11:24 3,964 a------- j:\windows\system32\tmp.reg
2009-06-29 15:13 <DIR> --d----- j:\docume~1\yvette\applic~1\Windows Desktop Search
2009-06-29 15:13 <DIR> --d----- j:\program files\Windows Desktop Search
2009-06-29 15:13 <DIR> --d----- j:\windows\system32\GroupPolicy
2009-06-29 15:12 192,000 -c------ j:\windows\system32\dllcache\offfilt.dll
2009-06-29 15:12 98,304 -c------ j:\windows\system32\dllcache\nlhtml.dll
2009-06-29 15:12 29,696 -c------ j:\windows\system32\dllcache\mimefilt.dll
2009-06-29 13:39 <DIR> --d----- j:\program files\ESET
2009-06-28 19:14 <DIR> --d----- j:\program files\The Weather Channel FW
2009-06-23 13:49 <DIR> --d----- j:\program files\Trend Micro
2009-06-21 14:39 <DIR> --d----- j:\docume~1\yvette\applic~1\Malwarebytes
2009-06-21 14:39 38,160 a------- j:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 14:39 19,096 a------- j:\windows\system32\drivers\mbam.sys
2009-06-21 14:39 <DIR> --d----- j:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-21 14:39 <DIR> --d----- j:\program files\Malwarebytes' Anti-Malware
2009-06-21 12:22 1,342,377 a------- J:\MGtools.exe
2009-06-21 11:22 <DIR> --d----- j:\documents and settings\yvette\.SunDownloadManager
2009-06-21 10:44 55,640 a------- j:\windows\system32\drivers\avgntflt.sys
2009-06-21 10:30 <DIR> --d----- j:\docume~1\yvette\applic~1\Error Fix
2009-06-10 20:05 246,272 -c------ j:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:05 12,800 -c------ j:\windows\system32\dllcache\xpshims.dll
2009-06-02 14:55 <DIR> --d----- j:\program files\Avery

==================== Find3M ====================

2009-06-21 11:52 410,984 a------- j:\windows\system32\deploytk.dll
2009-06-02 11:17 75,776 a------- j:\windows\system32\WS2Fix.exe
2009-05-25 00:24 350,208 a------- j:\windows\system32\mssph.dll
2009-05-13 12:47 7,490,144 a------- j:\documents and settings\yvette\Arch Drawings.zip
2009-05-13 12:44 10,774,963 a------- j:\documents and settings\yvette\Club fit monterey 11-06-07 Bruce's dwg.zip
2009-05-12 22:15 915,456 a------- j:\windows\system32\wininet.dll
2009-05-12 15:12 26,144 a------- j:\windows\system32\spupdsvc.exe
2009-05-07 08:32 345,600 a------- j:\windows\system32\localspl.dll
2009-05-01 11:30 3,366,912 a------- j:\windows\system32\GPhotos.scr
2009-04-17 05:26 1,847,168 a------- j:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- j:\windows\system32\rpcrt4.dll
2008-09-12 09:45 60,744 -------- j:\documents and settings\yvette\g2mdlhlpx.exe
2008-05-06 14:20 32,768 a--sh--- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008042820080505\index.dat
2008-05-06 14:20 32,768 a--sh--- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050620080507\index.dat

============= FINISH: 9:13:19.54 ===============

yvette,

Please do not download and run any new software unless asked to do so it may complicate or prolong the cleaning process.
I will be requesting for your to update Windows, please download and install all critical updates.

The reason we are updating Windows at this stage is because I think you may be using a device that doesn't have the most recent driver installed.

Please tell me if you have installed any new hardware or software recently?

- - - - - Next - - - - -

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:

• FunWebProducts
• The Weather Channel

Select each one of the programs, then select remove.
(if the program is not listed don't be alarmed, just continue with the list)

Exit the Control Panel when finished.

- - - - - Next - - - - -

Please download OTM by OldTimer.

• Save it to your desktop.
• Please click OTM and then click >> run.
• Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

CODE

:Processes
explorer.exe

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=-
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=-

:Files
j:\program files\the weather channel fw
j:\windows\system32\tmp.reg
J:\Documents and Settings\Yvette\Application Data\Skinux

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM

Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


- - - - - Next - - - - -

To set your computer up for Automatic Updates please do the following:

• Click Start, and then click Control Panel.
• Depending on which Control Panel view you use, Classic or Category, do one of the following:
• Click System, and then click the Automatic Updates tab.
• Click Performance and Maintenance, click System, and then click the Automatic Updates tab.
• Select Automatic and choose a frequency and time that's convenient for you to get the updates.
• Click Apply, then OK
• Close the Control Panel

- - - - - Next - - - - -

Reboot

- - - - - Next - - - - -

Please re-run DDS by sUBs

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• OTM log
• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
• Tell me how your computer is running at the moment.
• Also confirm that you have done the Windows Update

OCD,

My husband is banned from the computer untill all is resolved.

I didn't find those programs in add/remove.

My computer was already set for automatic updates.
I manually checked for updates as told and SP3 update was downloaded. (weird...I checked for updates yesterday morning and got no critical updates)

It seems to be running much better now after the windows update and running OTM. It only took about 1.5 minutes to completely load after reboot. (YAY!!)
The Weather Channel crud is gone, thank you!
Thank you so much for your help and patience.

Here are the logs:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
========== FILES ==========
j:\program files\The Weather Channel FW\Desktop moved successfully.
j:\program files\The Weather Channel FW moved successfully.
j:\windows\system32\tmp.reg moved successfully.
J:\Documents and Settings\Yvette\Application Data\Skinux moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Brynn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. J:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Yvette
->Temp folder emptied: 5025218 bytes
File delete failed. J:\Documents and Settings\Yvette\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 42139834 bytes
->Java cache emptied: 21133793 bytes
->Apple Safari cache emptied: 29022554 bytes

%systemdrive% .tmp files removed: 0 bytes
J:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2830336 bytes
File delete failed. J:\WINDOWS\temp\JET4428.tmp scheduled to be deleted on reboot.
File delete failed. J:\WINDOWS\temp\Perflib_Perfdata_93c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 722403 bytes

RecycleBin emptied: 9434857 bytes

Total Files Cleaned = 107.34 mb


OTM by OldTimer - Version 3.0.0.2 log created on 07022009_074337

Files moved on Reboot...
File J:\WINDOWS\temp\JET4428.tmp not found!
J:\WINDOWS\temp\Perflib_Perfdata_93c.dat moved successfully.

Registry entries deleted on Reboot...




DDS (Ver_09-06-26.01) - NTFSx86
Run by Yvette at 7:56:37.35 on Thu 07/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.778 [GMT -7:00]


============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\WINDOWS\system32\spoolsv.exe
svchost.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\cisvc.exe
J:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\MozyHome\mozybackup.exe
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
J:\WINDOWS\system32\tcpsvcs.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\System32\vssvc.exe
J:\WINDOWS\system32\dllhost.exe
J:\WINDOWS\system32\dllhost.exe
J:\WINDOWS\system32\cidaemon.exe
J:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
J:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\WINDOWS\AGRSMMSG.exe
J:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
J:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
J:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Program Files\MozyHome\mozystat.exe
J:\QBOOKSW\Components\QBAgent\qbdagent2001.exe
J:\WINDOWS\system32\RAMASST.exe
J:\Program Files\Common Files\Sonic Shared\CineTray.exe
J:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
J:\WINDOWS\system32\mrtMngr.EXE
J:\Program Files\iPod\bin\iPodService.exe
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Documents and Settings\Yvette\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - j:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - j:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - j:\program files\google\googletoolbarnotifier\4.1.509.5470\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - j:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - j:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - j:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Autodesk DWF: {f03966d3-8ea0-47b4-bbe0-85bfe6cbc8ac} - j:\program files\autodesk\autodesk dwf writer\dwf addin\DWFIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ctfmon.exe] j:\windows\system32\ctfmon.exe
uRun: [swg] j:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DW6] "j:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRunOnce: [Shockwave Updater] j:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.noggin.com/games/doodlepad/"
mRun: [Symantec PIF AlertEng] "j:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "j:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [MaxBlastMonitor.exe] j:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [HP Software Update] "j:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "j:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [BounceBack Setup] "j:\program files\cms peripherals\bounceback express\AppLaunch.exe" /Launchit
mRun: [AppleSyncNotifier] j:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AcronisTimounterMonitor] j:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "j:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [ArcSoft Connection Service] j:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "j:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "j:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "j:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "j:\program files\java\jre6\bin\jusched.exe"
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - j:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - j:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - j:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - j:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - j:\program files\mozyhome\mozystat.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - j:\qbooksw\components\qbagent\qbdagent2001.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - j:\windows\system32\RAMASST.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - j:\program files\common files\sonic shared\CineTray.exe
IE: Add to Google Photos Screensa&ver - j:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - j:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - j:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - j:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///J:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210105455578
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///J:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///J:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///J:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///J:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - j:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - j:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;j:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-3-18 310320]
R1 AW_HOST;AW_HOST;j:\windows\system32\drivers\AW_HOST5.sys [2002-2-11 33496]
R1 awlegacy;awlegacy;j:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R1 BHDrvx86;Symantec Heuristics Driver;j:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-3-18 258608]
R1 ccHP;Symantec Hash Provider;j:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-3-18 482352]
R1 IDSxpx86;IDSxpx86;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090625.003\IDSXpx86.sys [2009-6-30 276344]
R1 mozyFilter;mozyFilter;j:\windows\system32\drivers\mozy.sys [2009-1-20 53752]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;j:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 Iprip;RIP Listener;j:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 Norton Internet Security;Norton Internet Security;j:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-3-18 115560]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;j:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 portD;CMS PortIO Service;j:\windows\system32\drivers\portd2k.sys [2008-5-15 14976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;j:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-16 101936]
R3 NAVENG;NAVENG;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090702.005\NAVENG.SYS [2009-7-2 89104]
R3 NAVEX15;NAVEX15;j:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090702.005\NAVEX15.SYS [2009-7-2 876144]
S3 awhost32;pcAnywhere Host Service;j:\program files\symantec\pcanywhere\AWHOST32.EXE [2008-5-5 114749]
S3 getPlus® Helper;getPlus® Helper;j:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-21 33752]

=============== Created Last 30 ================

2009-07-02 07:49 <DIR> --d----- j:\docume~1\yvette\applic~1\Skinux
2009-07-02 07:43 <DIR> --d----- J:\_OTM
2009-06-30 12:20 <DIR> --d----- j:\docume~1\yvette\applic~1\Windows Search
2009-06-29 15:13 <DIR> --d----- j:\program files\Windows Desktop Search
2009-06-29 15:13 <DIR> --d----- j:\windows\system32\GroupPolicy
2009-06-29 15:12 192,000 -c------ j:\windows\system32\dllcache\offfilt.dll
2009-06-29 15:12 98,304 -c------ j:\windows\system32\dllcache\nlhtml.dll
2009-06-29 15:12 29,696 -c------ j:\windows\system32\dllcache\mimefilt.dll
2009-06-29 13:39 <DIR> --d----- j:\program files\ESET
2009-06-23 13:49 <DIR> --d----- j:\program files\Trend Micro
2009-06-21 14:39 <DIR> --d----- j:\docume~1\yvette\applic~1\Malwarebytes
2009-06-21 14:39 38,160 a------- j:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 14:39 19,096 a------- j:\windows\system32\drivers\mbam.sys
2009-06-21 14:39 <DIR> --d----- j:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-21 14:39 <DIR> --d----- j:\program files\Malwarebytes' Anti-Malware
2009-06-21 12:22 1,342,377 a------- J:\MGtools.exe
2009-06-21 11:22 <DIR> --d----- j:\documents and settings\yvette\.SunDownloadManager
2009-06-21 10:44 55,640 a------- j:\windows\system32\drivers\avgntflt.sys
2009-06-21 10:30 <DIR> --d----- j:\docume~1\yvette\applic~1\Error Fix
2009-06-10 20:05 246,272 -c------ j:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:05 12,800 -c------ j:\windows\system32\dllcache\xpshims.dll
2009-06-02 14:55 <DIR> --d----- j:\program files\Avery

==================== Find3M ====================

2009-06-21 11:52 410,984 a------- j:\windows\system32\deploytk.dll
2009-06-02 11:17 75,776 a------- j:\windows\system32\WS2Fix.exe
2009-05-13 12:47 7,490,144 a------- j:\documents and settings\yvette\Arch Drawings.zip
2009-05-13 12:44 10,774,963 a------- j:\documents and settings\yvette\Club fit monterey 11-06-07 Bruce's dwg.zip
2009-05-12 22:15 915,456 a------- j:\windows\system32\wininet.dll
2009-05-12 15:12 26,144 a------- j:\windows\system32\spupdsvc.exe
2009-05-07 08:32 345,600 a------- j:\windows\system32\localspl.dll
2009-05-01 11:30 3,366,912 a------- j:\windows\system32\GPhotos.scr
2009-04-17 05:26 1,847,168 a------- j:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- j:\windows\system32\rpcrt4.dll
2008-09-12 09:45 60,744 -------- j:\documents and settings\yvette\g2mdlhlpx.exe
2008-05-06 14:20 32,768 a--sh--- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008042820080505\index.dat
2008-05-06 14:20 32,768 a--sh--- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050620080507\index.dat

============= FINISH: 7:56:57.06 ===============

yvette,

Please locate the folder in red and delete it and it's entire contents.
Be sure to delete the entire folder that is designated.

• C:\Program Files\The Weather Channel

Right click the file or folder, select Delete.

- - - - - Next - - - - -

Please re-run the: Eset Online Scanner
(You will need Internet Explorer to run this scan)

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button.
• Click Start. The scanner engine will initialize and update.
• Place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes click the Details tab.
• Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• ESET log.txt
• Tell me how your computer is running at the moment.

there is no folder in programs called "theweatherchannel"

Eset still wont run, I got a similar application error as before:
The Instruction at "0x9ad0068" referenced memory at "0x9ad0068". The memory could not be "read"
Click on OK to terminate the program.

Thanks,
YVette

yvette,

Please use the image below as a reference. If possible please provide me with the information to the left of "Application Error" (in the top border)



- - - - - Next - - - - -

Since ESET is giving us trouble, please try this other online scanner. You will need Internet Explorer to run this scan.
The scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable on board antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner or from http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Click on the Accept button and install any components it needs.
• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Once the scan is complete, click on View scan report To obtain the report:
• Click on: Save Report As
• Next, in the Save as prompt, Save in area, select: Desktop
• In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
• Then, click: Save
• Please post the Kaspersky Online Scanner Report in your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

- - - - - Next - - - - -

Please re-run DDS by sUBs - after the Kaspersky Scan

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:

• Kaspersky Log
• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
• Tell me how your computer is running at the moment.