Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Member
    Join Date
    Oct 2012
    Posts
    9
    Points
    0

    Default Slow Lap top and concern for malware...

    Hello!

    Thank you so much for running this site! I couldn't be more happy for the easy step by step way to sift through problems.

    My laptop CPU usage has been increasing for sometime and lately it reached 100% according to task manager despite no prgrams are open. When opening a Microsoft Word application from an email yielded these two pop ups:

    There is not enough memory or disk space to open Word.

    and then:

    Windows cannot find 'C:\Users\User\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5\UOAXPQTH\SST agenda - Oct 16.docx. Make sure you type the name correctly and then try again.

    This error has occured in trying to open several different word doccuments.

    When I look at the Task Manager Processes WINWORD.exe has the highest value (sometimes 2 about 40-50 each). At this time Microsoft Word is not running or open.

    I have found more cookies in virus scanner and dealt with it there using AVG. Also rebooted and emptied recycling bin after hijackthis. It is running a bit better but still quickly moves to 100% CPU usage with no programs running and still cannot open word.

    Thank you so much
    Andrea

    Here are the Logs I have run:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/11/2012 at 02:17 AM

    Application Version : 5.6.1010

    Core Rules Database Version : 9381
    Trace Rules Database Version: 7193

    Scan type : Complete Scan
    Total Scan Time : 02:59:34

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 884
    Memory threats detected : 0
    Registry items scanned : 39205
    Registry threats detected : 0
    File items scanned : 54856
    File threats detected : 64

    Adware.Tracking Cookie
    media.beautifulpeople.com [ C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\58KEC5BY ]
    C:\USERS\USER\APPDATA\LOCAL\TEMP\COOKIES\USER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
    ad.insightexpressai.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    akamai.smartadserver.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    cdn-www.pornhub.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    cdn.media.abc.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    cdn1.static.pornhub.phncdn.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    cdn5.specificclick.net [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    core.saymedia.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    ia.media-imdb.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    m1.2mdn.net [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    macromedia.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    media.coreperformance.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    media.mtvnservices.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    media.resulthost.org [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    media.scanscout.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    media.tattomedia.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    media1.break.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    memecounter.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    msnbcmedia.msn.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    naiadsystems.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    objects.tremormedia.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    s0.2mdn.net [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    secure-us.imrworldwide.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    serving-sys.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    spe.atdmt.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    stat.easydate.biz [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    static.discoverymedia.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    vidego.multicastmedia.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    vitamine.networldmedia.net [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    www.media.gov.on.ca [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    www.naiadsystems.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    Free Porn Videos & Sex Movies - Porno, XXX, Porn Tube and Pussy Porn [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYXH3BT ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@112.2O7[1].TXT [ /112.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ADS.PGATOUR[2].TXT [ /ADS.PGATOUR ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ADS.SIMONANDSCHUSTER[1].TXT [ /ADS.SIMONANDSCHUSTER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ADS.TRAFFIKINGS[1].TXT [ /ADS.TRAFFIKINGS ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ADS.YOUPORN[1].TXT [ /ADS.YOUPORN ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ADXPOSE[1].TXT [ /ADXPOSE ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@BANNERS.TRIBUTE[2].TXT [ /BANNERS.TRIBUTE ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@BELLCAN.ADBUREAU[2].TXT [ /BELLCAN.ADBUREAU ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@CHUMTV.122.2O7[1].TXT [ /CHUMTV.122.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@DMTRACKER[1].TXT [ /DMTRACKER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@DREAMSINC.112.2O7[1].TXT [ /DREAMSINC.112.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@FOXINTERACTIVEMEDIA.122.2O7[1].TXT [ /FOXINTERACTIVEMEDIA.122.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@HITFARM.SHOPPINGCHANNEL[1].TXT [ /HITFARM.SHOPPINGCHANNEL ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@HOSPITALITYEBUSINESS.112.2O7[1].TXT [ /HOSPITALITYEBUSINESS.112.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@RTS.PGMEDIASERVE[1].TXT [ /RTS.PGMEDIASERVE ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@LINKSYNERGY[1].TXT [ /LINKSYNERGY ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@MEDIAFORGE[1].TXT [ /MEDIAFORGE ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@MLBAM.112.2O7[1].TXT [ /MLBAM.112.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@NHL.112.2O7[1].TXT [ /NHL.112.2O7 ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@PARTYPOKER[1].TXT [ /PARTYPOKER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@PARTYPOKER[3].TXT [ /PARTYPOKER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@PORNHUBLIVE[1].TXT [ /PORNHUBLIVE ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@ROGERSMEDIA[1].TXT [ /ROGERSMEDIA ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@TRACKING.RFSOAO[1].TXT [ /TRACKING.RFSOAO ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@USER.LUCIDMEDIA[1].TXT [ /USER.LUCIDMEDIA ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@WWW.PARTYPOKER[1].TXT [ /WWW.PARTYPOKER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@XITI[1].TXT [ /XITI ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
    C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\USER@Z.BLOGADS[2].TXT [ /Z.BLOGADS ]

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/10/2012 at 08:38 PM

    Application Version : 5.6.1010

    Core Rules Database Version : 9381
    Trace Rules Database Version: 7193

    Scan type : Quick Scan
    Total Scan Time : 00:29:24

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 877
    Memory threats detected : 0
    Registry items scanned : 30614
    Registry threats detected : 0
    File items scanned : 8259
    File threats detected : 59

    Adware.Tracking Cookie
    .adcentriconline.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .ads.bootcampmedia.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .ads.bootcampmedia.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .lstat.youku.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .lstat.youku.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .msnaccountservices.112.2o7.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .partypoker.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .partypoker.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .rts.pgmediaserve.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .stat.onestat.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .stat.onestat.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    .Play online poker: Texas Hold [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RYQUVLV.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8EFGTR6.txt [ Cookie:user@legolas-media.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RUFLAQJ.txt [ Cookie:user@liveperson.net/hc/18262047 ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLJIG03G.txt [ Cookie:user@serving-sys.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUH85JQI.txt [ Cookie:user@ar.atwola.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WG8NZPC5.txt [ Cookie:user@adbrite.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8B6GY0WK.txt [ Cookie:user@fastclick.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\I11N00I6.txt [ Cookie:user@yieldmanager.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\50IBJ1ZO.txt [ Cookie:user@traveladvertising.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWEYLATZ.txt [ Cookie:user@www.burstnet.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ILHFEL1.txt [ Cookie:user@2o7.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8U4D43VE.txt [ Cookie:user@networldmedia.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z61A42JL.txt [ Cookie:user@ru4.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUSZ4CCI.txt [ Cookie:user@ww251.smartadserver.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2U5017JU.txt [ Cookie:user@apmebf.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\OHL2GUJ0.txt [ Cookie:user@adinterax.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQX35EXE.txt [ Cookie:user@adxpose.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\VO0ODLEI.txt [ Cookie:user@atwola.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2T9QOORY.txt [ Cookie:user@revsci.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\FZHQOW6K.txt [ Cookie:user@smartadserver.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QF07E3P.txt [ Cookie:user@tribalfusion.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Q5AHIKE.txt [ Cookie:user@media6degrees.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\7COU72S7.txt [ Cookie:user@burstnet.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\P3IU59J7.txt [ Cookie:user@adserver.adtechus.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HN7C53T.txt [ Cookie:user@casalemedia.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8WTJESP9.txt [ Cookie:user@atdmt.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\201VEZLJ.txt [ Cookie:user@realmedia.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDI7GL3U.txt [ Cookie:user@liveperson.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\U09D70BP.txt [ Cookie:user@ads.pointroll.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8KJN41L.txt [ Cookie:user@at.atwola.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\3D4ZUZN9.txt [ Cookie:user@bs.serving-sys.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0V951JD2.txt [ Cookie:user@network.realmedia.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1WJXD1CF.txt [ Cookie:user@c1.atdmt.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\OD3BCZKO.txt [ Cookie:user@zedo.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EB77UL1B.txt [ Cookie:user@vitamine.networldmedia.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2FI7FFP.txt [ Cookie:user@specificclick.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\21WE3JPB.txt [ Cookie:user@247realmedia.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\URDREP0S.txt [ Cookie:user@advertising.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\D937PQKT.txt [ Cookie:user@secure.leadback.advertising.com/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\LM6KN69U.txt [ Cookie:user@sales.liveperson.net/ ]
    C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\13PVEUQ8.txt [ Cookie:user@microsoftsto.112.2o7.net/ ]


    Malwarebytes Anti-Malware 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.10.11.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]

    11/10/2012 6:35:42 AM
    mbam-log-2012-10-11 (06-35-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202674
    Time elapsed: 18 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\ProgramData\ufgo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:16:14 AM, on 11/10/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\explorer.exe
    C:\Users\User\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Canada
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NokiaInternetModem_AppStart.exe] "C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
    O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://mytdsb.on.ca/+CSCOL+/relayp.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/reso...PUplden-ca.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upl...eX_Control.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...PUplden-ca.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11564 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi

    Welcome to Help2Go

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

    This scan will create 2 logs please post them both.

    Joe

  3. #3
    Member
    Join Date
    Oct 2012
    Posts
    9
    Points
    0

    Default

    Thank you so much.

    I know you asked me to attach the attachment notepad as a zip but I unfortunatly don't know how to do that I've attached it as is for now but if you can fill me in I'd be happy to convert it.

    Thank you again,
    A

    Here is the DDS Notes.

    c.
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by User at 7:16:15 on 2012-10-12
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3453.1746 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgcfgex.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ca.yahoo.com/
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
    mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NokiaInternetModem_AppStart.exe] "c:\program files\nokia\nokia internet modem\nokiainternetmodem_appstart.exe" "-start" "c:\program files\nokia\nokia internet modem\NokiaInternetModem.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/relayp.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
    TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
    TCP: Interfaces\{178EEBBF-CFD4-4F18-94F2-E2D18F2CB8CB} : DhcpNameServer = 172.22.2.10 172.22.2.11
    TCP: Interfaces\{5140409F-9578-41CE-8AC8-0B610EE119BB} : DhcpNameServer = 64.71.255.198 192.168.1.1
    TCP: Interfaces\{94AE1FA6-E772-411F-836A-1151300239FF} : DhcpNameServer = 64.71.255.198 64.71.255.253
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-14 27784]
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-13 20352]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-2 297752]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-11 7168]
    R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 81408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-9 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-13 937984]
    S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 85888]
    S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\drivers\nokia_cs1x_cdc_ecm.sys [2010-4-22 50304]
    S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\drivers\nokia_cs1x_cpo.sys [2010-4-22 9856]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-10-11 10:33:36 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
    2012-10-11 10:33:17 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-11 10:33:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-11 10:33:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-11 00:08:57 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
    2012-10-11 00:08:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-11 00:08:41 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-10 01:14:09 985088 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 01:14:08 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 01:14:08 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 01:13:53 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 01:13:43 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 01:13:33 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-10-10 01:13:32 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 01:10:37 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5098e2bf-e37f-4cc4-b766-914b2db00642}\mpengine.dll
    2012-09-12 23:39:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-12 23:39:47 473072 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ==================== Find3M ====================
    .
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 7:17:05.57 ===============
    Attached Files

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    I will post as normal, let me have some time to look it over for you...

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/12/2008 5:55:26 AM
    System Uptime: 12/10/2012 5:02:53 AM (2 hours ago)
    .
    Motherboard: TOSHIBA | |
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57 | Socket M2/S1G1 | 800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 56.044 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 5.923 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1021: 12/09/2012 7:36:37 PM - Installed Java(TM) 6 Update 35
    RP1022: 13/09/2012 6:24:41 PM - Scheduled Checkpoint
    RP1023: 14/09/2012 3:00:28 AM - Windows Update
    RP1024: 17/09/2012 8:26:13 AM - Windows Update
    RP1025: 17/09/2012 10:55:15 PM - Scheduled Checkpoint
    RP1026: 19/09/2012 11:56:31 AM - Scheduled Checkpoint
    RP1027: 20/09/2012 3:34:46 PM - Scheduled Checkpoint
    RP1028: 25/09/2012 5:58:56 PM - Windows Update
    RP1029: 25/09/2012 7:51:19 PM - Windows Update
    RP1030: 26/09/2012 12:07:40 PM - Scheduled Checkpoint
    RP1031: 27/09/2012 4:55:56 PM - Scheduled Checkpoint
    RP1032: 05/10/2012 7:57:15 AM - Windows Update
    RP1033: 09/10/2012 9:08:21 PM - Windows Update
    RP1034: 10/10/2012 7:10:35 PM - Windows Update
    RP1035: 12/10/2012 3:00:45 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    Atheros Wi-Fi Protected Setup Library
    ATI Catalyst Install Manager
    AVG Free 8.5
    Bonjour
    Business Contact Manager for Outlook 2007 SP2
    Camera Assistant Software for Toshiba
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD/DVD Drive Acoustic Silencer
    DVD MovieFactory for TOSHIBA
    Game Maker 8.0
    GearDrvs
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 35
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarkBook 2009
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Communicator 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft XML Parser
    MSVCRT
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Neurotic Media Download Manager
    Nokia Internet Modem
    Norton 360
    OnlinePlay 1.0
    QuickTime
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skins
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Yahoo! BrowserPlus 2.9.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/10/2012 3:09:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    12/10/2012 3:09:12 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/10/2012 3:03:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/10/2012 7:20:52 PM, Error: EventLog [6008] - The previous system shutdown at 7:18:16 PM on 10/10/2012 was unexpected.
    .
    ==== End Of File ===========================

  5. #5
    Member
    Join Date
    Oct 2012
    Posts
    9
    Points
    0

    Default

    AMAZING! Thank you!

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi,

    First things first.

    What Anti Virus program are you using? I see Norton 360 in your programs list, and AVG 8 in the logs. Only use 1 Anti virus program and uninstall the other. Uninstalling Anti Virus programs usually require a special tool so let me know and I'll provide the tool to remove the Anti Virus program, It looks like you may have uninstalled Norton but I see a left over, so we would want to run the special tool for that just in case any left overs.

    Your Adobe reader(8.1 is out of date.) This is an infection risk. Please up-date from link below,

    Adobe - Adobe Reader download - All versions ** Please Uncheck the box for McAfee Security Scan Plus and install adobe latest version.

    Please uninstall these old versions of Java from your programs & features list. Old versions of Java are also an infection risk!
    • Java(TM) 6 Update 3
    • Java(TM) 6 Update 35

    Install the latest version of Java from here java.com: Java + You

    Next

    Please download MiniToolBox http://download.bleepingcomputer.com...iniToolBox.exe and run it.

    Checkmark following boxes:
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
      Click Go and post the result.


    In your next reply:

    • Post the log from minitoolbox
    • Tell me about Your Anti Virus.
    • Confirm you have updated Java And Adobe reader


    One final question
    Do you have the office 2007 Disk?

    Joe
    Last edited by zep516; 10-12-2012 at 05:37 PM.

  7. #7
    Member
    Join Date
    Oct 2012
    Posts
    9
    Points
    0

    Default

    Thanks Joe!

    Here it goes!

    1. I've updated Java and Adobe
    2. I have the microsoft cd (I believe it's 2007)
    3. I'd like to uninstall both the remaining norton and AVG and install a newer version of norton 360 that I have access to...unless you suggest something different.

    Thank you!!

    Here is the results you wanted:

    MiniToolBox by Farbar Version: 23-07-2012
    Ran by User (administrator) on 15-10-2012 at 23:38:11
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (10/15/2012 10:27:17 PM) (Source: MsiInstaller) (User: User-PC)User-PC
    Description: Product: Adobe Reader 8.1.3 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

    Error: (10/15/2012 09:42:08 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/14/2012 10:18:23 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/12/2012 03:28:50 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/11/2012 07:34:28 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/10/2012 07:35:09 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/10/2012 07:21:39 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/10/2012 07:05:53 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/09/2012 07:43:39 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/05/2012 10:08:59 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\USERS\USER\DOCUMENTS\INSTRUCTOR INFO 2012 UPDATE.XLSX> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (10/15/2012 10:48:04 PM) (Source: Service Control Manager) (User: )
    Description: Windows Search%%1053

    Error: (10/15/2012 10:48:04 PM) (Source: Service Control Manager) (User: )
    Description: 30000Windows Search

    Error: (10/15/2012 10:28:15 PM) (Source: Service Control Manager) (User: )
    Description: Windows Search%%1053

    Error: (10/15/2012 10:28:15 PM) (Source: Service Control Manager) (User: )
    Description: 30000Windows Search

    Error: (10/15/2012 10:28:14 PM) (Source: DCOM) (User: )
    Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (10/15/2012 10:06:19 PM) (Source: Service Control Manager) (User: )
    Description: Apple Mobile Device2600001Restart the service

    Error: (10/15/2012 10:04:15 PM) (Source: Service Control Manager) (User: )
    Description: Apple Mobile Device1600001Restart the service

    Error: (10/15/2012 09:40:58 PM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 12:06:12 AM on 15/10/2012 was unexpected.

    Error: (10/14/2012 10:17:42 PM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 7:41:39 AM on 12/10/2012 was unexpected.

    Error: (10/12/2012 03:09:12 AM) (Source: Service Control Manager) (User: )
    Description: Windows Search%%1053


    Microsoft Office Sessions:
    =========================
    Error: (10/28/2010 10:02:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1121 seconds with 0 seconds of active time. This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 42%
    Total physical RAM: 3452.7 MB
    Available physical RAM: 1984.61 MB
    Total Pagefile: 7127.14 MB
    Available Pagefile: 5570.72 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1946.19 MB

    ========================= Partitions: =====================================

    1 Drive c: (S3A6555D004) (Fixed) (Total:135.96 GB) (Free:55.6 GB) NTFS
    2 Drive d: () (Fixed) (Total:5.98 GB) (Free:5.92 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\USER-PC

    Administrator Guest User


    **** End of log ****

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi,

    For now lets install Microsoft Security Essentials see link below

    Microsoft Security Essentials - Free Antivirus for Windows

    Download it to desktop, do not install it until you do all the steps below first:

    First step
    Here is the tool to remove any left over Norton files, click the link
    https://www-secure.symantec.com/nort...rsion=1&docid=

    Download and run the tool above, if found it will remove any left over files.

    Second Step
    Here is the AVG Remover tool link below:
    AVG | Download tools and utilities

    It's the fist entry on the web page on right side AVG Remover(32bit) 2013
    (avg_remover_stf_x86_2013_2706.exe)


    Download that and "Run" it. This will remove all of AVG.

    Now go back and double click the Microsoft Security Essentials file that you downloaded in first step, that will install the program. We can change this later to Norton.

    Let me know when that is done.

    Post a fresh Hijackthis log too so we can see that everything was done correctly

    Thanks,
    Joe
    Last edited by zep516; 10-15-2012 at 11:30 PM.

  9. #9
    Member
    Join Date
    Oct 2012
    Posts
    9
    Points
    0

    Default

    Hi,

    Unfortunatly the link to the uninstaller for norton did not work. It says it's unavailable. I tried to hunt around the norton site to see what I could find but couldn't figure it out. Do you have another link?

    Thanks,
    A

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    You're welcome, The Norton site is a pain! Try this Application remover and see if that helps. Link below:

    Uninstall McAfee, Symantec & other antivirus software with AppRemover

    That should work, if in fact there are any left over Norton files. But we need to check.

    Joe

Page 1 of 2 12 LastLast