[Inactive] Virus maybe? please help

Status
Not open for further replies.
G

googlefloob

Posts: 12   +0
for 3 days my internet speed on my laptop has been extremely slow and very fast on the other computers in my home. i have exhausted many efforts to fix this issue including: scanning / removing many files using malware scanners like Malwarebytes, AVG, etc. i have cleaned the registry with various cleaning programs, i have removed all temporary files, cleared history. i have tried pretty much everything so i am really desperate for help. i have scanned the file with Hijack This and i have included the log file. if it makes any difference, there are 11 svchost.exe processes running at the moment and most lead to the same file location so i think this is a major issue. thank you so much for the help. ='/

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:02:47 PM, on 8/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\CommRA\CommRA.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\SmartAssemblyHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\No-IP\DUC20.exe
C:\Downloads\jdk\bin\javaw.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TrendMicro\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchIndexer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.pctools.com/mrc/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.pctools.com/mrc/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program

Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Street-Ads Browser Enhancer nplsp - {2D317AE0-6595-428A-9365-2361CDE6E167} -

C:\Windows\system32\nplsp.dll
O2 - BHO: Sky-Banners Browser Enhancer rplsp - {69A4616D-43A3-498F-9867-CEDBA8E741D7}

- C:\Windows\system32\rplsp.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program

Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

- C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program

Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} -

C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -

hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0

\AdobeARM.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\EULALauncher.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support

Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SmartAssemblyHelper] "C:\Windows\system32\SmartAssemblyHelper.exe"
O4 - HKLM\..\Run: [sta] rundll32 "rplsp.dll",,Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Mbutaludejemilap] rundll32.exe "C:\Windows\system32

\config\systemprofile\AppData\Local\KBDape.dll",Startup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Mbutaludejemilap] rundll32.exe "C:\Windows\system32

\config\systemprofile\AppData\Local\KBDape.dll",Startup (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line

Detect\DLG.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program

Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3

\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program

Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tigbdte.dll
O15 - Trusted Zone: scanner.novirusthanks.org
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-

BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. -

C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program

Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CommViewAgent - TamoSoft - C:\Program Files\CommRA\CommRA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360

\IS360srv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE

Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program

Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program

Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program

Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)

(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program

Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware

Doctor\TFEngine\TFService.exe
O23 - Service: UnrealIRCd - none - C:\Program Files\Unreal3.25\wircd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 12781 bytes
Click to expand...
 
Welcome aboard
yahooo.gif


Please, disable "word wrap" in Notepad, because your log is hard to read.
Do NOT wrap logs in quotes.
Do NOT bump your topic. It'll not speed up anything.
We don't use HJT around here anymore.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
 
i was unable to complete a GMER scan, about 30 minutes into the scan everytime it freezes and then my computer itself freezes and goes into a blue and white twitching screen. upon completing a Malwarebytes scan it doesn't find any infections. i was able to complete a DDS scan, here it is:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Janice at 10:17:27.42 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.51 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\SmartAssemblyHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\No-IP\DUC20.exe
C:\Downloads\jdk\bin\javaw.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Users\Janice\Desktop\iqny94r2.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\opera.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Janice\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ECenter] "c:\dell\e-center\EULALauncher.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SmartAssemblyHelper] "c:\windows\system32\SmartAssemblyHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
 
here is the remainder and the Attach DDS:

dRun: [Mbutaludejemilap] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\KBDape.dll",Startup
StartupFolder: c:\users\janice\appdata\roaming\micros~1\windows\startm~1\programs\startup\no-ipd~1.lnk - c:\program files\no-ip\DUC20.exe
StartupFolder: c:\users\janice\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\downloads\jdk\bin\javaw.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\windows\system32\tigbdte.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\janice\appdata\roaming\mozilla\firefox\profiles\r0t05r8r.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
 
here is the remainder of Attach DDS:

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-2 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-8-2 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-8-2 59664]
R1 61777721;61777721;c:\windows\system32\drivers\61777721.sys [2010-6-18 128016]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-8-2 233136]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 setup_9.0.0.722_18.06.2010_09-39[1]drv;setup_9.0.0.722_18.06.2010_09-39[1]drv;c:\windows\system32\drivers\6177772.sys [2010-6-18 311312]
R1 TsVp;TsVp;c:\windows\system32\drivers\tsvp.sys [2009-10-24 27432]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2007-8-31 20480]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2009-10-24 19496]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-8-2 63360]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-24 38976]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2010-6-29 348160]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-8-2 33552]
S3 TsVlb;TsVlb;c:\windows\system32\drivers\tsvlb.sys [2009-10-24 20264]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-2 112592]
S4 CommViewAgent;CommViewAgent;c:\program files\commra\CommRA.exe [2009-10-24 1220920]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2010-08-02 22:04:06 0 d-----w- c:\programdata\IObit
2010-08-02 22:03:59 0 d-----w- c:\program files\IObit
2010-08-02 21:50:30 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-02 21:50:30 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-02 21:50:30 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-02 20:59:26 767952 -c--a-w- c:\windows\BDTSupport.dll
2010-08-02 20:59:25 882 -c--a-w- c:\windows\RegSDImport.xml
2010-08-02 20:59:25 879 -c--a-w- c:\windows\RegISSImport.xml
2010-08-02 20:59:24 149456 -c--a-w- c:\windows\SGDetectionTool.dll
2010-08-02 20:59:24 131 -c--a-w- c:\windows\IDB.zip
2010-08-02 20:59:24 1152444 -c--a-w- c:\windows\UDB.zip
2010-08-02 20:59:23 165840 -c--a-w- c:\windows\PCTBDRes.dll
2010-08-02 20:59:23 1652688 -c--a-w- c:\windows\PCTBDCore.dll
2010-08-02 20:57:50 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-02 20:57:50 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-02 20:57:50 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-02 20:57:38 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-02 20:57:38 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-02 20:57:38 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-02 20:57:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-02 20:57:03 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-02 20:57:03 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-02 20:56:41 0 d-----w- c:\users\janice\appdata\roaming\PC Tools
2010-08-02 20:56:41 0 d-----w- c:\programdata\PC Tools
2010-08-02 14:16:25 0 d-----w- c:\users\janice\appdata\roaming\PC Doc Pro
2010-08-02 14:16:02 0 d-----w- c:\program files\PC Doc Pro v5
2010-08-01 16:44:42 1905 -c--a-w- c:\windows\diagwrn.xml
2010-08-01 16:44:42 1905 -c--a-w- c:\windows\diagerr.xml
2010-08-01 13:25:05 0 dc-h--w- c:\windows\PIF
2010-07-29 01:02:15 768000 ----a-w- c:\windows\system32\drivers\crmdkqud.sys
2010-07-29 01:00:51 8192 ----a-w- c:\windows\system32\tigbdte.dll
2010-07-29 01:00:41 18944 ----a-w- c:\windows\system32\msippsth.dll
2010-07-29 01:00:27 0 d-----w- c:\programdata\Update
2010-07-28 15:56:24 87608 ----a-w- c:\users\janice\appdata\roaming\inst.exe
2010-07-28 15:55:39 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-07-28 15:55:36 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-07-28 15:55:36 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-07-28 15:55:36 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-07-28 15:55:36 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-07-28 15:55:34 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-07-28 15:55:34 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-07-27 23:18:04 0 d-----w- c:\program files\Aimersoft
2010-07-27 18:03:28 0 d-----w- c:\program files\CookiesBoy LTD
2010-07-27 17:55:04 0 d-----w- c:\program files\Engelmann Media

==================== Find3M ====================

2010-08-03 03:29:46 99 ----a-w- c:\users\janice\jagex_runescape_preferences2.dat
2010-08-03 02:10:40 46 ----a-w- c:\users\janice\jagex_runescape_preferences.dat
2010-08-02 23:08:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 13:02:08 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-07-28 15:56:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-28 15:56:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-28 15:56:23 47360 ----a-w- c:\users\janice\appdata\roaming\pcouffin.sys
2010-07-02 16:16:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-28 02:37:50 0 ----a-w- c:\users\janice\jagex__preferences3.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 08:15:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-14 20:08:36 418816 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2009-10-14 20:07:40 348160 ----a-w- c:\windows\inf\wg111v3\WG111v3.sys
2009-10-14 20:07:40 348160 ----a-w- c:\windows\inf\wg111v3\vista\wg111v3.sys
2009-08-14 02:19:56 73728 ----a-w- c:\windows\inf\wg111v3\win7x64\SetVistaDrv64.exe
2009-07-20 23:20:04 65536 ----a-w- c:\windows\inf\wg111v3\win7x86\SetVistaDrv.exe
2009-06-03 15:36:22 74752 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2009-06-03 15:30:26 49152 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2009-04-01 14:49:14 57344 ----a-w- c:\windows\inf\wg111v3\SetVistaDrv.exe
2008-12-12 23:13:32 512000 ----a-w- c:\windows\inf\wg111v3\win7x64\DIFxAPI.dll
2008-12-12 22:57:46 313856 ----a-w- c:\windows\inf\wg111v3\win7x86\DIFxAPI.dll
2008-12-09 01:13:26 174 --sha-w- c:\program files\desktop.ini
2007-04-23 18:15:48 31016 ----a-w- c:\windows\inf\wg111v3\vista64\RtlProt.sys
2007-04-23 15:50:50 25896 ----a-w- c:\windows\inf\wg111v3\vista\RtlProt.sys
2007-04-20 02:22:44 75264 ----a-w- c:\windows\inf\wg111v3\vista64\rtkbind.exe
2007-04-20 02:22:28 74752 ----a-w- c:\windows\inf\wg111v3\vista\rtkbind.exe
2006-12-15 16:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 16:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 16:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 16:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 16:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-03-16 13:24:24 49664 ----a-w- c:\windows\inf\wg111v3\devcon.exe
2008-12-08 22:05:55 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-12-08 22:05:55 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-12-08 22:05:55 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-10-29 06:29:41 146944 --sh--r- c:\windows\system32\windirRob.exe
2009-08-21 18:22:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-05-29 09:13:26 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:25:15.76 ===============

Attach DDS:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 5/28/2007 8:23:00 PM
System Uptime: 8/3/2010 10:09:32 AM (0 hours ago)

Motherboard: Dell Inc. | | 0UW744
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 46 GiB total, 8.468 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.608 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

'Full Speed' Internet Booster + Performance Tests
{smartassembly}
µTorrent
5star Game Copy
AccessDiver v4.402
Acrobat.com
ActivePerl 5.10.1 Build 1006
ActivePerl 5.8.3 Build 809
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Reader 9.3.3
AIM 6
AIM Toolbar 5.0
Aimersoft DVD Creator(Build 2.2.7.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armadillo 4.54 (20.04.2006)
ATI Catalyst Control Center Ex
ATI PCI Express (3GIO) Filter Driver
AusLogics BoostSpeed
AviSynth 2.5
Bind to EXE Library v1.1
Bonjour
Browser Defender 2.0.6.15
Cain & Abel v4.9.35
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CommView Remote Agent
Conexant HDA D110 MDC V.92 Modem
ConvertXtoDVD 4.0.12.327
Cookies Game Burner 3.0
DC++ 0.750
Dell Driver Download Manager
Dell Support Center
Dell System Customization Wizard
Dell Wireless WLAN Card
DellSupport
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Line Detect
DivX Web Player
EarthLink Setup Files
Easy File Joiner
Engage Packet builder v2.2.0
Eusing Free Registry Cleaner
File Shredder 2.0
Free Window Registry Repair
FreeVPN v3.20
Freeze.com Toolbar
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
GoTrusted Secure Tunnel
GTK+ Runtime 2.12.8 rev a (remove only)
Hex Workshop v4.23
HHD Software Free Hex Editor Neo 4.95
Hide Your IP Address
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
HTTPS tunnel
HyperCam 2
IconChanger
iMesh
Internet Service Offers Launcher
IObit Security 360
IRCXpro v1.2
IrfanView (remove only)
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 13
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Runtime Environment 6
Kazaa 3.2.7
LimeWire 5.2.13
Macro Scheduler Std
Macro Wizard 4.1
MacroMaker
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Platform SDK (3790.1830)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
mIRC
MobileMe Control Panel
Modem Diagnostic Tool
Motherflooder
Mozilla Firefox (3.6.8)
Mp3 Song Plays Increaser
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NETGEAR WG111v3 wireless USB 2.0 adapter
NetTools 5.0
NetWaiting
NNScript
No-IP.com DUC (remove only)
Norton 360
NoVirusThanks Uploader 2.2
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Opera 10.60
PC Doc Pro v5
PC Guard for Win32 V5.05 DEMO
PFPortChecker 1.0.31
Platinum Hide IP
Polipo 1.0.4.1
PowerDVD
Product Documentation Launcher
ProxySwitcher Standard
Quick Screen Capture 3.0
QuickSet
QuickTime
RadarSync PC Updater 2010
Rosetta Stone Ltd Services
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio MyDVD DE
Roxio Update Manager
Sandboxie 3.38
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Setup 1.0
Sonic Activation Module
Sony Media Manager 2.2
Spyware Doctor 7.0
Sql Server Customer Experience Improvement Program
Subversion
SwiftKit
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
TeamSpeak 3 Client
TeamViewer 5
Tor 0.2.1.24
TortoiseSVN 1.6.5.16974 (32 bit)
Tube Increaser
UnrealIRCd3.2.8.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Vidalia 0.2.7
VideoLAN VLC media player 0.8.6f
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Movie Maker 2.6
WinPcap 4.1.1
WinRAR archiver
Wireshark 1.2.4
X-NetStat Pro 5.55
Your Freedom
Your Freedom 20100304-01
Zultrax P2P

==== End Of File ===========================
 
here is the remainder of Attach DDS:

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-2 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-8-2 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-8-2 59664]
R1 61777721;61777721;c:\windows\system32\drivers\61777721.sys [2010-6-18 128016]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-8-2 233136]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 setup_9.0.0.722_18.06.2010_09-39[1]drv;setup_9.0.0.722_18.06.2010_09-39[1]drv;c:\windows\system32\drivers\6177772.sys [2010-6-18 311312]
R1 TsVp;TsVp;c:\windows\system32\drivers\tsvp.sys [2009-10-24 27432]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2007-8-31 20480]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2009-10-24 19496]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-8-2 63360]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-24 38976]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2010-6-29 348160]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-8-2 33552]
S3 TsVlb;TsVlb;c:\windows\system32\drivers\tsvlb.sys [2009-10-24 20264]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-2 112592]
S4 CommViewAgent;CommViewAgent;c:\program files\commra\CommRA.exe [2009-10-24 1220920]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2010-08-02 22:04:06 0 d-----w- c:\programdata\IObit
2010-08-02 22:03:59 0 d-----w- c:\program files\IObit
2010-08-02 21:50:30 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-02 21:50:30 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-02 21:50:30 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-02 20:59:26 767952 -c--a-w- c:\windows\BDTSupport.dll
2010-08-02 20:59:25 882 -c--a-w- c:\windows\RegSDImport.xml
2010-08-02 20:59:25 879 -c--a-w- c:\windows\RegISSImport.xml
2010-08-02 20:59:24 149456 -c--a-w- c:\windows\SGDetectionTool.dll
2010-08-02 20:59:24 131 -c--a-w- c:\windows\IDB.zip
2010-08-02 20:59:24 1152444 -c--a-w- c:\windows\UDB.zip
2010-08-02 20:59:23 165840 -c--a-w- c:\windows\PCTBDRes.dll
2010-08-02 20:59:23 1652688 -c--a-w- c:\windows\PCTBDCore.dll
2010-08-02 20:57:50 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-02 20:57:50 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-02 20:57:50 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-02 20:57:38 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-02 20:57:38 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-02 20:57:38 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-02 20:57:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-02 20:57:03 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-02 20:57:03 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-02 20:56:41 0 d-----w- c:\users\janice\appdata\roaming\PC Tools
2010-08-02 20:56:41 0 d-----w- c:\programdata\PC Tools
2010-08-02 14:16:25 0 d-----w- c:\users\janice\appdata\roaming\PC Doc Pro
2010-08-02 14:16:02 0 d-----w- c:\program files\PC Doc Pro v5
2010-08-01 16:44:42 1905 -c--a-w- c:\windows\diagwrn.xml
2010-08-01 16:44:42 1905 -c--a-w- c:\windows\diagerr.xml
2010-08-01 13:25:05 0 dc-h--w- c:\windows\PIF
2010-07-29 01:02:15 768000 ----a-w- c:\windows\system32\drivers\crmdkqud.sys
2010-07-29 01:00:51 8192 ----a-w- c:\windows\system32\tigbdte.dll
2010-07-29 01:00:41 18944 ----a-w- c:\windows\system32\msippsth.dll
2010-07-29 01:00:27 0 d-----w- c:\programdata\Update
2010-07-28 15:56:24 87608 ----a-w- c:\users\janice\appdata\roaming\inst.exe
2010-07-28 15:55:39 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-07-28 15:55:36 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-07-28 15:55:36 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-07-28 15:55:36 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-07-28 15:55:36 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-07-28 15:55:34 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-07-28 15:55:34 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-07-27 23:18:04 0 d-----w- c:\program files\Aimersoft
2010-07-27 18:03:28 0 d-----w- c:\program files\CookiesBoy LTD
2010-07-27 17:55:04 0 d-----w- c:\program files\Engelmann Media

==================== Find3M ====================

2010-08-03 03:29:46 99 ----a-w- c:\users\janice\jagex_runescape_preferences2.dat
2010-08-03 02:10:40 46 ----a-w- c:\users\janice\jagex_runescape_preferences.dat
2010-08-02 23:08:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 13:02:08 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-07-28 15:56:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-28 15:56:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-28 15:56:23 47360 ----a-w- c:\users\janice\appdata\roaming\pcouffin.sys
2010-07-02 16:16:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-28 02:37:50 0 ----a-w- c:\users\janice\jagex__preferences3.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 08:15:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-14 20:08:36 418816 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2009-10-14 20:07:40 348160 ----a-w- c:\windows\inf\wg111v3\WG111v3.sys
2009-10-14 20:07:40 348160 ----a-w- c:\windows\inf\wg111v3\vista\wg111v3.sys
2009-08-14 02:19:56 73728 ----a-w- c:\windows\inf\wg111v3\win7x64\SetVistaDrv64.exe
2009-07-20 23:20:04 65536 ----a-w- c:\windows\inf\wg111v3\win7x86\SetVistaDrv.exe
2009-06-03 15:36:22 74752 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2009-06-03 15:30:26 49152 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2009-04-01 14:49:14 57344 ----a-w- c:\windows\inf\wg111v3\SetVistaDrv.exe
2008-12-12 23:13:32 512000 ----a-w- c:\windows\inf\wg111v3\win7x64\DIFxAPI.dll
2008-12-12 22:57:46 313856 ----a-w- c:\windows\inf\wg111v3\win7x86\DIFxAPI.dll
2008-12-09 01:13:26 174 --sha-w- c:\program files\desktop.ini
2007-04-23 18:15:48 31016 ----a-w- c:\windows\inf\wg111v3\vista64\RtlProt.sys
2007-04-23 15:50:50 25896 ----a-w- c:\windows\inf\wg111v3\vista\RtlProt.sys
2007-04-20 02:22:44 75264 ----a-w- c:\windows\inf\wg111v3\vista64\rtkbind.exe
2007-04-20 02:22:28 74752 ----a-w- c:\windows\inf\wg111v3\vista\rtkbind.exe
2006-12-15 16:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 16:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 16:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 16:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 16:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-03-16 13:24:24 49664 ----a-w- c:\windows\inf\wg111v3\devcon.exe
2008-12-08 22:05:55 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-12-08 22:05:55 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-12-08 22:05:55 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-10-29 06:29:41 146944 --sh--r- c:\windows\system32\windirRob.exe
2009-08-21 18:22:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-05-29 09:13:26 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:25:15.76 ===============

Attach DDS:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 5/28/2007 8:23:00 PM
System Uptime: 8/3/2010 10:09:32 AM (0 hours ago)

Motherboard: Dell Inc. | | 0UW744
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 46 GiB total, 8.468 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.608 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

'Full Speed' Internet Booster + Performance Tests
{smartassembly}
µTorrent
5star Game Copy
AccessDiver v4.402
Acrobat.com
ActivePerl 5.10.1 Build 1006
ActivePerl 5.8.3 Build 809
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Reader 9.3.3
AIM 6
AIM Toolbar 5.0
Aimersoft DVD Creator(Build 2.2.7.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armadillo 4.54 (20.04.2006)
ATI Catalyst Control Center Ex
ATI PCI Express (3GIO) Filter Driver
AusLogics BoostSpeed
AviSynth 2.5
Bind to EXE Library v1.1
Bonjour
Browser Defender 2.0.6.15
Cain & Abel v4.9.35
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CommView Remote Agent
Conexant HDA D110 MDC V.92 Modem
ConvertXtoDVD 4.0.12.327
Cookies Game Burner 3.0
DC++ 0.750
Dell Driver Download Manager
Dell Support Center
Dell System Customization Wizard
Dell Wireless WLAN Card
DellSupport
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Line Detect
DivX Web Player
EarthLink Setup Files
Easy File Joiner
Engage Packet builder v2.2.0
Eusing Free Registry Cleaner
File Shredder 2.0
Free Window Registry Repair
FreeVPN v3.20
Freeze.com Toolbar
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
GoTrusted Secure Tunnel
GTK+ Runtime 2.12.8 rev a (remove only)
Hex Workshop v4.23
HHD Software Free Hex Editor Neo 4.95
Hide Your IP Address
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
HTTPS tunnel
HyperCam 2
IconChanger
iMesh
Internet Service Offers Launcher
IObit Security 360
IRCXpro v1.2
IrfanView (remove only)
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 13
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Runtime Environment 6
Kazaa 3.2.7
LimeWire 5.2.13
Macro Scheduler Std
Macro Wizard 4.1
MacroMaker
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Platform SDK (3790.1830)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
mIRC
MobileMe Control Panel
Modem Diagnostic Tool
Motherflooder
Mozilla Firefox (3.6.8)
Mp3 Song Plays Increaser
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NETGEAR WG111v3 wireless USB 2.0 adapter
NetTools 5.0
NetWaiting
NNScript
No-IP.com DUC (remove only)
Norton 360
NoVirusThanks Uploader 2.2
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Opera 10.60
PC Doc Pro v5
PC Guard for Win32 V5.05 DEMO
PFPortChecker 1.0.31
Platinum Hide IP
Polipo 1.0.4.1
PowerDVD
Product Documentation Launcher
ProxySwitcher Standard
Quick Screen Capture 3.0
QuickSet
QuickTime
RadarSync PC Updater 2010
Rosetta Stone Ltd Services
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio MyDVD DE
Roxio Update Manager
Sandboxie 3.38
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Setup 1.0
Sonic Activation Module
Sony Media Manager 2.2
Spyware Doctor 7.0
Sql Server Customer Experience Improvement Program
Subversion
SwiftKit
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
TeamSpeak 3 Client
TeamViewer 5
Tor 0.2.1.24
TortoiseSVN 1.6.5.16974 (32 bit)
Tube Increaser
UnrealIRCd3.2.8.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Vidalia 0.2.7
VideoLAN VLC media player 0.8.6f
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Movie Maker 2.6
WinPcap 4.1.1
WinRAR archiver
Wireshark 1.2.4
X-NetStat Pro 5.55
Your Freedom
Your Freedom 20100304-01
Zultrax P2P

==== End Of File ===========================
 
Finally got the GMER scan to work...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 14:00:01
Windows 6.0.6002 Service Pack 2
Running: iqny94r2.exe; Driver: C:\Users\Janice\AppData\Local\Temp\pwtyipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x86A472D6] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x86A474C8] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x86A7CBD6] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x86A476D0] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 828BB96C 8 Bytes [D6, 72, A4, 86, C8, 74, A4, ...]
.text ntkrnlpa.exe!KeSetEvent + 621 828BBD84 4 Bytes [D6, CB, A7, 86]
.text ntkrnlpa.exe!KeSetEvent + 6E5 828BBE48 4 Bytes [D0, 76, A4, 86]
.text crmdkqud.sys 82EC0000 68 Bytes JMP 82EFEFE1 \SystemRoot\System32\Drivers\crmdkqud.sys
.text crmdkqud.sys 82EC0045 28 Bytes JMP 82EC2511 \SystemRoot\System32\Drivers\crmdkqud.sys
.text crmdkqud.sys 82EC0062 48 Bytes [60, 5E, 89, 44, 24, 18, 66, ...]
.text crmdkqud.sys 82EC0093 172 Bytes [40, 3A, 8D, B4, 24, 52, C1, ...]
.text crmdkqud.sys 82EC0140 26 Bytes JMP 82EC0AE3 \SystemRoot\System32\Drivers\crmdkqud.sys
.text ...
? C:\Windows\System32\Drivers\crmdkqud.sys A device attached to the system is not functioning.

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74827817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7487A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7482BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7481F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7481E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74858395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7482DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7481FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7481FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7484C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7481D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74816853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7481687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74822AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85052950

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8B10CA7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] crmdkqud <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\crmdkqud@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\crmdkqud@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\crmdkqud@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\crmdkqud@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\crmdkqud@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\crmdkqud@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\crmdkqud@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\crmdkqud@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----
 
Yes, I do work and sleep too :)
Once again, please do NOT bump your topic!

Your computer is infected, but I also can't see any antivirus program running.

Please, download and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
After installation, run full scan.
Make sure, Windows firewall is turned ON.

When done....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
When running a scan using Avast! it is unable to remove the "rootkit" just like all the other AVs I have tried. I was able to successfully complete a ComboFix Scan in Safemode, upon running in a normal boot it goes into a blue screen and crashes. Now the infection will not allow me to use any means of internet through browsers on that computer. upon using cmd and using the command "ping google.com" it does send / receive info so I do have an active connection but some how it is being blocked now. also, now I can't start Avast! or scan with it and when I try my computer goes into a blue screen and crashes. whenever I run in safe mode the rootkit still starts as system files. this is a very good virus, this has really stumped me. I have attached the Combofix log it has a .txt file extension...hope that's ok. thanks again for the help. =]

edit again: now when I turn on the computer and try to open basically any file the computer goes into a blue and white glitchy screen and is crashed (it's still fine running things in safemode). I have no idea if this helps at all, hopefully it does. =/
 

Attachments

  • ComboFixlog.txt
    26.5 KB · Views: 2
Thank you for all extra info :)
It helps :)

For now, please stay in safe mode until I'll tell you, it's OK to reboot in normal mode.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\DRIVERS\61777722.sys
c:\windows\system32\DRIVERS\61777721.sys
c:\windows\system32\DRIVERS\dfg.sys
c:\windows\system32\drivers\crmdkqud.sys


Folder::
c:\users\Janice\AppData\Roaming\PC Doc Pro


Driver::
61777722
61777721
dfg


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=-
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crmdkqud]

AtJob::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok, everything appears to have worked with combofix. log has been attached.
 

Attachments

  • ComboFixlog.txt
    22.7 KB · Views: 1
Good job :)

Restart in normal mode and let me know how the computer is doing.

Delete your GMER file, download fresh one and post new log.
 
internet is still not working in browsers, but it does have an active connection. the gmer scan will probably take me 1-2 hours since that's about how long it took last time so i thought i would post this so you don't feel like i'm leaving you hanging, so to speak. thanks again, i can't express how much i appreciate your amazing help. =]

edit: i don't know if it matters but in task manager it is still showing 12 processes running as svchost.exe
 
You're very welcome :)

Does the computer behave decently in normal mode?
Except for internet issue.

Multiple svchost.exe processes are normal.
 
yes, the computer does behave well now except for the internet issue. i just thought the multiple svchost.exes were odd because i looked at this computer's processes and it's not running a single svchost.exe process. the scan for gmer is still not yet completed, but when it is i'll be sure to post it.

edit: the cpu usage on the problem pc has dropped from 40%+ to ~10% the physical memory is still in the 80% range, just thought i'd add that bit of info.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
781
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back