May 22nd, 2011 09:00

I had a virus thought I got rid of it. now I see that system restore was disabled, which I did not do and it has no other restore points available on it

I had this same virus 'windows security 2011' on my desktop and now it's on my laptop.  My daughter watched a movie online.  If I try to run a scan it'll go to a blue screen and say "if I this is the 1st time you've seen this screeen restart, if I've seen this screeen before I'm supposed to uninstall recently installed programs that might be causing a problem"  I've seen this screen now 4 times.  My system estore was also diabled, which I did not do.

Here is my hijack this log.  Thanks!



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:50 AM, on 5/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

End of file - 7281 bytes

June 4th, 2011 17:00

Here's the combofix file, thank you!

ComboFix 11-05-18.04 - Laurel H 05/19/2011  11:20:20.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.255 [GMT -5:00]

Running from: c:\documents and settings\Laurel H\My Documents\Downloads\ComboFix.exe

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}


ADS - system32: deleted 1562 bytes in 4 streams.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



c:\documents and settings\Laurel H\WINDOWS






















(((((((((((((((((((((((((   Files Created from 2011-04-19 to 2011-05-19  )))))))))))))))))))))))))))))))



2011-05-16 03:45 . 2011-05-16 03:45 -------- d-----w- c:\documents and settings\Laurel H\Application Data\AVG10

2011-05-16 03:40 . 2011-05-16 03:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-05-16 02:53 . 2011-05-19 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-05-16 01:36 . 2011-05-19 15:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-16 01:36 . 2011-05-19 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-05-15 22:35 . 2011-05-15 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\

2011-05-15 21:52 . 2011-02-02 23:11 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-14 22:23 . 2011-05-14 22:23 -------- d-----w- c:\documents and settings\Laurel H\Application Data\Malwarebytes

2011-05-14 22:22 . 2011-05-14 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-14 22:22 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-14 22:22 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-14 22:22 . 2011-05-15 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\windows\system32\wbem\Repository




((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2011-04-09 22:24 . 2006-02-15 05:48 7 -c--a-w- c:\windows\Fonts\Key.txt

2011-03-07 05:33 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-11 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-11 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown




"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]



"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-09-01 684032]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]

backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Card Companion Monitor.lnk]

backup=c:\windows\pss\Media Card Companion Monitor.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]

2003-07-08 10:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-15 02:46 77824 ----a-w- c:\windows\system32\hkcmd.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2005-03-23 23:26 217088 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 08:24 20480 ----a-w- c:\program files\NetWaiting\netwaiting.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2006-12-12 00:36 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-02-01 05:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-02-08 16:29 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-10 05:19 393216 ----a-w- c:\windows\stsystra.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2003-11-19 23:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 12:36 729178 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]





"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=


"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=


S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]



------- Supplementary Scan -------


uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&

uSearchURL,(Default) = hxxp://

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105


- - - - ORPHANS REMOVED - - - -


MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0a\AOL.EXE

MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe

MSConfigStartUp-Fix-It AV - c:\progra~1\VCOM\Fix-It\MemCheck.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1142448309\ee\AOLSoftware.exe

MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb






catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Rootkit scan 2011-05-19 11:25

Windows 5.1.2600 Service Pack 3 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ...


scanning hidden files ...  


scan completed successfully

hidden files: 0




--------------------- LOCKED REGISTRY KEYS ---------------------



@Denied: (A 2) (Everyone)














@Denied: (A 2) (Everyone)










--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(892)



Completion time: 2011-05-19  11:29:55

ComboFix-quarantined-files.txt  2011-05-19 16:29


Pre-Run: 27,098,357,760 bytes free

Post-Run: 27,140,894,720 bytes free



[boot loader]



[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


- - End Of File - - 890C06026C88E00C38F38FC385D0BC08

June 7th, 2011 11:00


Sorry for the delay.

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)



Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click the "Show Results" button
  • Then click the "Export to Text File" button and save the log to the desktop
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Please post the ESET report and a fresh set of DDS logs back for review. Also, are you still getting the BSOD.



    June 7th, 2011 17:00

    Here's the new dds file

    thanks....not quite sure how I attach something from this post, there are no options for me to do that.


    DDS (Ver_2011-06-03.01) - NTFSx86

    Internet Explorer: 8.0.6001.18702

    Run by Laurel H at 18:20:59 on 2011-06-07

    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.76 [GMT -5:00]


    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    FW: Norton Internet Worm Protection *Disabled*


    ============== Running Processes ===============


    C:\WINDOWS\system32\svchost.exe -k DcomLaunch


    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs







    C:\Program Files\Dell\QuickSet\Quickset.exe

    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe


    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe





    C:\WINDOWS\system32\svchost.exe -k imgsvc


    C:\Program Files\internet explorer\iexplore.exe

    C:\Program Files\internet explorer\iexplore.exe


    ============== Pseudo HJT Report ===============


    uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&

    uSearchURL,(Default) = hxxp://

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin

    mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe

    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    IE: {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - {93F764AC-24D1-484F-92EA-3C84E31CDF72}

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

    DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://

    DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://

    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://

    DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://

    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://

    DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://

    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://

    TCP: DhcpNameServer =

    TCP: Interfaces\{2610F3E8-569C-40A3-8330-EDD6D5726F2F} : DhcpNameServer =

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

    Notify: igfxcui - igfxdev.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll


    ================= FIREFOX ===================


    FF - ProfilePath - c:\documents and settings\laurel h\application data\mozilla\firefox\profiles\cgcunatk.default\

    FF - prefs.js: browser.startup.homepage - hxxp://

    FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

    FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

    FF - plugin: c:\program files\picasa2\npPicasa3.dll

    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll


    ---- FIREFOX POLICIES ----

    FF - user.js: browser.cache.memory.capacity - 16000

    FF - user.js: - false

    FF - user.js: browser.display.show_image_placeholders - true

    FF - user.js: browser.turbo.enabled - true

    FF - user.js: browser.urlbar.autocomplete.enabled - true

    FF - user.js: browser.urlbar.autofill - true

    FF - user.js: content.max.tokenizing.time - 3000000

    FF - user.js: content.maxtextrun - 4095

    FF - user.js: content.notify.backoffcount - 5

    FF - user.js: content.notify.interval - 1000000

    FF - user.js: content.notify.ontimer - true

    FF - user.js: content.switch.threshold - 1000000

    FF - user.js: dom.disable_window_status_change - true

    FF - user.js: network.http.max-connections - 48

    FF - user.js: network.http.max-connections-per-server - 16

    FF - user.js: network.http.max-persistent-connections-per-proxy - 16

    FF - user.js: network.http.max-persistent-connections-per-server - 8

    FF - user.js: network.http.pipelining - true

    FF - user.js: network.http.pipelining.firstrequest - true

    FF - user.js: network.http.pipelining.maxrequests - 8

    FF - user.js: network.http.proxy.pipelining - true

    FF - user.js: network.http.request.max-start-delay - 0

    FF - user.js: nglayout.initialpaint.delay - 1000

    FF - user.js: plugin.expose_full_path - true

    FF - user.js: ui.submenuDelay - 0


    ============= SERVICES / DRIVERS ===============


    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

    S1 MpKsl4d263e06;MpKsl4d263e06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\mpksl4d263e06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\MpKsl4d263e06.sys [?]

    S1 MpKsl941c2aba;MpKsl941c2aba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\mpksl941c2aba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\MpKsl941c2aba.sys [?]

    S1 MpKsle383d5f4;MpKsle383d5f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1113e8a5-92d5-441d-8e70-ad329ee2b9ab}\mpksle383d5f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1113e8a5-92d5-441d-8e70-ad329ee2b9ab}\MpKsle383d5f4.sys [?]

    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]


    =============== Created Last 30 ================


    2011-06-07 18:49:49 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91d55f82-0abd-43b8-887b-fc7a4f18fba0}\mpengine.dll

    2011-05-31 16:52:30 -------- d-----w- c:\program files\ESET

    2011-05-23 01:22:52 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

    2011-05-22 14:56:15 388096 ----a-r- c:\documents and settings\laurel h\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

    2011-05-22 14:56:13 -------- d-----w- c:\program files\Trend Micro

    2011-05-21 16:59:59 -------- d-----w- c:\program files\WOT

    2011-05-21 16:19:52 -------- d-----w- c:\program files\Microsoft Security Client

    2011-05-19 17:00:14 -------- d-----w- c:\documents and settings\all users\application data\AVG10

    2011-05-19 16:18:56 -------- d-sha-r- C:\cmdcons

    2011-05-16 03:40:35 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

    2011-05-16 02:53:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData

    2011-05-16 01:36:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2011-05-16 01:36:01 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

    2011-05-15 21:52:46 222080 ------w- c:\windows\system32\MpSigStub.exe

    2011-05-14 22:23:00 -------- d-----w- c:\documents and settings\laurel h\application data\Malwarebytes

    2011-05-14 22:22:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2011-05-14 22:22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2011-05-14 05:27:19 -------- d-----w- c:\windows\system32\wbem\repository\FS

    2011-05-14 05:27:19 -------- d-----w- c:\windows\system32\wbem\Repository


    ==================== Find3M  ====================


    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr


    ============= FINISH: 18:22:16.25 ===============

    June 7th, 2011 18:00

    Here's where I attached the "attach dds file"

    June 7th, 2011 20:00

    I ran the eset scan and I can't find the scan again.  How can I find it?  I did find the original eset scan but can't find the new one.


    June 8th, 2011 14:00


    Did this run with ESET find anything?

    Are you still getting BSOD'd or any other symptom that leads you to believe that the system is infected.

    No scanners are finding anything, I am inclined to think that this is not infection related.

    June 9th, 2011 05:00


    it was working before the scan fine and now it's not.

    If the BSOD's have stopped, what else is not working correctly?


    June 9th, 2011 05:00


    I'm starting to think the same thing.  I haven't really used the computer much other than running the scans that you've asked me to, but no I haven't received any bsod's.  Although I could not find the new eset log, I found the 1st one from the original scan, but I can't find the one I just did.  I didn't start getting the bsod's until after I scanned it with combofix, so I'm thinking combofix took something off that my computer needs to run?  I don't know, it was working before the scan fine and now it's not.  Is there anyone else on this forum, since you don't think it's a virus, that can help me?

    40 Posts

    June 9th, 2011 06:00

    Yes, my computer was working fine before the combofix scan.  Other than the bsod's it works OK, it seems my computer is "thinking" all the time, it's a little on the slow side compared to before.  On startup it displays a screen that says:


    Please select the operating system to start:

    microsoft windows recovery

    do not select this (debugger enabled)

    microsoft windows xp professional  

    Use the up and down arrow keys to move the highlight of your choice

    Seconds until highlighted choice will be started automatically: 0

    for troubleshooting and advanced startup options for windows, press F8


    It didn't show this screen before I did the combofix scan, now it does everytime I start my computer.

    thank you again!

    June 9th, 2011 15:00

    That screen you see on start up is put there by Combofix for a very good reason and is only there for 2 seconds. This is all explained by the person who instructs one to run the tool and is also outlined in the instructions for where Combofix is downloaded from.

    Combofix did not remove any thing that the system needs, if it did, it would be shown in the log. It did not even remove anything malicious as there was nothing malicious there. If the system is slow, then it must have been slow before.

    What else have you added since running Combofix (anti-virus/firewall??) and how did you uninstall Combofix.

    The reason the Recovery Console is put in place when the system starts is because Infections do not like being removed from systems and it is not uncommon for infections to kill systems when the are removed. If this happens, the system may just be salvageable by using the recovery console.



    If the system was working fine before you run Combofix, then can I ask why you even felt the need to run the Tool in the first place?

    June 9th, 2011 15:00

        It was not working fine.  It had a virus on it.  The virus made a pop up window that said "windows xp security 2011.  I knew it was a virus and tried closing it out with windows task manager, which it did close out fine but then I restarted my computer.  After I restarted my computer all the file associations were jumbled.  Then I ran malwarebytes, then I ran the avg program that I had on it along with spyware terminator.  After all that, I then ran combofix.  

        I had the the same problem with my inlaws computer which they gave to me (they didn't want to deal with it so they just bought a new computer) because it has the same virus "windows xp security 2011".  I applied the same fixes to my laptop (which, again, I realize I should not have done) that the previous dell helper told me to use on my inlaws old desktop, the desktop works great I got it off no problem, the desktop does not have any problems or bsod's whatsoever.  Under RUN I typed in combofix /uninstall and hit enter.

        Right now I am running microsoft security essentials and malwarebytes antimalware, I uninstalled all my other antivirus and antispyware programs, and now just go with those 2.

    June 12th, 2011 09:00

    Ok, either it was or it wasn't.

    Yes, my computer was working fine before the combofix scan..

    It was not working fine.

    This is a lesson learned and the reason why we clearly state that Malware Removal is not a one size fits all task and what works on one system will not work on another.

    It was not Combofix that slowed your system down. The BSOD's were more than likely related to the infection being removed incorrectly and the slowness is more than likely due to the fact the there are remains of Norton, AVG and Spybot left on the system.


    Post a fresh set of DDS logs and we will remove them left overs.

    Are the BSOD's still occurring?

    June 13th, 2011 05:00

    OK, I'm sorry that was my fault.  I just meant that (by it was not working fine, is that it had a virus on it)  Before the virus and before the combofix scan it was working fine.  After the scan and the virus it was not working fine.  I was not trying to suggest that it was the combofix scan that created the problem.  I clearly should not have run the scan without help specific to my computer.

    Here's the dds log

    also how do I attach the attach portion fron this post, I can't seem to figure out how to do that.

    Thanks again



    DDS (Ver_2011-06-12.02) - NTFSx86

    Internet Explorer: 8.0.6001.18702

    Run by Laurel H at 6:24:25 on 2011-06-13

    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.66 [GMT -5:00]


    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    FW: Norton Internet Worm Protection *Disabled*


    ============== Running Processes ===============


    C:\WINDOWS\system32\svchost.exe -k DcomLaunch


    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs







    C:\Program Files\Dell\QuickSet\Quickset.exe

    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe


    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe





    C:\WINDOWS\system32\svchost.exe -k imgsvc


    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe


    ============== Pseudo HJT Report ===============


    uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&

    uSearchURL,(Default) = hxxp://

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe

    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    IE: {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - {93F764AC-24D1-484F-92EA-3C84E31CDF72}

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

    DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://

    DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://

    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://

    DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://

    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://

    DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://

    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://

    TCP: DhcpNameServer =

    TCP: Interfaces\{2610F3E8-569C-40A3-8330-EDD6D5726F2F} : DhcpNameServer =

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

    Notify: igfxcui - igfxdev.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll


    ================= FIREFOX ===================


    FF - ProfilePath - c:\documents and settings\laurel h\application data\mozilla\firefox\profiles\cgcunatk.default\

    FF - prefs.js: browser.startup.homepage - hxxp://

    FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

    FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

    FF - plugin: c:\program files\picasa2\npPicasa3.dll

    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll


    ---- FIREFOX POLICIES ----

    FF - user.js: browser.cache.memory.capacity - 16000

    FF - user.js: - false

    FF - user.js: browser.display.show_image_placeholders - true

    FF - user.js: browser.turbo.enabled - true

    FF - user.js: browser.urlbar.autocomplete.enabled - true

    FF - user.js: browser.urlbar.autofill - true

    FF - user.js: content.max.tokenizing.time - 3000000

    FF - user.js: content.maxtextrun - 4095

    FF - user.js: content.notify.backoffcount - 5

    FF - user.js: content.notify.interval - 1000000

    FF - user.js: content.notify.ontimer - true

    FF - user.js: content.switch.threshold - 1000000

    FF - user.js: dom.disable_window_status_change - true

    FF - user.js: network.http.max-connections - 48

    FF - user.js: network.http.max-connections-per-server - 16

    FF - user.js: network.http.max-persistent-connections-per-proxy - 16

    FF - user.js: network.http.max-persistent-connections-per-server - 8

    FF - user.js: network.http.pipelining - true

    FF - user.js: network.http.pipelining.firstrequest - true

    FF - user.js: network.http.pipelining.maxrequests - 8

    FF - user.js: network.http.proxy.pipelining - true

    FF - user.js: network.http.request.max-start-delay - 0

    FF - user.js: nglayout.initialpaint.delay - 1000

    FF - user.js: plugin.expose_full_path - true

    FF - user.js: ui.submenuDelay - 0


    ============= SERVICES / DRIVERS ===============


    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

    S1 MpKsl4d263e06;MpKsl4d263e06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\mpksl4d263e06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\MpKsl4d263e06.sys [?]

    S1 MpKsl941c2aba;MpKsl941c2aba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\mpksl941c2aba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dbdb4c0-f310-44b2-a624-5c3ad36dc87b}\MpKsl941c2aba.sys [?]

    S1 MpKsle383d5f4;MpKsle383d5f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1113e8a5-92d5-441d-8e70-ad329ee2b9ab}\mpksle383d5f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1113e8a5-92d5-441d-8e70-ad329ee2b9ab}\MpKsle383d5f4.sys [?]

    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]


    =============== Created Last 30 ================


    2011-06-09 12:06:49 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fe1b203-4c7d-448f-a681-c822bc1bcf90}\mpengine.dll

    2011-06-09 11:48:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-05-31 16:52:30 -------- d-----w- c:\program files\ESET

    2011-05-23 01:22:52 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

    2011-05-22 14:56:15 388096 ----a-r- c:\documents and settings\laurel h\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

    2011-05-22 14:56:13 -------- d-----w- c:\program files\Trend Micro

    2011-05-21 16:59:59 -------- d-----w- c:\program files\WOT

    2011-05-21 16:19:52 -------- d-----w- c:\program files\Microsoft Security Client

    2011-05-19 17:00:14 -------- d-----w- c:\documents and settings\all users\application data\AVG10

    2011-05-19 16:18:56 -------- d-sha-r- C:\cmdcons

    2011-05-16 03:40:35 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

    2011-05-16 02:53:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData

    2011-05-16 01:36:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2011-05-16 01:36:01 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

    2011-05-15 21:52:46 222080 ------w- c:\windows\system32\MpSigStub.exe

    2011-05-14 22:23:00 -------- d-----w- c:\documents and settings\laurel h\application data\Malwarebytes

    2011-05-14 22:22:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2011-05-14 22:22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware


    ==================== Find3M  ====================


    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr


    ============= FINISH:  6:27:44.98 ===============

    June 13th, 2011 11:00


    Please copy/paste the attach log as per the instructions



    June 13th, 2011 12:00

    Here is the attach (sorry I was thinking I had to attach it not copy paste it)

    Thank you





    DDS (Ver_2011-06-12.02)


    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume2

    Install Date: 2/14/2006 7:10:02 PM

    System Uptime: 6/13/2011 5:40:54 AM (1 hours ago)


    Motherboard: Dell Inc. |  | 0HC416

    Processor:         Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 798/133mhz


    ==== Disk Partitions =========================


    C: is FIXED (NTFS) - 70 GiB total, 28.294 GiB free.

    D: is CDROM ()


    ==== Disabled Device Manager Items =============


    Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

    Description: HID Non-User Input Data Filter (KB 911895)

    Device ID: HID\VID_045E&PID_00E1&COL01\6&6FA2FD8&0&0000

    Manufacturer: Microsoft

    Name: HID Non-User Input Data Filter (KB 911895)

    PNP Device ID: HID\VID_045E&PID_00E1&COL01\6&6FA2FD8&0&0000

    Service: NuidFltr


    ==== System Restore Points ===================


    RP1: 5/22/2011 9:40:23 AM - System Checkpoint

    RP2: 5/22/2011 9:56:11 AM - Installed HiJackThis

    RP3: 5/22/2011 8:19:58 PM - Software Distribution Service 3.0

    RP4: 5/30/2011 8:50:48 PM - Software Distribution Service 3.0

    RP5: 5/31/2011 9:23:36 PM - System Checkpoint

    RP6: 6/1/2011 8:20:19 AM - Software Distribution Service 3.0

    RP7: 6/2/2011 8:08:46 PM - Software Distribution Service 3.0

    RP8: 6/4/2011 8:16:32 AM - Software Distribution Service 3.0

    RP9: 6/7/2011 9:53:19 AM - Software Distribution Service 3.0

    RP10: 6/7/2011 1:49:41 PM - Software Distribution Service 3.0

    RP11: 6/9/2011 7:06:40 AM - Software Distribution Service 3.0


    ==== Installed Programs ======================


    Actiontec Gateway

    Adobe Acrobat 4.0

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 8.1.4


    ArcSoft Media Card Companion

    Ashampoo Burning Studio 6 FREE

    Broadcom Management Programs

    Canon IJ Network Scan Utility

    Canon IJ Network Tool

    Canon MP Navigator EX 1.1

    Canon MX850 series

    Canon MX850 series User Registration

    Canon My Printer

    Canon Utilities Easy-PhotoPrint EX

    Canon Utilities Solution Menu

    Conexant HDA D110 MDC V.92 Modem

    Critical Update for Windows Media Player 11 (KB959772)

    CTAS v7

    Definition update for Microsoft Office 2010 (KB982726)

    Dell Driver Reset Tool

    Dell Wireless WLAN Card

    Digital Line Detect


    EPSON Printer Software

    ESET Online Scanner v3

    Event Planner

    GTK+ 2.6.9 runtime environment

    Hallmark Card Studio 2005 Deluxe

    High Definition Audio Driver Package - KB835221


    HijackThis 2.0.2

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows Media Player 11 (KB939683)

    Hotfix for Windows XP (KB2158563)

    Hotfix for Windows XP (KB2443685)

    Hotfix for Windows XP (KB952287)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix for Windows XP (KB961118)

    Hotfix for Windows XP (KB970653-v3)

    Hotfix for Windows XP (KB976098-v2)

    Hotfix for Windows XP (KB979306)

    Hotfix for Windows XP (KB981793)

    Intel(R) Graphics Media Accelerator Driver for Mobile

    Internal Network Card Power Management

    Java 2 Runtime Environment, SE v1.4.2_03

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2416447)

    Microsoft .NET Framework 1.1 Security Update (KB979906)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Antimalware

    Microsoft Application Error Reporting

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Internationalized Domain Names Mitigation APIs

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

    Microsoft National Language Support Downlevel APIs

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Home and Student 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Single Image 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Plus! Digital Media Edition Installer

    Microsoft Plus! Photo Story 2 LE

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft Software Update for Web Folders  (English) 14

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable - KB2467175

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Web Publishing Wizard 1.52

    Modem Helper

    Mozilla Firefox 4.0.1 (x86 en-US)

    MSXML 4.0 SP2 (KB925672)

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)


    Musicmatch for Windows Media Player


    Picasa 3

    PowerDVD 5.5

    Presto! PageManager 7.15.20




    Qwest eChat Support Tools

    RealPlayer Basic

    ScanSoft OmniPage SE 4

    Security Update for CAPICOM (KB931906)

    Security Update for Microsoft .NET Framework 2.0 (KB928365)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

    Security Update for Microsoft Excel 2010 (KB2466146)

    Security Update for Microsoft Office 2010 (KB2289078)

    Security Update for Microsoft Office 2010 (KB2289161)

    Security Update for Microsoft PowerPoint 2010 (KB2519975)

    Security Update for Microsoft Publisher 2010 (KB2409055)

    Security Update for Microsoft Word 2010 (KB2345000)

    Security Update for Step By Step Interactive Training (KB898458)

    Security Update for Step By Step Interactive Training (KB923723)

    Security Update for Windows Internet Explorer 7 (KB928090)

    Security Update for Windows Internet Explorer 7 (KB929969)

    Security Update for Windows Internet Explorer 7 (KB931768)

    Security Update for Windows Internet Explorer 7 (KB933566)

    Security Update for Windows Internet Explorer 7 (KB937143)

    Security Update for Windows Internet Explorer 7 (KB938127)

    Security Update for Windows Internet Explorer 7 (KB939653)

    Security Update for Windows Internet Explorer 7 (KB942615)

    Security Update for Windows Internet Explorer 7 (KB944533)

    Security Update for Windows Internet Explorer 7 (KB950759)

    Security Update for Windows Internet Explorer 7 (KB956390)

    Security Update for Windows Internet Explorer 7 (KB958215)

    Security Update for Windows Internet Explorer 7 (KB960714)

    Security Update for Windows Internet Explorer 7 (KB961260)

    Security Update for Windows Internet Explorer 7 (KB963027)

    Security Update for Windows Internet Explorer 7 (KB969897)

    Security Update for Windows Internet Explorer 8 (KB2183461)

    Security Update for Windows Internet Explorer 8 (KB2360131)

    Security Update for Windows Internet Explorer 8 (KB2416400)

    Security Update for Windows Internet Explorer 8 (KB2482017)

    Security Update for Windows Internet Explorer 8 (KB2497640)

    Security Update for Windows Internet Explorer 8 (KB2510531)

    Security Update for Windows Internet Explorer 8 (KB969897)

    Security Update for Windows Internet Explorer 8 (KB971961)

    Security Update for Windows Internet Explorer 8 (KB972260)

    Security Update for Windows Internet Explorer 8 (KB974455)

    Security Update for Windows Internet Explorer 8 (KB976325)

    Security Update for Windows Internet Explorer 8 (KB978207)

    Security Update for Windows Internet Explorer 8 (KB981332)

    Security Update for Windows Internet Explorer 8 (KB982381)

    Security Update for Windows Media Player (KB2378111)

    Security Update for Windows Media Player (KB911564)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player (KB954155)

    Security Update for Windows Media Player (KB968816)

    Security Update for Windows Media Player (KB973540)

    Security Update for Windows Media Player (KB975558)

    Security Update for Windows Media Player (KB978695)

    Security Update for Windows Media Player 10 (KB911565)

    Security Update for Windows Media Player 10 (KB917734)

    Security Update for Windows Media Player 10 (KB936782)

    Security Update for Windows Media Player 11 (KB936782)

    Security Update for Windows Media Player 11 (KB954154)

    Security Update for Windows Media Player 6.4 (KB925398)

    Security Update for Windows XP (KB2079403)

    Security Update for Windows XP (KB2115168)

    Security Update for Windows XP (KB2121546)

    Security Update for Windows XP (KB2160329)

    Security Update for Windows XP (KB2229593)

    Security Update for Windows XP (KB2259922)

    Security Update for Windows XP (KB2279986)

    Security Update for Windows XP (KB2286198)

    Security Update for Windows XP (KB2296011)

    Security Update for Windows XP (KB2296199)

    Security Update for Windows XP (KB2347290)

    Security Update for Windows XP (KB2360937)

    Security Update for Windows XP (KB2387149)

    Security Update for Windows XP (KB2393802)

    Security Update for Windows XP (KB2412687)

    Security Update for Windows XP (KB2419632)

    Security Update for Windows XP (KB2423089)

    Security Update for Windows XP (KB2436673)

    Security Update for Windows XP (KB2440591)

    Security Update for Windows XP (KB2443105)

    Security Update for Windows XP (KB2476687)

    Security Update for Windows XP (KB2478960)

    Security Update for Windows XP (KB2478971)

    Security Update for Windows XP (KB2479628)

    Security Update for Windows XP (KB2479943)

    Security Update for Windows XP (KB2481109)

    Security Update for Windows XP (KB2483185)

    Security Update for Windows XP (KB2485376)

    Security Update for Windows XP (KB2485663)

    Security Update for Windows XP (KB2491683)

    Security Update for Windows XP (KB2503658)

    Security Update for Windows XP (KB2506212)

    Security Update for Windows XP (KB2506223)

    Security Update for Windows XP (KB2507618)

    Security Update for Windows XP (KB2508272)

    Security Update for Windows XP (KB2508429)

    Security Update for Windows XP (KB2509553)

    Security Update for Windows XP (KB2511455)

    Security Update for Windows XP (KB2524375)

    Security Update for Windows XP (KB923561)

    Security Update for Windows XP (KB923689)

    Security Update for Windows XP (KB938464-v2)

    Security Update for Windows XP (KB938464)

    Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB950760)

    Security Update for Windows XP (KB950762)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB951066)

    Security Update for Windows XP (KB951376-v2)

    Security Update for Windows XP (KB951376)

    Security Update for Windows XP (KB951698)

    Security Update for Windows XP (KB951748)

    Security Update for Windows XP (KB952004)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB954211)

    Security Update for Windows XP (KB954459)

    Security Update for Windows XP (KB954600)

    Security Update for Windows XP (KB955069)

    Security Update for Windows XP (KB956391)

    Security Update for Windows XP (KB956572)

    Security Update for Windows XP (KB956744)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956803)

    Security Update for Windows XP (KB956841)

    Security Update for Windows XP (KB956844)

    Security Update for Windows XP (KB957095)

    Security Update for Windows XP (KB957097)

    Security Update for Windows XP (KB958644)

    Security Update for Windows XP (KB958687)

    Security Update for Windows XP (KB958690)

    Security Update for Windows XP (KB958869)

    Security Update for Windows XP (KB959426)

    Security Update for Windows XP (KB960225)

    Security Update for Windows XP (KB960715)

    Security Update for Windows XP (KB960803)

    Security Update for Windows XP (KB960859)

    Security Update for Windows XP (KB961371)

    Security Update for Windows XP (KB961373)

    Security Update for Windows XP (KB961501)

    Security Update for Windows XP (KB968537)

    Security Update for Windows XP (KB969059)

    Security Update for Windows XP (KB969898)

    Security Update for Windows XP (KB969947)

    Security Update for Windows XP (KB970238)

    Security Update for Windows XP (KB970430)

    Security Update for Windows XP (KB971468)

    Security Update for Windows XP (KB971486)

    Security Update for Windows XP (KB971557)

    Security Update for Windows XP (KB971633)

    Security Update for Windows XP (KB971657)

    Security Update for Windows XP (KB972270)

    Security Update for Windows XP (KB973346)

    Security Update for Windows XP (KB973354)

    Security Update for Windows XP (KB973507)

    Security Update for Windows XP (KB973525)

    Security Update for Windows XP (KB973869)

    Security Update for Windows XP (KB973904)

    Security Update for Windows XP (KB974112)

    Security Update for Windows XP (KB974318)

    Security Update for Windows XP (KB974392)

    Security Update for Windows XP (KB974571)

    Security Update for Windows XP (KB975025)

    Security Update for Windows XP (KB975467)

    Security Update for Windows XP (KB975560)

    Security Update for Windows XP (KB975561)

    Security Update for Windows XP (KB975562)

    Security Update for Windows XP (KB975713)

    Security Update for Windows XP (KB977165-v2)

    Security Update for Windows XP (KB977816)

    Security Update for Windows XP (KB977914)

    Security Update for Windows XP (KB978037)

    Security Update for Windows XP (KB978251)

    Security Update for Windows XP (KB978262)

    Security Update for Windows XP (KB978338)

    Security Update for Windows XP (KB978542)

    Security Update for Windows XP (KB978601)

    Security Update for Windows XP (KB978706)

    Security Update for Windows XP (KB979309)

    Security Update for Windows XP (KB979482)

    Security Update for Windows XP (KB979559)

    Security Update for Windows XP (KB979683)

    Security Update for Windows XP (KB979687)

    Security Update for Windows XP (KB980195)

    Security Update for Windows XP (KB980218)

    Security Update for Windows XP (KB980232)

    Security Update for Windows XP (KB980436)

    Security Update for Windows XP (KB981322)

    Security Update for Windows XP (KB981852)

    Security Update for Windows XP (KB981957)

    Security Update for Windows XP (KB981997)

    Security Update for Windows XP (KB982132)

    Security Update for Windows XP (KB982214)

    Security Update for Windows XP (KB982665)

    Security Update for Windows XP (KB982802)


    Sonic DLA

    Sonic MyDVD LE

    Sonic RecordNow Audio

    Sonic RecordNow Copy

    Sonic RecordNow Data

    Sonic Update Manager

    Synaptics Pointing Device Driver

    The Print Shop 20

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft Office 2010 (KB2202188)

    Update for Microsoft Office 2010 (KB2413186)

    Update for Microsoft OneNote 2010 (KB2493983)

    Update for Microsoft Outlook Social Connector (KB2441641)

    Update for Windows Internet Explorer 8 (KB971930)

    Update for Windows Internet Explorer 8 (KB976662)

    Update for Windows Internet Explorer 8 (KB976749)

    Update for Windows Internet Explorer 8 (KB980182)

    Update for Windows XP (KB2141007)

    Update for Windows XP (KB2345886)

    Update for Windows XP (KB2467659)

    Update for Windows XP (KB951072-v2)

    Update for Windows XP (KB951978)

    Update for Windows XP (KB955759)

    Update for Windows XP (KB955839)

    Update for Windows XP (KB967715)

    Update for Windows XP (KB968389)

    Update for Windows XP (KB971029)

    Update for Windows XP (KB971737)

    Update for Windows XP (KB973687)

    Update for Windows XP (KB973815)

    Viewpoint Media Player

    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

    Windows Genuine Advantage Notifications (KB905474)

    Windows Genuine Advantage v1.3.0254.0

    Windows Genuine Advantage Validation Tool (KB892130)

    Windows Internet Explorer 7

    Windows Internet Explorer 8

    Windows Media Format 11 runtime

    Windows Media Player 10

    Windows Media Player 11

    Windows XP Service Pack 3

    WOT for Internet Explorer


    ==== Event Viewer Messages From Past Week ========


    6/13/2011 6:18:22 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.


    ==== End Of File ===========================

    No Events found!
