0

I have run BITDEFENDER 2009 AD-AWARE 2008APYBOT AVG ANTI-VIRUS AND ANTI-SPYWARE MALWAREBYTES' ANTI-MALWARE and tried anything I can think of.
Any help?
I get this message when I boot up but everything works.

Malwarebytes' Anti-Malware 1.30
Database version: 1386
Windows 5.1.2600 Service Pack 3

11/22/2008 11:42:27 PM
mbam-log-2008-11-22 (23-42-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 300014
Time elapsed: 2 hour(s), 52 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:30 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221429925828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221799765640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12065 bytes

Let me know if there is anything, beyond reformatting WindowsXP.
Thanks in advance,
Jim

2
Contributors
27
Replies
28
Views
8 Years
Discussion Span
Last Post by DaniWeb4Jim
Featured Replies
  • [QUOTE]What does work instead of AD-Aware? My techie friend is a PC engineer and he only used AVG FREE 8.0 ANTI-VIRUS, AD-AWARE2008 and SPY BOT 1.6. And he makes a lot of money doing it. What do you suggest? as alternative programs Jim [/QUOTE] I still use SpyBot 1.6, NOT … Read More

0

You're back DaniWeb4Jim and obviously not following any advice when given. Back in September in this thread Lost All Programs List from Start Menu I gave you some information;

The ABSOLUTE RULE is ONE antivirus program.....on a computer.

You are doing a "bit" better just two months later, now you only have 2 anti-virus programs running and back then you had 4 running. The rule is the very same today as it ALWAYS has been...ONE but now you are running AVG8 and BitDefender 2009
I also told you to FIX this entry with HiJackThis;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
but instead you posted your log, with that still showing and left me this message before I could respond;

Here is my last log. I say it is fixed. No more problems related to that one....Judy:
MARK SOLVED I found the link.
Thanks again, Jim

I told you to fix that entry because it was associated with CyberDefender which was...

at one time was listed as a Rogue anti-virus/anti-spy process because of it's false positives and the fact when something was found you would be prompted to download another pay for application for removal of these items. In checking recent reviews it still doesn't get good reviews

I truly hesitate to offer advice since it has not been followed before. This error you note should contain more information if you If you click Click Here at the bottom of the message box, you will get some more information on possibly what file is causing the error.
The scan with MBA-M was done with an out of date program. It should always be updated before each and every scan. This program updates on a regular basis, sometimes daily or even more often. The Database version yours is showing is 1386 but the current version is now 1417.

Let me know if there is anything, beyond reformatting WindowsXP.
Thanks in advance,

Maybe follow advice given would be the place to begin.

0

I am having trouble uninstalling Bitdefender because it said that I had a file missing call their support. BUT I did and do follow your advice, not a fair statement.
You sent or DANIWEB sent me a message and when I opened DANIWEB it did not show your message and I looked on your posts yesterday and did not find that one you mention?
Now this gives me a gray rectangular message that (Can I email it to you?=?=email?) That is annoying as heck.
Sorry you are right I did not update it but I ran and updated b4 and nothing shows I will try again. Thanks and really I enjoy getting your help and did follow you info but tried another antivirus without turning of the other.

0

You sent or DANIWEB sent me a message and when I opened DANIWEB it did not show your message and I looked on your posts yesterday and did not find that one you mention?

Not certain which one you are talking about here, I noted several. Here is the post number from your previous thread for each one that I noted;
Post # 8:

The ABSOLUTE RULE is ONE antivirus program.....on a computer.

I also told you to FIX this entry with HiJackThis;
Post #16:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html

I told you to fix that entry because it was associated with CyberDefender which was...
Post #8

...at one time was listed as a Rogue anti-virus/anti-spy process because of it's false positives and the fact when something was found you would be prompted to download another pay for application for removal of these items. In checking recent reviews it still doesn't get good reviews

Now if BitDefender 2009 cannot be uninstalled because it is missing a file. Try using the BitDefender Uninstall Tool

Now this gives me a gray rectangular message that (Can I email it to you?=?=email?) That is annoying as heck.

What is giving you a gray rectangular message? Are you saying you want to email it to me or is the message saying that?

0

JHolland1964 can we chat and is there an email that I can add a pdf?
I will send you a screen print of the message. I have already tried Bill Gates fix which is Microsoft's Hot fix that is more than 3 years old and said to only happen with SP2. I am running SP3 so they loose. I ran all of the ANTI-MAL-SPYWARE-VIRUS anyone suggested. Puzzle is on another site a guy said he reformated and reinstalled Win XP and the message came back after he installed SP3 and Microsoft updates.
Jim

0

I have already tried Bill Gates fix which is Microsoft's Hot fix that is more than 3 years old

Yes I have seen that also.
Look at my attachments so that you see what you need to click on and what we must see. What we have to know is the actual process that is causing the error. That is what I have clumsily outlined in the second attachement.

We need to know this because the 1st error notification box is just telling you that Generic Host Process for Win32 Services is having a problem. The Generic Host Process for Win32 is
Svchost.exe. If you look at the Windows XP process list in Task Manager , you will notice at several Svchost.exe processes: some running under the SYSTEM account (sometimes referred to as LocalSystem) and some running under two new service accounts: NETWORK SERVICE and LOCAL SERVICE. You may very well have more showing, that is ok. Svchost.exe. does exactly what the name implies, it HOSTS the services on the computer. So just this generic error won't tell us anything, we need to know the particulars of the specific error, that is why you have to look in the info and see what specific process or processes are causing the errors.

Attachments error_info_1.jpg 34.25 KB error_info_2.jpg 50.09 KB
0

Yes I have seen that also.
Look at my attachments so that you see what you need to click on and what we must see. What we have to know is the actual process that is causing the error. That is what I have clumsily outlined in the second attachement.

We need to know this because the 1st error notification box is just telling you that Generic Host Process for Win32 Services is having a problem. The Generic Host Process for Win32 is
Svchost.exe. If you look at the Windows XP process list in Task Manager , you will notice at several Svchost.exe processes: some running under the SYSTEM account (sometimes referred to as LocalSystem) and some running under two new service accounts: NETWORK SERVICE and LOCAL SERVICE. You may very well have more showing, that is ok. Svchost.exe. does exactly what the name implies, it HOSTS the services on the computer. So just this generic error won't tell us anything, we need to know the particulars of the specific error, that is why you have to look in the info and see what specific process or processes are causing the errors.

See attachment

0

Thanks for the uninstall link Bitdefender uninstalled

Good! Lots of times the anti-virus programs can be very stubborn on removal.

0

Out curiosity Jim, how big is the hard drive and how much RAM is installed on this error producing computer?
Judy

0

I have a Clone I build it is a :
INTEL PENTIUM 4 - 2.66 Ghz
2.0 Gig of RAM
1 - WD 80 Gig HD
1 - WD250 Gig HD

0

Ok. Thanks. Will get back with you ASAP.
Judy

You mentioned things I should not run I thought I turned off a lot can you send me my log and put your suggestions to stop running in RED.
Thanks
Jim

0

You mentioned things I should not run I thought I turned off a lot can you send me my log and put your suggestions to stop running in RED.
Thanks
Jim

A question first before I give the list. I notice this entry on your HJT log;
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Did you place these?
I only ask because, according to HJT guidelines;

This section corresponds to an Administrative lock down for changing the options or homepage in Internet explorer by changing certain settings in the registry.
These options should only appear if your administrator set them on purpose or if you used Spybots Home Page and Option Lock down features in the Mode -> Advanced Mode -> Tools -> IE Tweaks section.

Now here are the items I see in your HJT log which are either running as a Start up program or running at Start up via services and are not really required to run at start up;

Google Desktop Search>>> supposedly, this is "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks". This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.

Windows Defender>>>this is users choice. I use only SpywareBlaster, which DOES NOT run in the background and find it's protection superior to those programs which must actually RUN.

NvCplDaemon
>>>Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. User's choice

AppleSyncNotifier>>>Added by Apple's MobileMe synchronization software. This service helps to synchronize contact, email, and calendar information between your ITouch, iPhone, Mac, and PC.

QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards. Not required
iTunesHelper>>>Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory. If disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times but it CAN be disabled if you want.

MSMSGS>>>Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. This is NOT an IM program.

Microsoft Office Shortcut Bar>>> Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly

ctfmon.exe>>>CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features.

The noted below can be turned off by going to Start, Control Panel, Administrative Tools, Services. In Services they are listed in alphabetical order. Scroll through the list and double click on entries you wish to turn off. When the property box of the service opens if it is running Stop the service by clicking the Stop button. Once the service is stopped then go up to Start up type and click the little arrow next to the start type listing. You can either disable entirely or set it to manual. I will list recommended setting.

Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe>>>Disabled.

Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Used by iTunes to communicate with the Apple iPhone when it is connected to your computer. If you use all these then set to Manual. If you know you don't use this service then Disable it.

Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe The Bonjour Service is typically installed with the iTunes software. Apple's site describes: "Bonjour, also known as zero-configuration networking. It is NOT needed to run automatically and can be set to Manual.

Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe I noted this above. Not needed.

Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe This service is used by Itunes for using your Ipod. If you do not use Itunes you can disable this service

Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe Java Quick Starter (JQS) improves the initial startup time of Java applets and applications. But I found that it made very little difference and when I turned this off my Firefox especially loaded pages faster, why? I don't know but it did and have not noticed ANY problems with java at all.

Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe. These types of programs generally are not needed. Myself and many others just don't see the benefit of running these. Your choice

Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe AdAware. It is recommended that you remove this program. Considered foistware as it comes bundled with other items such as AOL Instant Messenger, etc. This should be Uninstalled via Add/Remove.

0

Judy:
I am going to research and turn off some of these things and I will be back at you. You have a lot of good points When did you start doing this and where did you get all the knowledge about the programs. Is there a book that has some of the errors and could you recommend one?
Thanks again.
Jim

0

A question first before I give the list. I notice this entry on your HJT log;
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Did you place these?
I only ask because, according to HJT guidelines;

Now here are the items I see in your HJT log which are either running as a Start up program or running at Start up via services and are not really required to run at start up;

Google Desktop Search>>> supposedly, this is "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks". This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.

Windows Defender>>>this is users choice. I use only SpywareBlaster, which DOES NOT run in the background and find it's protection superior to those programs which must actually RUN.

NvCplDaemon
>>>Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. User's choice

AppleSyncNotifier>>>Added by Apple's MobileMe synchronization software. This service helps to synchronize contact, email, and calendar information between your ITouch, iPhone, Mac, and PC.

QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards. Not required
iTunesHelper>>>Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory. If disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times but it CAN be disabled if you want.

MSMSGS>>>Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. This is NOT an IM program.

Microsoft Office Shortcut Bar>>> Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly

ctfmon.exe>>>CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features.

The noted below can be turned off by going to Start, Control Panel, Administrative Tools, Services. In Services they are listed in alphabetical order. Scroll through the list and double click on entries you wish to turn off. When the property box of the service opens if it is running Stop the service by clicking the Stop button. Once the service is stopped then go up to Start up type and click the little arrow next to the start type listing. You can either disable entirely or set it to manual. I will list recommended setting.

Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe>>>Disabled.

Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Used by iTunes to communicate with the Apple iPhone when it is connected to your computer. If you use all these then set to Manual. If you know you don't use this service then Disable it.

Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe The Bonjour Service is typically installed with the iTunes software. Apple's site describes: "Bonjour, also known as zero-configuration networking. It is NOT needed to run automatically and can be set to Manual.

Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe I noted this above. Not needed.

Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe This service is used by Itunes for using your Ipod. If you do not use Itunes you can disable this service

Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe Java Quick Starter (JQS) improves the initial startup time of Java applets and applications. But I found that it made very little difference and when I turned this off my Firefox especially loaded pages faster, why? I don't know but it did and have not noticed ANY problems with java at all.

Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe. These types of programs generally are not needed. Myself and many others just don't see the benefit of running these. Your choice

Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe AdAware. It is recommended that you remove this program. Considered foistware as it comes bundled with other items such as AOL Instant Messenger, etc. This should be Uninstalled via Add/Remove.

Thanks for all of this but I have one problem. Lately all of my links to uninstall my programs were gone. I did not remove them. I installed and then uninstalled a program and some worked. You gave me the BitDefender uninstall help but the one you said I did not do was CyberDefender so I did follow most of your suggestions.
I am going to try to do most of the red are true but some as you said are my choice I have to check what happens to everything I use when I turn of something.
Thanks for that. I still want to know where you learned all of this. It as if you are on a HELP DESK.
What does work instead of AD-Aware? My techie friend is a PC engineer and he only used AVG FREE 8.0 ANTI-VIRUS, AD-AWARE2008 and SPY BOT 1.6. And he makes a lot of money doing it. What do you suggest? as alternative programs
Jim

1

What does work instead of AD-Aware? My techie friend is a PC engineer and he only used AVG FREE 8.0 ANTI-VIRUS, AD-AWARE2008 and SPY BOT 1.6. And he makes a lot of money doing it. What do you suggest? as alternative programs
Jim

I still use SpyBot 1.6, NOT the TeaTimer portion however.
I quit using AdAware when it went to this new version AdAware 2008 was that this AdAware Service was put in there and runs in the background but as I understand it with the FREE version this actually does nothing. You have to have the paid version for it to do what it is supposed to do. Here is what I found when reading various reviews of this newer version;

One of the installation options that appears to be available even for Free users -- maintaining a constant scanner in the system tray, like a real anti-virus program -- forces the Free edition to respond later with a warning that the option isn't actually available.

Yes, this service can be turned off, but why have it anyway? Plus, I want to KNOW what I am going to install and what comes with it and does it work? When I found it was doing nothing I first disabled that service and kept the program, but then finally decided this newer version didn't work as well as the older one.
Plus I have found, like many others, that the free version of Malwarebytes' Anti-Malware has updates more often, sometimes more than once a day, and finds, fixes and removes more. Yes, it must be manually updated because I use the Free version but it only takes a few seconds. So I uninstalled AdAware 2008 and now use MBA-M for scanning and removal, though it is extremely rare anything is found (I believe I have found only one or two items with it in all the months I have had it) because of the next program I write about. For protection from spyware, adware, browser hijackers, dialers, preventing the installing of ActiveX based spyware, blocking tracking cookies and an excellent restricted sites protection I use SpywareBlaster, which I have used for several years now and honestly wouldn't run a computer without it installed. The key thing about this program is that it DOES NOT run in the background and consume needed resources. I can honestly say that since I began using this program several years ago I have not had more than one or two tracking cookies on the computer, I have had very little spyware, if any at all on the computer, and I do have grandkids who occasionally visit and use the computer. Plus, when researching entries in people's various logs I have "traveled to parts unknown" to check out a website showing in the log and very often my browser will go "nowhere". I will check in the SpywareBlaster Restricted sites list and sure enough there it will be. So I know it works.
Judy

Votes + Comments
EXCELLENT help all of the time, a very patient person.
0

I got rid of the problem with a neat tool SDFix.exe I am zipping and sending it to you via your private email later. . But maybe it was the TREND HOUSECALL AND the intense TREND MICRO SECURITY SYSTEM CLEANER. I ran both and it cleaned out many of my KeyGens but I will look for them again. A key generator that is used by the company if you call and loose your code. I have a few programs that I did buy and lost the code so I do use them. I am rebooting to prove that it is gone but it must have been one of them that had a backdoor Trojan virus.
Thanks for all of your help. I will review my opinion of AD-Aware but I do use Spy-Bot without TEA-Timer also What ANTIVIRUS DO YOU USE. I use AVG Free 8.0 and it works well.

0

SDFix is a tool used here quite often. We are very familiar with it. I use Antivir for my anti-virus program. I also use Spybot without TeaTimer and also MBA-M is now in my regular arsenal. Of course SpywareBlaster is a key program also.
Judy

0

Problem NOT solved, yet.
I rebooted and it is back, grrrrrrrrrrrrrrr
I am about to reinstall the whole thing, but, someone said it came back with the updates.
Sending you the messages via email

0

Many things can cause this type of error but one of the things that kept popping up is either a corrupted ntdll.dll file OR an issue with a hardware driver which may be corrupted or out of date. One of the PM's you sent to me mentioned your Event Viewer showing (50+)about The driver detected a controller error on \Device\CdRom0 errors.
This could very well mean that either the driver is corrupt or needs updating which then could also lead to the ntdll.dll error too.
Try this. Go into Device Manager to the CD drive or drives if you have more than one...if you do then do this one at a time. Right Click the CD drive and choose Uninstall. Then shut down and reboot the computer. It will find the drive and install it. If you have more than one drive do it with all of them. See if this makes a difference. If it does not then go to the drive manufacturer's website and download a new driver, even if it seems to be the same version that you have. Save it to the desktop. Then go back in and Uninstall the driver again but this time have it install the new one from the desktop.
Judy

0

Did that and nothing different. Both DVDs copy and read DVDs and CDs fine. I copied a movies and an audio CD and no error messages. Once and a while the DVD will not read on a home theater but that was a bad disc. No helping that, I think that is normal.
The message changes and does not have a NTDLL.dll message. I will send you one of those.
That is business but on a personal not it is and has been a pleasing to find someone who speaks the same language.
Happy Thanksgiving.
Jim

0

THIS IS A FEW EVENT LOGS ANY ONE THAT CAN HELP ME SOLVE THIS PLEASE H-E-L-P...........

Event #1

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 3:01:24 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application , version 0.0.0.0 faulting module unknown, version 0.0.0.0 fault address 0x00000000
==========================================================================

Event #2

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 2:41:29 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
==========================================================================

Event#3

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 5:41:50 PM
User: N/A
Computer: JIM-ADM
Description:
Faulting application , version 0.0.0.0 faulting module unknown, version 0.0.0.0 fault address 0x00000000

0

Well maybe there is infection there, even though scans show clean.
Download Dr.Web CureIT
Scan with that and see what it comes up with. Save the log.
Then update MBA-M, run a full system scan with it and have it REMOVE Everything found.
Reboot.
Next download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Now double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
You may receive a warning because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Next you will see the Disclaimer screen you should press the Yes button to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you
Post back with all logs.
Judy

0

Thanks Judy,
I am working tomorrow but I will try to do it by Monday.
Thanks, you're the best!
Jim

0

Well maybe there is infection there, even though scans show clean.
Download Dr.Web CureIT
Scan with that and see what it comes up with. Save the log.
Then update MBA-M, run a full system scan with it and have it REMOVE Everything found.
Reboot.
Next download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Now double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
You may receive a warning because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Next you will see the Disclaimer screen you should press the Yes button to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you
Post back with all logs.
Judy

ComboFix 08-12-05.02 - JIM 2008-12-06 0:54:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1445 [GMT -5:00]
Running from: d:\my documents\ToolBox\Software\AntiVirus_SpyWare_Malware\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JIM.JIM-ADM\Application Data\inst.exe
c:\windows\system32\1BF7BC146F.dll
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2100-02-23 13:35 . 2001-02-22 08:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 15:03 . 2001-05-11 10:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2008-12-05 23:53 . 2008-12-05 23:53 <DIR> d-------- c:\program files\filehippo.com
2008-12-05 23:24 . 2008-12-05 23:24 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\Corel
2008-12-05 23:24 . 2008-12-05 23:24 2,828 --ahs---- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2008-12-05 23:24 . 2008-12-05 23:24 8 -r-hs---- c:\documents and settings\All Users.WINDOWS\Application Data\6F14BCF71B.sys
2008-12-05 23:22 . 2008-12-05 23:22 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM~1~JIM\LOCALS~1
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM~1~JIM
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\InstallShield
2008-12-05 19:31 . 2008-12-05 19:31 29,848 --ah----- c:\windows\system32\mlfcache.dat
2008-11-29 02:51 . 2008-11-29 02:58 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\RegTool
2008-11-29 02:37 . 2008-04-14 04:41 80,384 --a------ c:\windows\system32\Ffaultrep.dll
2008-11-27 13:14 . 2008-11-27 13:16 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\ErrorFix
2008-11-27 03:02 . 2008-11-27 03:02 45 --a------ c:\windows\system32\RPVersion.ini
2008-11-27 02:59 . 2008-11-27 13:17 <DIR> d-------- c:\program files\RegistryPatrol3.0
2008-11-26 20:03 . 2008-11-26 20:03 <DIR> d-------- c:\program files\Microtek
2008-11-24 00:52 . 2008-11-26 19:25 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-23 12:57 . 2008-11-17 10:18 192,512 --a------ c:\windows\system32\txmlutil.dll
2008-11-23 10:36 . 2008-11-26 19:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Trend Micro
2008-11-23 10:30 . 2008-11-23 10:31 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\.housecall6.6
2008-11-19 07:20 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-11-19 07:20 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-11-19 07:20 . 2008-04-14 04:42 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-11-17 23:18 . 2008-11-22 20:17 250 --a------ c:\windows\gmer.ini
2008-11-16 07:59 . 2008-11-16 09:26 66,752 --a------ c:\windows\MSOClip.232
2008-11-16 07:59 . 2008-11-16 09:26 10,304 --a------ c:\windows\MSOPrefs.232
2008-11-15 13:59 . 2008-11-15 13:59 <DIR> d-------- c:\program files\Real Alternative
2008-11-15 00:39 . 2008-11-15 00:39 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\NeroDigitalâ„¢
2008-11-12 22:29 . 2008-11-12 22:34 <DIR> d-------- c:\program files\Common Files\Broderbund
2008-11-12 20:55 . 2008-11-13 20:15 <DIR> d-------- c:\program files\WordWeb
2008-11-12 20:55 . 2008-10-18 14:08 1,050,296 --------- c:\windows\wweb32.dll
2008-11-12 09:23 . 2008-11-12 09:23 207 --a--c--- C:\bootini.dat
2008-11-12 06:59 . 2008-11-12 06:59 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-12 06:56 . 2008-11-12 06:56 <DIR> d-------- c:\windows\ERUNT
2008-11-12 00:57 . 2008-11-12 00:57 <DIR> d-------- c:\program files\Sun
2008-11-12 00:56 . 2008-11-12 00:55 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-12 00:44 . 2008-11-12 01:13 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\.SunDownloadManager
2008-11-11 20:26 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 20:25 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:46 . 2008-11-11 17:46 <DIR> d-------- c:\program files\viewsonic
2008-11-11 17:46 . 2008-11-11 17:46 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\Leadertech
2008-11-11 17:42 . 2008-11-11 19:59 101 --a------ c:\windows\VSWizard.ini
2008-11-11 17:39 . 2008-11-11 17:39 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-11 17:39 . 2008-11-11 17:39 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-11 17:04 . 2008-11-28 03:45 <DIR> d----c--- C:\SDFix
2008-11-11 15:46 . 2008-11-11 15:46 <DIR> d-------- c:\windows\system32\logs
2008-11-10 02:31 . 2008-11-27 03:28 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-11-08 18:55 . 2008-11-08 18:55 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\DVDFab
2008-11-07 06:10 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 04:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 04:45 --------- d-----w c:\program files\Corel
2008-12-06 04:22 --------- d-----w c:\program files\Common Files\Real
2008-12-06 04:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-12-06 04:16 --------- d-----w c:\program files\InterVideo Information Service
2008-12-06 04:10 --------- d-----w c:\program files\InterVideo
2008-12-06 00:24 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Apple Computer
2008-12-05 05:00 --------- d-----w c:\program files\DVDFab 5
2008-12-05 05:00 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Vso
2008-11-30 02:51 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-28 07:52 194,560 ----a-w c:\windows\zeppelin_dessert.scr
2008-11-28 07:51 606,848 ----a-w c:\windows\flashax.exe
2008-11-28 07:51 12,288 ----a-w c:\windows\impborl.dll
2008-11-27 01:40 --------- d-----w c:\program files\Trend Micro
2008-11-27 01:40 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-27 01:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 15:31 --------- d-----w c:\program files\Google
2008-11-25 23:52 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-24 03:44 --------- d-----w c:\program files\Vuze
2008-11-24 03:44 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Azureus
2008-11-23 22:16 --------- d-----w c:\program files\RegClean
2008-11-23 21:57 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 19:32 --------- d-----w c:\program files\iTunes
2008-11-23 19:31 --------- d-----w c:\program files\iPod
2008-11-23 19:21 --------- d-----w c:\program files\QuickTime
2008-11-23 18:48 --------- d-----w c:\program files\Safari
2008-11-23 11:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2008-11-23 01:01 --------- d-----w c:\program files\COMODO
2008-11-15 13:10 --------- d-----w c:\program files\WinAVI Video Converter
2008-11-13 03:34 --------- d-----w c:\program files\Broderbund
2008-11-12 05:55 --------- d-----w c:\program files\Java
2008-11-09 12:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-09 12:35 --------- d-----w c:\program files\SiSoftware
2008-11-04 16:28 --------- d-----w c:\program files\RegScrubXP
2008-11-04 16:18 --------- d-----w c:\program files\RegistryFix
2008-11-04 15:24 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-03 08:59 --------- d-----w c:\program files\Web Publish
2008-11-03 08:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
2008-11-03 08:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Protexis
2008-11-03 08:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Broderbund Software
2008-10-31 13:55 --------- d-----w c:\program files\The Cleaner Demo
2008-10-29 01:24 --------- d-----w c:\program files\AIM6
2008-10-29 01:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-28 17:03 --------- d-----w c:\program files\Digital Support
2008-10-28 17:03 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Digital Support
2008-10-27 23:15 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP
2008-10-27 23:14 --------- d-----w c:\program files\Viewpoint
2008-10-27 23:14 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\acccore
2008-10-27 23:13 --------- d-----w c:\program files\Common Files\AOL
2008-10-27 23:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2008-10-27 22:40 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-27 22:40 --------- d-----w c:\program files\MSECACHE
2008-10-27 20:01 5,376 ----a-w c:\windows\system32\drivers\MS1000.sys
2008-10-27 18:49 --------- d-----w c:\program files\Uniblue
2008-10-27 18:32 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Uniblue
2008-10-27 18:13 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Registry Booster
2008-10-26 06:27 --------- d-----w c:\program files\Common Files\eSellerate
2008-10-26 06:27 --------- d-----w c:\program files\AnswersThatWork
2008-10-25 12:52 --------- d-----w c:\program files\Extreme Cleaner
2008-10-25 03:39 --------- d-----w c:\program files\Microsoft Easy Assist
2008-10-25 03:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Applications
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:15 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Comodo
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 22:53 262,144 ----a-w c:\program files\Uninstall Ask Toolbar.dll
2008-10-18 22:39 --------- d-----w c:\program files\Maximum Software
2008-10-17 23:42 --------- d-----w c:\program files\MagicISO
2008-10-17 01:12 2,071 ----a-w c:\windows\panose.bin
2008-10-17 00:54 --------- d-----w c:\program files\Adobe Type Manager
2008-10-17 00:40 --------- d-----w c:\program files\Common Files\Adobe
2008-10-13 03:39 --------- d-----w c:\program files\Advanced Registry Optimizer
2008-10-13 00:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-13 00:13 --------- d-----w c:\program files\DVD Shrink
2008-10-10 22:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2008-10-10 01:53 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\AVGTOOLBAR
2008-10-10 00:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 15:21 --------- d-----w c:\program files\TCPOptimizer
2008-10-07 22:51 --------- d-----w c:\program files\Microsoft Private Folder 1.0
2008-09-15 08:11 47,360 ----a-w c:\documents and settings\JIM.JIM-ADM\Application Data\pcouffin.sys
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2001-07-26 20:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-05-08 20:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 18:22 1,437 ----a-w c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-26 29744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Real Alternative\Update_OB\realsched.exe" [2008-12-05 180269]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office Shortcut Bar.lnk - c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe [2008-09-15 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
--------- 2005-05-02 21:21 32768 c:\program files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2004-09-21 19:39 7094272 c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 07:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 12:48 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-03 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-03 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-03 76040]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-09-09 693512]
R2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-26 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-28 38496]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-09-09 906504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-27 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-05 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2008-12-05 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
FireFox -: Profile - c:\documents and settings\JIM.JIM-ADM\Application Data\Mozilla\Firefox\Profiles\pspl3th6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 00:59:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Active Monitor\imonNT.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft Office\Office\1033\MSOFFICE.EXE
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-06 1:05:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 06:05:11

Pre-Run: 37,978,652,672 bytes free
Post-Run: 37,893,627,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Professional" /fastdetect /NoExecute=OptIn

289 --- E O F --- 2008-11-23 01:33:46

This was my log > combofix.txt

I am going to run SDFIX and will be back.
Jim

0

Definitely found and removed the inst.exe>>>Trojan.W32.RealSearch>>>This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
along with the other two, which I really can find little or no information about so we must assume they are part of this infection.

0

Definitely found and removed the inst.exe>>>Trojan.W32.RealSearch>>>This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
along with the other two, which I really can find little or no information about so we must assume they are part of this infection.

SDFIX LOG
SDFix: Version 1.240
Run by JIM on Wed 12/10/2008 at 09:22 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found


Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:47:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...

C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv 3182 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv 2680 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv 1255 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls 13824 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4 11088 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4 14080 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls 44032 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip 99422 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls 84992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls 103936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls 60416 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls 84480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls 87552 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip 99428 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip 329776 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls 5632 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls 31744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls 24064 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls 14848 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv 20790 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls 25600 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls 23040 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls 20480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2008JimDoris.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2008JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls 22016 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls 17920 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls 16896 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls 29184 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS 50688 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls 124928 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls 123904 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls 95744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls 41472 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls 32256 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1 36804 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls 140288 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls 34304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls 39936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS 58368 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls 45568 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls 47104 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\prvflder.dat 512 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 141


Remaining Services :


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Thu 23 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Fri 5 Dec 2008 2,828 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys"
Thu 9 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 14 Sep 2008 678,814 ...H. --- "C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe"
Thu 18 Mar 1999 70,656 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\cabarc.exe"
Wed 24 Feb 1999 111,104 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\Proflwiz.exe"
Fri 14 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 19 Nov 2003 495,616 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\PhotoJam 4 Deluxe.exe"
Fri 14 Nov 2003 372,736 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\product\PhotoJam 4 Deluxe.exe"
Wed 10 Dec 2008 8,278 A..H. --- "C:\Documents and Settings\JIM.JIM-ADM\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
Wed 26 Feb 1997 21,504 A..H. --- "C:\Program Files\Corel\Graphics10\Draw\Scripts\Misc\scpext.dll"

Finished!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.