0

Is Pearson your school and MyITlab part of that instructional program?
Do you still use AOL mail?

Edited by jholland1964: n/a

0

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
Click on the Save list. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply back here.
Judy

Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
AVG 9.0
Belkin Wireless Utility
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8120 smartphone
BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
BlackBerry Media Sync
BlackBerry® Media Sync
Bonjour
Brother 1440
Brownie
BytePro
Catz (remove only)
dBpowerAMP Music Converter
Disney Toontown Online
DVD
Easy CD Creator 5 Basic
Eds Viewer
eLynx SMARTvue
ESET Online Scanner v3
GTW V.92 Voicemodem
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iTunes
Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Easy Assist
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Picture It! Photo 7.0
Microsoft Picture It! Publishing Platinum 2002
Microsoft Streets and Trips 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Mortgage Wizard version 6.6a
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Netscape (7.01)
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Originator Express
PaperPort 8.0 SE
PhotoLook
Point
Professional Resume Creator
PS/2 Millennium Keyboard
Quicken 2003 New User Edition
QuickTime
Revo Uninstaller 1.83
Rhapsody Player Engine
SBA Remote System Setup
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shadow Copy Client
Shockwave
Spybot - Search & Destroy 1.4
The Qualifier Series
TightVNC 1.2.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player (Remove Only)
Wal-Mart Music Downloads Store
Windows Defender
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7

0

Is Pearson your school and MyITlab part of that instructional program?
Do you still use AOL mail?

Yes, MyITlab/Pearson is part of my schooling

And I do use AOL email, but i just go to www.myaol.com to check it there and I don't have to use the software on my computer and when i had it before on my pc it was running really slow so i uninstalled it

0

Ok, thanks for the quick responses.

You should run HiJackThis again, system scan only this time, no log yet, and put check marks next to the following entries if they remain:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/fr...ouseplayer.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BMC.local
O17 - HKLM\Software\..\Telephony: DomainName = BMC.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{1658BB73-B14B-4A2F-B915-8578C24715F0}: NameServer = 192.168.16.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BMC.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{1658BB73-B14B-4A2F-B915-8578C24715F0}: NameServer = 192.168.16.2

Once you have the check marks placed click the Fix Checked button. Exit HJT, reboot the computer and run a NEW HJT scan this time use that top button so you will have a log. Post that log and I will give you the last few steps...almost there :>)
Judy

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:44 PM, on 01/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\CANDACE\Application Data\Mozilla\Profiles\default\c51mjz62.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\CANDACE\Application Data\Mozilla\Profiles\default\c51mjz62.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: PrxcnBHO Class - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - C:\PROGRA~1\PROXYC~1\PRXCNB~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: *.myitlab.com
O15 - Trusted Zone: *.pearsoncmg.com
O15 - Trusted Zone: *.pearsoned.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://bmcsbs/connectcomputer/nshelp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263923616655
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.31.downloads.estara.com./as/OneCCDM.php?template=107031&sessionid=2060807122_70.43.202.10_63784&=&req=1167236044230OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263949245658
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://bmcsbs/tsweb/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlineregister.com/gateway/serial/gwCID.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {E08B60AF-05F9-41A5-BF6E-80143269FB81} (ByteClickLoan Control) - http://www.clickloan.com/CAB/ByteClickLoan/1,0,0,1/ByteClickLoan.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BMC.local
O17 - HKLM\Software\..\Telephony: DomainName = BMC.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BMC.local
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - Unknown owner - C:\Program Files\AVG\AVG9\avgfws9.exe (file missing)
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 11657 bytes

0

You have some unnecessary auto starts that can easily be run manually.
I am going to recommend you download and install Mike Lin's Startup Control Panel. A small, FREE program to easily control auto starts.
Simply download and install. Once that is complete you will find it in the Control Panel, a little computer icon labeled StartUp

Simply open the program and go through each tab. Remove the check marks that you find with these listings:
Windows Defender
Microsoft Works Update Detection
iTunesHelper
ISUSPM Startup
IgfxTray
GWMDMpi
GWMDMMSG
AdaptecDirectCD
Adobe Photo Downloader
Adobe Reader Speed Launcher
QuickTime Task
SunJavaUpdateSched
Mozilla Quick Launch
Once you remove the check marks close the program and reboot.
None of those are required for the running of the computer OR for the programs they are linked to, all can be run manually and therefore not needed to auto start.
If you find that a program does not behave the way you want you can go back into Mike Lin's program and put the check mark back in so it will auto start.
If you will note I told you to turn off Windows Defender. It just isn't the program that is worth it and it frankly can interfere with fixes done by other programs. Leave it turned off.

0

I didn't turn Windows Def. back on. How do how cut it off again?

It isn't running, just still listed in auto starts. Follow the instructions and then reboot and do another HJT scan and post the log. We will see if it is still showing in auto starts.
Judy

0

It isn't running, just still listed in auto starts. Follow the instructions and then reboot and do another HJT scan and post the log. We will see if it is still showing in auto starts.
Judy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:15 PM, on 01/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\CANDACE\Application Data\Mozilla\Profiles\default\c51mjz62.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\CANDACE\Application Data\Mozilla\Profiles\default\c51mjz62.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: PrxcnBHO Class - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - C:\PROGRA~1\PROXYC~1\PRXCNB~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: *.myitlab.com
O15 - Trusted Zone: *.pearsoncmg.com
O15 - Trusted Zone: *.pearsoned.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://bmcsbs/connectcomputer/nshelp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263923616655
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.31.downloads.estara.com./as/OneCCDM.php?template=107031&sessionid=2060807122_70.43.202.10_63784&=&req=1167236044230OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263949245658
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://bmcsbs/tsweb/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlineregister.com/gateway/serial/gwCID.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {E08B60AF-05F9-41A5-BF6E-80143269FB81} (ByteClickLoan Control) - http://www.clickloan.com/CAB/ByteClickLoan/1,0,0,1/ByteClickLoan.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BMC.local
O17 - HKLM\Software\..\Telephony: DomainName = BMC.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BMC.local
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - Unknown owner - C:\Program Files\AVG\AVG9\avgfws9.exe (file missing)
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9615 bytes

0

Looks good, except that Adobe Photo Downloader, but this is really up to you.
Here are the final steps you need to take:
You should remove HiJackThis, you don't need it any more.
You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"


You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
Then let me know how things are running.
Judy

0

ComboFix 10-01-26.02 - Candace 01/26/2010 17:58:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.751.440 [GMT -5:00]
Running from: c:\documents and settings\candace\Desktop\ComboFix.exe
Command switches used :: /u
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-26 14:17 . 2010-01-26 14:17 -------- d-----w- c:\documents and settings\candace\Application Data\AVG9
2010-01-25 21:47 . 2010-01-25 21:47 503808 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cd3f9e7-n\msvcp71.dll
2010-01-25 21:47 . 2010-01-25 21:47 499712 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cd3f9e7-n\jmc.dll
2010-01-25 21:47 . 2010-01-25 21:47 348160 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cd3f9e7-n\msvcr71.dll
2010-01-25 21:47 . 2010-01-25 21:47 61440 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31303f96-n\decora-sse.dll
2010-01-25 21:47 . 2010-01-25 21:47 12800 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31303f96-n\decora-d3d.dll
2010-01-21 04:01 . 2010-01-21 04:01 -------- d-----w- c:\program files\ESET
2010-01-20 23:17 . 2010-01-20 23:17 -------- d-----w- c:\documents and settings\candace\Application Data\Malwarebytes
2010-01-20 23:17 . 2010-01-07 21:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-01-20 23:17 . 2010-01-20 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 23:17 . 2010-01-07 21:07 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-01-20 23:17 . 2010-01-20 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 22:08 . 2010-01-20 22:08 -------- d-----w- c:\program files\Trend Micro
2010-01-20 03:34 . 2010-01-20 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-20 01:22 . 2009-10-15 16:28 81920 -c----w- c:\winnt\system32\dllcache\fontsub.dll
2010-01-20 01:22 . 2009-10-15 16:28 119808 -c----w- c:\winnt\system32\dllcache\t2embed.dll
2010-01-20 01:20 . 2009-11-21 15:51 471552 -c----w- c:\winnt\system32\dllcache\aclayers.dll
2010-01-20 01:12 . 2009-06-21 21:44 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll
2010-01-20 01:10 . 2009-07-10 13:27 1315328 -c----w- c:\winnt\system32\dllcache\msoe.dll
2010-01-20 01:05 . 2008-12-11 10:57 333952 -c----w- c:\winnt\system32\dllcache\srv.sys
2010-01-20 01:04 . 2008-10-24 11:21 455296 -c----w- c:\winnt\system32\dllcache\mrxsmb.sys
2010-01-20 01:04 . 2009-07-31 04:35 1172480 -c----w- c:\winnt\system32\dllcache\msxml3.dll
2010-01-20 01:04 . 2008-10-15 16:34 337408 -c----w- c:\winnt\system32\dllcache\netapi32.dll
2010-01-20 01:04 . 2008-05-01 14:33 331776 -c----w- c:\winnt\system32\dllcache\msadce.dll
2010-01-20 01:03 . 2008-04-11 19:04 691712 -c----w- c:\winnt\system32\dllcache\inetcomm.dll
2010-01-19 23:35 . 2010-01-19 23:35 -------- d-----w- c:\winnt\system32\XPSViewer
2010-01-19 23:35 . 2010-01-19 23:35 -------- d-----w- c:\program files\MSBuild
2010-01-19 23:35 . 2010-01-19 23:35 -------- d-----w- c:\program files\Reference Assemblies
2010-01-19 23:34 . 2008-07-06 12:06 89088 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-19 23:34 . 2008-07-06 12:06 89088 -c----w- c:\winnt\system32\dllcache\filterpipelineprintproc.dll
2010-01-19 23:34 . 2008-07-06 12:06 575488 -c----w- c:\winnt\system32\dllcache\xpsshhdr.dll
2010-01-19 23:34 . 2008-07-06 12:06 575488 ------w- c:\winnt\system32\xpsshhdr.dll
2010-01-19 23:34 . 2008-07-06 12:06 1676288 -c----w- c:\winnt\system32\dllcache\xpssvcs.dll
2010-01-19 23:34 . 2008-07-06 12:06 1676288 ------w- c:\winnt\system32\xpssvcs.dll
2010-01-19 23:34 . 2008-07-06 12:06 117760 ------w- c:\winnt\system32\prntvpt.dll
2010-01-19 23:34 . 2008-07-06 10:50 597504 -c----w- c:\winnt\system32\dllcache\printfilterpipelinesvc.exe
2010-01-19 23:34 . 2008-07-06 10:50 597504 ------w- c:\winnt\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-19 23:34 . 2010-01-19 23:34 -------- d-----w- C:\d43f7887d30d91f29609ef2841
2010-01-19 21:27 . 2010-01-19 21:27 -------- d-----w- c:\winnt\system32\scripting
2010-01-19 21:27 . 2010-01-19 21:27 -------- d-----w- c:\winnt\l2schemas
2010-01-19 21:27 . 2010-01-19 21:27 -------- d-----w- c:\winnt\system32\en
2010-01-19 20:58 . 2010-01-19 20:58 -------- d-----w- c:\winnt\EHome
2010-01-19 18:42 . 2008-04-14 00:12 214528 -c--a-w- c:\winnt\system32\dllcache\wordpad.exe
2010-01-19 18:42 . 2008-04-14 00:12 276992 ------w- c:\winnt\system32\wmphoto.dll
2010-01-19 18:42 . 2008-04-14 00:12 69120 ------w- c:\winnt\system32\wlanapi.dll
2010-01-19 18:42 . 2008-04-14 00:12 712704 ------w- c:\winnt\system32\windowscodecs.dll
2010-01-19 18:42 . 2008-04-14 00:12 346112 ------w- c:\winnt\system32\windowscodecsext.dll
2010-01-19 18:42 . 2008-04-14 00:12 53248 ------w- c:\winnt\system32\tsgqec.dll
2010-01-19 18:42 . 2008-04-14 00:12 50688 ------w- c:\winnt\system32\tspkg.dll
2010-01-19 18:40 . 2008-04-14 00:12 144384 ------w- c:\winnt\system32\onex.dll
2010-01-19 18:40 . 2008-04-14 00:12 176640 ------w- c:\winnt\system32\napstat.exe
2010-01-19 18:40 . 2008-04-14 00:12 30208 ------w- c:\winnt\system32\napipsec.dll
2010-01-19 18:40 . 2008-04-14 00:12 193024 ------w- c:\winnt\system32\napmontr.dll
2010-01-19 18:40 . 2008-04-13 17:27 79872 -c----w- c:\winnt\system32\dllcache\msxml6r.dll
2010-01-19 18:40 . 2008-04-13 17:27 79872 ----a-w- c:\winnt\system32\msxml6r.dll
2010-01-19 18:40 . 2009-07-31 15:05 1372672 -c----w- c:\winnt\system32\dllcache\msxml6.dll
2010-01-19 18:40 . 2008-04-14 00:12 155136 ------w- c:\winnt\system32\mssha.dll
2010-01-19 18:40 . 2008-04-13 18:14 76800 ------w- c:\winnt\system32\msshavmsg.dll
2010-01-19 18:40 . 2008-04-14 00:12 343040 -c--a-w- c:\winnt\system32\dllcache\mspaint.exe
2010-01-19 18:40 . 2008-04-14 00:12 343040 ----a-w- c:\winnt\system32\mspaint.exe
2010-01-19 18:39 . 2008-04-14 00:12 123392 -c--a-w- c:\winnt\system32\dllcache\mplay32.exe
2010-01-19 18:39 . 2008-04-14 00:12 123392 ----a-w- c:\winnt\system32\mplay32.exe
2010-01-19 18:39 . 2008-04-14 00:12 33792 ------w- c:\winnt\system32\mmcperf.exe
2010-01-19 18:39 . 2008-04-14 00:11 397312 ------w- c:\winnt\system32\mmcex.dll
2010-01-19 18:39 . 2008-04-14 00:11 106496 ------w- c:\winnt\system32\mmcfxcommon.dll
2010-01-19 18:39 . 2008-04-14 00:11 184320 ------w- c:\winnt\system32\microsoft.managementconsole.dll
2010-01-19 18:38 . 2008-04-14 00:11 37376 ------w- c:\winnt\system32\l2gpstore.dll
2010-01-19 18:38 . 2008-04-14 00:11 61440 ------w- c:\winnt\system32\kmsvc.dll
2010-01-19 18:38 . 2008-04-14 00:09 6144 ------w- c:\winnt\system32\kbdpash.dll
2010-01-19 18:38 . 2008-04-14 00:09 6144 ------w- c:\winnt\system32\kbdnepr.dll
2010-01-19 18:38 . 2008-04-14 00:09 6144 ------w- c:\winnt\system32\kbdiultn.dll
2010-01-19 18:38 . 2008-04-14 00:09 6144 ------w- c:\winnt\system32\kbdbhc.dll
2010-01-19 18:38 . 2008-04-14 00:10 102912 -c----w- c:\winnt\system32\dllcache\dpcdll.dll
2010-01-19 18:38 . 2008-04-14 00:09 24064 -c----w- c:\winnt\system32\dllcache\pidgen.dll
2010-01-19 18:37 . 2008-04-13 18:45 46592 ------w- c:\winnt\system32\drivers\irbus.sys
2010-01-19 18:37 . 2008-04-13 18:43 9728 ------w- c:\winnt\system32\comsdupd.exe
2010-01-19 18:37 . 2008-04-14 00:11 347136 ----a-w- c:\winnt\system32\hypertrm.dll
2010-01-19 18:37 . 2008-04-13 16:36 144384 ------w- c:\winnt\system32\drivers\hdaudbus.sys
2010-01-19 18:35 . 2008-04-14 00:12 184320 -c--a-w- c:\winnt\system32\dllcache\accwiz.exe
2010-01-19 18:35 . 2008-04-14 00:12 184320 ----a-w- c:\winnt\system32\accwiz.exe
2010-01-19 18:35 . 2008-04-14 00:11 136192 ------w- c:\winnt\system32\aaclient.dll
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 21:52 . 2007-07-16 20:42 -------- d-----w- c:\program files\Common Files\Java
2010-01-25 21:47 . 2007-07-16 20:43 -------- d-----w- c:\program files\Java
2010-01-22 19:05 . 2009-04-27 15:52 -------- d-----w- c:\program files\Microsoft
2010-01-22 19:05 . 2003-07-23 16:23 -------- d-----w- c:\program files\Common Files\AOL
2010-01-22 15:45 . 2003-12-02 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-22 15:43 . 2007-05-01 14:17 -------- d-----w- c:\program files\Common Files\aolshare
2010-01-22 15:31 . 2009-11-19 23:52 -------- d-----w- c:\program files\Common Files\Apple
2010-01-22 15:10 . 2009-11-20 00:45 -------- d-----w- c:\program files\Bonjour
2010-01-22 14:36 . 2003-07-23 16:29 -------- d-----w- c:\program files\Symantec
2010-01-22 14:36 . 2003-07-23 16:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-20 00:57 . 2006-11-06 00:04 201400 ----a-w- c:\documents and settings\candace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-19 22:46 . 2009-04-03 13:47 256 ----a-w- c:\winnt\system32\pool.bin
2010-01-19 21:32 . 2006-11-04 22:57 99601 ----a-w- c:\winnt\PCHealth\HelpCtr\OfflineCache\index.dat
2010-01-14 16:12 . 2009-10-21 00:25 181120 ------w- c:\winnt\system32\MpSigStub.exe
2010-01-11 22:22 . 2009-10-31 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-11 22:22 . 2003-07-23 16:27 -------- d-----w- c:\program files\Microsoft Works
2010-01-09 17:35 . 2009-11-20 02:05 -------- d-----w- c:\program files\QuickTime
2009-12-31 14:21 . 2009-12-02 20:43 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-30 02:58 . 2009-11-19 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-17 22:14 . 2009-04-08 18:24 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-12-02 20:45 . 2009-12-02 20:45 19900192 ----a-w- c:\documents and settings\candace\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
2009-12-02 03:21 . 2009-12-02 03:21 25608 ----a-w- c:\winnt\system32\drivers\AVGIDSxx.sys
2009-12-02 03:21 . 2009-12-02 03:21 161800 ----a-w- c:\winnt\system32\drivers\avgrkx86.sys
2009-12-02 03:21 . 2009-06-01 19:48 360584 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2009-12-02 03:21 . 2009-06-01 19:47 333192 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-12-02 03:21 . 2007-12-27 21:04 28424 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-12-02 03:19 . 2009-12-02 03:19 50968 ----a-w- c:\winnt\system32\avgfwdx.dll
2009-12-02 03:19 . 2009-12-02 03:19 30104 ----a-w- c:\winnt\system32\drivers\avgfwdx.sys
2009-12-02 03:19 . 2009-06-01 19:47 -------- d-----w- c:\program files\AVG
2009-12-02 03:19 . 2009-12-02 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-02 02:59 . 2009-12-02 02:58 891208 ----a-w- C:\AVG SFTWAREfree.exe
2009-11-29 20:58 . 2009-11-29 20:58 152576 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-29 20:58 . 2009-11-29 20:58 79488 ----a-w- c:\documents and settings\candace\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-22 01:16 . 2009-11-22 01:16 17871 ----a-w- c:\winnt\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-11-22 01:16 . 2005-11-11 23:23 167936 ----a-w- c:\winnt\system32\SpoonUninstall.exe
2009-11-21 15:51 . 2004-08-04 06:56 471552 ----a-w- c:\winnt\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-04 06:56 832512 ------w- c:\winnt\system32\wininet.dll
2009-10-29 07:46 . 2009-03-25 17:17 78336 ----a-w- c:\winnt\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 06:56 17408 ----a-w- c:\winnt\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2003-03-11 114688]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\winnt\system32\drivers\AVGIDSxx.sys [12/01/2009 10:21 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [12/01/2009 10:21 PM 161800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [06/01/2009 2:47 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [06/01/2009 2:48 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/01/2009 10:20 PM 285392]
R3 Avgfwdx;Avgfwdx;c:\winnt\system32\drivers\avgfwdx.sys [12/01/2009 10:19 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/01/2009 10:20 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/01/2009 10:20 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/01/2009 10:20 PM 25736]
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\winnt\system32\drivers\BLKWGD.sys [11/06/2006 10:21 AM 463872]
S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/01/2009 10:20 PM 5832712]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [10/05/2006 10:11 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\winnt\system32\drivers\avgfwdx.sys [12/01/2009 10:19 PM 30104]
S3 brfilt;Brother MFC Filter Driver;c:\winnt\system32\drivers\BrFilt.sys [02/18/2004 11:53 AM 2944]
S3 BrSerWDM;Brother Serial driver;c:\winnt\system32\drivers\BrSerWdm.sys [02/18/2004 11:53 AM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\winnt\system32\drivers\BrUsbMdm.sys [02/18/2004 11:53 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\winnt\system32\drivers\BrUsbScn.sys [02/18/2004 11:52 AM 10368]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\winnt\system32\Drivers\usbbc.sys --> c:\winnt\system32\Drivers\usbbc.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\winnt\system32\wlanndi5.sys [04/21/2004 5:51 PM 16384]
S3 WLUX96;3Com 3CRSHEW696 Wireless LAN USB Adapter;c:\winnt\system32\drivers\wlux96f.sys [10/30/2003 12:37 PM 80896]
S4 AloPar;AloPar;c:\winnt\system32\drivers\AloPar.sys [09/10/2003 3:29 PM 4112]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: emagic.com\ordersystem
Trusted Zone: myitlab.com
Trusted Zone: order-services.com\ordersystem
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.66.155.171.31.downloads.estara.com./as/OneCCDM.php?template=107031&sessionid=2060807122_70.43.202.10_63784&=&req=1167236044230OneCC.cab
DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
DPF: {E08B60AF-05F9-41A5-BF6E-80143269FB81} - hxxp://www.clickloan.com/CAB/ByteClickLoan/1,0,0,1/ByteClickLoan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Proxyconn\NewValues]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Proxyconn\OldValues]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3652)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
.
Completion time: 2010-01-26 18:10:30
ComboFix-quarantined-files.txt 2010-01-26 23:10
ComboFix2.txt 2010-01-26 15:49

Pre-Run: 39,939,596,288 bytes free
Post-Run: 39,901,433,856 bytes free

- - End Of File - - F67F252C628E1754756E54494C508B44
****I have also created a new restore point*****

0

No, I didn't want a new combofix log, I wanted you to Uninstall combofix. Why did you run another one? You aren't supposed to run it twice. Please follow my directions given in my post #41.

You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

Edited by jholland1964: n/a

0

No, I didn't want a new combofix log, I wanted you to Uninstall combofix. Why did you run another one? You aren't supposed to run it twice. Please follow my directions given in my post #41.

Sorry! When i entered 2, an update popped up and i thought i was supposed to download it. I'll do it over. But before i do, and btw, the pc is running great now, i have one more issue.

The program Word is giving me the error msg "An error occurred and ths feature is no longer working properly/Run setup & repair to restore this app"

This happened after a free trial from Microsoft for 90 days to try out MS office 2007. When the trial was over and I uninstalled it, this started happening.

Any suggestions? I no longer have the reboot cds and that program was already installed when it came from Gateway.

0

It still shows as installed on your computer, Office 2003 I mean. You might look for the folder, maybe there is an install file in there.
Are you certain you didn't receive the cd's when you got the computer? You should have received them, for the Office 2003 anyway.

0

It still shows as installed on your computer, Office 2003 I mean. You might look for the folder, maybe there is an install file in there.
Are you certain you didn't receive the cd's when you got the computer? You should have received them, for the Office 2003 anyway.

Unfortunately no, I just recvd the tower. Where would I find the file ?

0

Unfortunately no, I just recvd the tower. Where would I find the file ?

Probably C drive under programs. Microsoft Office Professional Edition 2003 and or
Microsoft Office Standard Edition 2003
You show Open Office on there also. Know it isn't exactly the same but it CAN open any files created with Microsoft Office. You need a newer version however.

-1

My suggestion. Download AnVir Task Manager. When you run it, AnVir shows you all startup programs and Windows processes, so you’ll find harmful file in a minute. I always use it when I clean one’s PC. Sorry for the offtopic.

Votes + Comments
This thread is solved. Suggestion is unneeded
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.