spyguy246

Thank you very much. I've donated a little something for your assistance.

Ok, they are all deleted off the desktop.

Ok, I ran OTC. I still see AdwCleaner, JRT, HijackThis, and a "backups" folder on my desktop. Am I ok to delete them manually?

Sorry, a correction: I do see the folder on my desktop now. However I still cannot use the method you suggested to uninstall ComboFix.

Ok, I have run the bat file as described. I tried to uninstall ComboFix, but it tells me that Windows cannot find it. After I had finished with ComboFix, AdwCleaner, and the rest, including the txt files I pasted as replies, I put them in a blank folder on the desktop so as not to have too much clutter. This file is not visible on the desktop anymore. However, I can see it if I go to My Computer and select Desktop.

ESET scan log follows: C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYVJ1NA0\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLWLKJDO\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

I was able to uninstall those programs. I also installed Adobe Reader XI and ran CCleaner as instructed. MBAM report follows: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.11.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Joe :: JOE-PC [administrator] 5/10/2013 10:29:20 PM mbam-log-2013-05-10 (22-29-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213524 Time elapsed: 7 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis report follows: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:38:11 PM, on 5/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\tsnp2uvc.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\G930\G930.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Steam\Steam.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\AASP\1.00.46\aaCenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe c:\program files\trillian\plugins\skypekit.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Joe\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Logitech G930] C:\Program Files\Logitech\G930\G930.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Program Files\Folding@Home Windows SMP Client V1.01\smpd.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RealtekUSB - Realtek - C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7679 bytes The only problem I have noticed so far is that I cannot turn on Avira Real-Time Protection after the system restore. When I attempt to do so, I get a box asking if I want to allow the program to make changes to my computer...I click Yes, my mouse turns into the loading icon, and then it stops. When I go into Avira, it says that my computer is not secure and that 2 services are not working correctly: real time protection and the updater. I am able to run the updater and it updates as normal, but Avira still shows the last update date in red even though the date has changed to reflect the latest update.

Ok, I restored to that last system restore point. I also attempted to download Revo and was successful. I have not run Revo or run or installed anything else yet.

When I go to System Restore, it lists the following options: Date and Time: 5/10/2013 5:03:35 PM Description: Removed JavaFX 2.1.1 Type: Uninstall Date and Time: 5/10/2013 5:02:29 PM Description: Removed Java 6 Update 33 Type: Uninstall Date and Time: 5/10/2013 5:01:25 PM Description: Removed Java 6 Update 6 Type: Uninstall Date and Time: 5/10/2013 5:00:06 PM Description: Removed Java 7 Update 21 Type: Uninstall Date and Time: 5/10/2013 4:58:07 PM Description: Removed Adobe Reader X (10.1.6) Type: Uninstall Date and Time: 5/10/2013 6:37:46 AM Description: Windows Update Type: Critical Update Clicking on the checkbox for "Show More Restore Points" doesn't show any additional restore points. Will the last one at 6:30 AM be sufficient?

Ok, I will System Restore and attempt to uninstall one of the Javas.

One additional thing I just noticed...I think I turned on Windows Defender sometime during the CFScript action. Could this be affecting my downloads?

I am also getting the "C:\Users\Joe\AppData\Local\Temp could not be saved, because you cannot change the contents of that folder. Change the folder properties and try again, or try saving in a different location." when I try to download that file.

Should I be able to continue with CCleaner/MBAM scans even if I'm unable to uninstall Adobe and Java? I have also not shut down or restarted my computer since the start of this thread, in case that is relevant.

I was unable to uninstall any of the mentioned programs via Add/Remove Programs. I received the following error messages: For Adobe Reader X: "Error 2203.Database: C:\Windows\Installer\432fc7e.ipi. Cannot open database file. System error -2147287035." For Java 7 Update 21: "Internal Error 2203. C:\Windows\Installer\432fc80.ipi. -2147287035" For Java 6 Update 6: "Internal Error 2203. C:\Windows\Installer\432fc83.ipi. -2147287035" For Java 6 Update 33: "Internal Error 2203. C:\Windows\Installer\432fc86.ipi. -2147287035" For JavaFX 2.1.1: "Internal Error 2203. C:\Windows\Installer\432fc88.ipi. -2147287035" I was also unable to download Revo Uninstaller Free through the provided link. Clicking on the link brings up the following error message: "C:\Users\Joe\AppData\Local\Temp could not be saved, because you cannot change the contents of that folder. Change the folder properties and try again, or try saving in a different location." I have not proceeded with any subsequent steps after these attempts failed.

Report from Combofix follows: ComboFix 13-05-10.01 - Joe 05/10/2013 6:41:41.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1598 [GMT -5:00] Running from: C:\Users\Joe\Desktop\ComboFix.exe Command switches used :: C:\Users\Joe\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active ((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 ))))))))))))))))))))))))))))))) 2013-05-10 11:47:32 . 2013-05-10 11:47:32 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-05-10 11:38:05 . 2013-04-17 11:31:44 6906960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A47717BC-8FAB-4267-886B-0387F991E335}\mpengine.dll 2013-05-10 02:26:36 . 2013-05-10 02:26:37 -------- d-----w- C:\Windows\ERUNT 2013-05-10 02:26:22 . 2013-05-10 02:26:24 -------- d-----w- C:\JRT 2013-05-07 11:43:04 . 2013-05-07 11:42:54 66656 ----a-w- C:\Windows\system32\drivers\avnetflt.sys 2013-04-24 12:30:37 . 2013-04-04 10:35:08 94112 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll 2013-04-24 11:56:50 . 2013-04-12 13:45:29 1211752 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2013-04-10 22:07:29 . 2013-03-01 03:09:59 2347008 ----a-w- C:\Windows\system32\win32k.sys 2013-04-10 22:07:27 . 2013-01-24 04:47:07 196328 ----a-w- C:\Windows\system32\drivers\fvevol.sys 2013-04-10 22:07:25 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-04-10 22:07:24 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2013-04-10 22:07:24 . 2013-03-19 04:48:45 38912 ----a-w- C:\Windows\system32\csrsrv.dll 2013-04-10 22:07:24 . 2013-03-19 02:49:16 69632 ----a-w- C:\Windows\system32\smss.exe 2013-04-10 22:07:21 . 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\system32\mstscax.dll 2013-04-10 22:07:20 . 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\system32\aaclient.dll 2013-04-10 22:07:20 . 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\system32\tsgqec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-05-10 02:25:01 . 2010-06-24 16:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 07:06:08 . 2009-10-02 22:19:04 238872 ------w- C:\Windows\system32\MpSigStub.exe 2013-04-19 12:11:43 . 2012-08-02 22:44:26 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-04-19 12:11:43 . 2012-08-02 22:44:26 691592 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2013-04-19 00:50:10 . 2011-11-26 22:38:33 22328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys 2013-04-19 00:50:03 . 2011-11-26 22:38:06 107832 ----a-w- C:\Windows\system32\PnkBstrB.exe 2013-04-19 00:50:03 . 2011-11-26 22:38:06 107832 ----a-w- C:\Windows\system32\PnkBstrB.ex0 2013-04-04 19:50:32 . 2008-11-21 21:42:02 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 84744 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 37352 ----a-w- C:\Windows\system32\drivers\avkmgr.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 135136 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2013-03-24 19:04:10 . 2012-06-25 15:14:57 861088 ----a-w- C:\Windows\system32\npdeployJava1.dll 2013-03-24 19:04:10 . 2010-04-24 19:13:39 782240 ----a-w- C:\Windows\system32\deployJava1.dll 2013-02-20 04:03:06 . 2009-05-01 19:43:10 282296 ----a-w- C:\Windows\system32\PnkBstrB.xtr 2013-02-12 04:48:31 . 2013-03-13 18:43:27 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 . 2013-03-13 18:43:27 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 03:32:45 . 2013-03-14 22:22:37 15872 ----a-w- C:\Windows\system32\drivers\usb8023.sys 2013-04-12 02:24:12 . 2013-04-12 02:24:02 263064 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\steam.exe" [2013-05-03 23:35:30 1635752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 04:35:58 4702208] "Skytel"="Skytel.exe" [2007-10-11 03:04:04 1826816] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 02:58:34 47392] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 21:21:06 169328] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-15 02:01:52 54832] "NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-08-17 14:45:16 184864] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 02:01:30 71216] "tsnp2uvc"="C:\Windows\tsnp2uvc.exe" [2007-07-12 00:18:54 237568] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 19:08:14 59720] "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 21:39:48 1313640] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 20:56:42 1821576] "Logitech G930"="C:\Program Files\Logitech\G930\G930.exe" [2011-03-23 17:42:52 1516888] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2011-08-05 18:29:56 159456] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 09:12:14 421888] "Logitech Download Assistant"="C:\Windows\System32\LogiLDA.dll" [2012-09-20 22:02:06 1425208] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 11:42:28 345312] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2013-02-20 18:35:28 152392] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 12:32:50 253816] C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\Program Files\Folding@Home Windows SMP Client V1.01\smpd.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [x] S2 RealtekUSB;RealtekUSB;C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;C:\Windows\system32\DRIVERS\JME.sys [x] S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerCi386.sys [x] S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerRi386.sys [x] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [x] --- Other Services/Drivers In Memory --- *Deregistered* - pavboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache Contents of the 'Scheduled Tasks' folder 2013-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 04:30:32 . 2011-07-14 04:30:29] 2013-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 04:30:32 . 2011-07-14 04:30:29] ------- Supplementary Scan ------- uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ht291nhk.default\ FF - prefs.js: browser.startup.homepage - www.google.com [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,46,f7,4c,64,5f,cc,01 [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,55,19,1e,50,3b,91,4f,b0,fc,3f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,55,19,1e,50,3b,91,4f,b0,fc,3f,\ [HKEY_USERS\S-1-5-21-1543331814-3164807734-2879093626-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:14,8c,a6,59,c7,e1,2e,ce,76,98,6e,11,6d,32,16,98,8c,2e,1c,c6,cf,43,2e, 93,5a,99,c4,c4,f7,73,ec,05,8c,33,c0,ee,ec,db,c0,f8,74,ed,5e,74,26,ba,f4,05,\ "??"=hex:d0,97,e3,8f,e5,d5,b1,67,e9,cf,d5,0a,33,00,7d,a5 [HKEY_USERS\S-1-5-21-1543331814-3164807734-2879093626-1000\Software\SecuROM\License information*] "datasecu"=hex:a6,36,cd,8c,81,4b,d0,f2,52,1f,50,0f,63,81,6c,d8,34,f6,2f,dd,16, 28,de,66,7c,5f,f5,60,08,01,d8,09,11,f0,83,8b,b9,59,a6,e7,9d,a1,b3,f5,cf,cf,\ "rkeysecu"=hex:b5,79,6f,78,91,db,ae,d4,72,98,90,1b,12,97,39,73 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Completion time: 2013-05-10 06:48:42 ComboFix-quarantined-files.txt 2013-05-10 11:48:42 ComboFix2.txt 2013-05-10 04:41:44 Pre-Run: 14,997,573,632 bytes free Post-Run: 14,837,067,776 bytes free - - End Of File - - 34D8DA983678EBCC44DB726E63D3F2C1 No problems to speak of with the computer during the scan. I did notice that some of the previously missing icons in the taskbar are now visible. The computer still seems to be working fine.

Combofix log follows: ComboFix 13-05-09.01 - Joe 05/09/2013 23:33:02.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2126 [GMT -5:00] Running from: C:\Users\Joe\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Install.exe C:\Users\Joe\AppData\Local\assembly\tmp C:\Windows\system32\Install.bat C:\Windows\system32\readme.rtf C:\Windows\system32\URTTemp C:\Windows\system32\URTTemp\regtlib.exe ((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 ))))))))))))))))))))))))))))))) 2013-05-10 04:40:23 . 2013-05-10 04:40:23 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-05-10 02:26:36 . 2013-05-10 02:26:37 -------- d-----w- C:\Windows\ERUNT 2013-05-10 02:26:22 . 2013-05-10 02:26:24 -------- d-----w- C:\JRT 2013-05-07 11:43:04 . 2013-05-07 11:42:54 66656 ----a-w- C:\Windows\system32\drivers\avnetflt.sys 2013-04-24 12:30:37 . 2013-04-04 10:35:08 94112 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll 2013-04-24 11:56:50 . 2013-04-12 13:45:29 1211752 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2013-04-10 22:07:29 . 2013-03-01 03:09:59 2347008 ----a-w- C:\Windows\system32\win32k.sys 2013-04-10 22:07:27 . 2013-01-24 04:47:07 196328 ----a-w- C:\Windows\system32\drivers\fvevol.sys 2013-04-10 22:07:25 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-04-10 22:07:24 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2013-04-10 22:07:24 . 2013-03-19 04:48:45 38912 ----a-w- C:\Windows\system32\csrsrv.dll 2013-04-10 22:07:24 . 2013-03-19 02:49:16 69632 ----a-w- C:\Windows\system32\smss.exe 2013-04-10 22:07:21 . 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\system32\mstscax.dll 2013-04-10 22:07:20 . 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\system32\aaclient.dll 2013-04-10 22:07:20 . 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\system32\tsgqec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-05-10 02:25:01 . 2010-06-24 16:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-19 12:11:43 . 2012-08-02 22:44:26 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-04-19 12:11:43 . 2012-08-02 22:44:26 691592 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2013-04-19 00:50:10 . 2011-11-26 22:38:33 22328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys 2013-04-19 00:50:03 . 2011-11-26 22:38:06 107832 ----a-w- C:\Windows\system32\PnkBstrB.exe 2013-04-19 00:50:03 . 2011-11-26 22:38:06 107832 ----a-w- C:\Windows\system32\PnkBstrB.ex0 2013-04-04 19:50:32 . 2008-11-21 21:42:02 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 84744 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 37352 ----a-w- C:\Windows\system32\drivers\avkmgr.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 135136 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2013-03-24 19:04:10 . 2012-06-25 15:14:57 861088 ----a-w- C:\Windows\system32\npdeployJava1.dll 2013-03-24 19:04:10 . 2010-04-24 19:13:39 782240 ----a-w- C:\Windows\system32\deployJava1.dll 2013-02-20 04:03:06 . 2009-05-01 19:43:10 282296 ----a-w- C:\Windows\system32\PnkBstrB.xtr 2013-02-12 04:48:31 . 2013-03-13 18:43:27 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 . 2013-03-13 18:43:27 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 03:32:45 . 2013-03-14 22:22:37 15872 ----a-w- C:\Windows\system32\drivers\usb8023.sys 2013-04-12 02:24:12 . 2013-04-12 02:24:02 263064 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\steam.exe" [2013-05-03 23:35:30 1635752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 04:35:58 4702208] "Skytel"="Skytel.exe" [2007-10-11 03:04:04 1826816] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 02:58:34 47392] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 21:21:06 169328] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-15 02:01:52 54832] "NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-08-17 14:45:16 184864] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 02:01:30 71216] "tsnp2uvc"="C:\Windows\tsnp2uvc.exe" [2007-07-12 00:18:54 237568] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 19:08:14 59720] "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 21:39:48 1313640] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 20:56:42 1821576] "Logitech G930"="C:\Program Files\Logitech\G930\G930.exe" [2011-03-23 17:42:52 1516888] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2011-08-05 18:29:56 159456] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 09:12:14 421888] "Logitech Download Assistant"="C:\Windows\System32\LogiLDA.dll" [2012-09-20 22:02:06 1425208] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 11:42:28 345312] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2013-02-20 18:35:28 152392] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 12:32:50 253816] C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\Program Files\Folding@Home Windows SMP Client V1.01\smpd.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [x] S2 RealtekUSB;RealtekUSB;C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;C:\Windows\system32\DRIVERS\JME.sys [x] S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerCi386.sys [x] S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerRi386.sys [x] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [x] --- Other Services/Drivers In Memory --- *Deregistered* - pavboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache Contents of the 'Scheduled Tasks' folder 2013-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 04:30:32 . 2011-07-14 04:30:29] 2013-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 04:30:32 . 2011-07-14 04:30:29] ------- Supplementary Scan ------- uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ht291nhk.default\ FF - prefs.js: browser.startup.homepage - www.google.com - - - - ORPHANS REMOVED - - - - AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - C:\Program Files\Common Files\BioWare\Uninstall Mass Effect 2.exe [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,46,f7,4c,64,5f,cc,01 [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,55,19,1e,50,3b,91,4f,b0,fc,3f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,55,19,1e,50,3b,91,4f,b0,fc,3f,\ [HKEY_USERS\S-1-5-21-1543331814-3164807734-2879093626-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:14,8c,a6,59,c7,e1,2e,ce,76,98,6e,11,6d,32,16,98,8c,2e,1c,c6,cf,43,2e, 93,5a,99,c4,c4,f7,73,ec,05,8c,33,c0,ee,ec,db,c0,f8,74,ed,5e,74,26,ba,f4,05,\ "??"=hex:d0,97,e3,8f,e5,d5,b1,67,e9,cf,d5,0a,33,00,7d,a5 [HKEY_USERS\S-1-5-21-1543331814-3164807734-2879093626-1000\Software\SecuROM\License information*] "datasecu"=hex:a6,36,cd,8c,81,4b,d0,f2,52,1f,50,0f,63,81,6c,d8,34,f6,2f,dd,16, 28,de,66,7c,5f,f5,60,08,01,d8,09,11,f0,83,8b,b9,59,a6,e7,9d,a1,b3,f5,cf,cf,\ "rkeysecu"=hex:b5,79,6f,78,91,db,ae,d4,72,98,90,1b,12,97,39,73 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Completion time: 2013-05-09 23:41:44 ComboFix-quarantined-files.txt 2013-05-10 04:41:44 Pre-Run: 14,292,328,448 bytes free Post-Run: 14,072,426,496 bytes free - - End Of File - - 78EC8AEDFC34F4A602CDEF36DF5A6302 I had to leave my computer while the program was running, but it was finished when I returned with no indication that there had been any issues. The only noticeable (minor) changes have been that when reopening Firefox, it brought up the dialogue box to make Firefox the default browser; there are also a couple icons missing from the Hidden Icons list on the taskbar, but I can still access those programs without a problem. Other than these differences, the computer seems to be working fine.

AdwCleaner log follows: # AdwCleaner v2.300 - Logfile created 05/09/2013 at 21:23:07 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Joe - JOE-PC # Boot Mode : Normal # Running from : C:\Users\Joe\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\ProgramData\Viewpoint Folder Deleted : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ht291nhk.default\StumbleUpon ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components \063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ht291nhk.default\prefs.js C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ht291nhk.default\user.js ... Deleted ! Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true); -\\ Google Chrome v [unable to get version] File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3624 octets] - [09/05/2013 21:23:07] ########## EOF - C:\AdwCleaner[s1].txt - [3684 octets] ########## JRT log follows: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x86 Ran by Joe on Thu 05/09/2013 at 21:26:43.51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{041FF5B6-1BAC-4AF1-A7C0-AA339716E6EA} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{1FA796AA-D10C-4A65-A7AC-4D9596EC87DC} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{2EC0B3E1-FEBF-45EC-BCBC-61C9D13B3480} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{58E1DF70-1A65-415E-85C1-96BC56A02AA3} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{6DF5FDCE-FDE7-4309-A64B-679889453D7E} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{AE711094-2B25-4E2A-A35B-BB4504EE91F5} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{B125575E-AB8D-4A35-AFC8-FA859D8BE897} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{BC79859C-685D-447E-B262-231902AAC234} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{C2EBF022-1F32-469E-A704-B332E4F8C6DD} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{E81CFF31-B0DD-45F0-9AF4-F2C5F5BF8EA8} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{F028B18B-3217-4BB9-9EF1-4B8CDA8DEEBB} Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{F04AB8EC-74A4-47B2-80BD-3836D852175E} ~~~ FireFox Emptied folder: C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\ht291nhk.default\minidumps [459 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 05/09/2013 at 21:28:44.05 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The only other issue I have noticed since the initial startup is that when I tried to save my Avira scan log to the Desktop, I was given a message that "C:\windows\system32\config\systemprofile\Desktop refers to a location that is unavailable" etc. Not sure if this is related. This occurred prior to my post in this forum. Other than this, I have not noticed any performance issues while the computer has been on. The restart after the AdwCleaner scan was normal with no boot failure.

Thank you. I've created a new topic in the appropriate forum.

This is a virus I just picked up within the last day or so. On startup, my computer gave me a black screen with a Disk Boot Failure message. I hit the restart button on my computer tower and was able to boot as normal. When I got to the desktop, Windows Action Center gave me a message to remove the win32/small.ca virus from my PC. I ran MalwareBytes and Avira, but they did not detect anything. Logs follow: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Joe at 18:31:54 on 2013-05-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1524 [GMT -5:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Folding@Home Windows SMP Client V1.01\smpd.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\tsnp2uvc.exe C:\Program Files\ASUS\AASP\1.00.46\aaCenter.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\G930\G930.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trillian\trillian.exe c:\program files\trillian\plugins\skypekit.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [steam] "c:\program files\steam\steam.exe" -silent mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Logitech G930] c:\program files\logitech\g930\G930.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\il-2 sturmovik 1946\RegistrationReminder.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{AE68ADF7-B2F2-464C-AFCD-0733B1C7790E} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{AE68ADF7-B2F2-464C-AFCD-0733B1C7790E}\47364613130353 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{AE68ADF7-B2F2-464C-AFCD-0733B1C7790E}\C696E6B6379737 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{CB967B9F-1DA9-4D63-9D8C-344A6A637406} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\ht291nhk.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-2-18 37352] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-3-18 25896] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-2 176128] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-2-18 86752] R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-2-18 110816] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-2-18 84744] R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\folding@home windows smp client v1.01\smpd.exe [2008-5-20 1135616] R2 RealtekUSB;RealtekUSB;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2009-3-18 36864] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2012-3-3 113680] R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\drivers\ladfBakerCi386.sys [2011-3-18 378568] R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\drivers\ladfBakerRi386.sys [2011-3-18 312136] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-12 27632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-14 1343400] . =============== Created Last 30 ================ . 2013-05-07 11:43:04 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-24 12:30:37 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-24 11:56:50 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 22:07:29 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 22:07:27 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 22:07:25 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 22:07:24 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-10 22:07:24 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 22:07:24 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 22:07:21 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 22:07:20 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 22:07:20 131584 ----a-w- c:\windows\system32\aaclient.dll . ==================== Find3M ==================== . 2013-04-19 12:11:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-19 12:11:43 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-19 00:50:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2013-04-19 00:50:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-04-19 00:50:03 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0 2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 00:23:24 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-28 00:23:24 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-24 19:04:10 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-24 19:04:10 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-20 04:03:06 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr 2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 18:32:25.32 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/1/2009 5:00:23 PM System Uptime: 5/9/2013 7:04:21 AM (11 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5N-D Processor: Intel® Core2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 13.534 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP846: 5/8/2013 8:03:26 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Any Video Converter 3.3.7 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Audacity 1.2.6 Audiosurf Avira Free Antivirus Battlefield: Bad Company™ 2 Belkin 54Mbps Wireless Network Adapter Bonjour Call of Duty® 4 - Modern Warfare 1.7 Patch Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full ccc-core-static ccc-utility CCC Help English CCleaner Compatibility Pack for the 2007 Office system D3DX10 Deus Ex: Human Revolution Deus Ex: Human Revolution - The Missing Link Download Updater (AOL LLC) Drive Manager Fallout 3 Fallout 3 - Unofficial Fallout 3 Patch Fallout Mod Manager 0.13.21 Folding@Home Windows SMP Client Google Update Helper iTunes Java 7 Update 21 Java Auto Updater Java 6 Update 33 Java 6 Update 6 JavaFX 2.1.1 JMicron Ethernet Adapter NDIS Driver Kareo Logitech G930 Malwarebytes Anti-Malware version 1.75.0.1300 Mass Effect Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft IntelliPoint 8.2 Microsoft IntelliType Pro 8.2 Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser Mumble 1.2.3 NVIDIA Drivers NVIDIA PhysX Oblivion - Horse Armor Pack Oblivion - Knights of the Nine Oblivion - Mehrunes Razor Oblivion - Orrery Oblivion - Spell Tomes Oblivion - The Fighter's Stronghold Oblivion - Thieves Den Oblivion - Vile Lair Oblivion - Wizard's Tower Oblivion mod manager 1.1.12 OGA Notifier 2.0.0048.0 PAYDAY: The Heist PowerDVD PowerDVD Ultra PunkBuster Services QuickTime Realtek High Definition Audio Driver REALTEK RTL8187 Wireless LAN Driver and Utility Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Serious Sam 3 Bonus Content Serious Sam 3 Editor Skins Skype™ 6.1 Source SDK Base Source SDK Base 2007 SpeedFan (remove only) Steam Super Hexagon System Requirements Lab System Requirements Lab CYRI Trillian Ubisoft Game Launcher Unofficial Oblivion Patch v3.2.0 Unofficial Shivering Isles Patch v1.4.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) USB Video Device Viewpoint Media Player VLC media player 2.0.3 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Windows Mobile Device Updater Component WinRAR archiver Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 5/9/2013 7:04:40 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 5/9/2013 7:04:40 AM, Error: atikmdag [43029] - Display is not active 5/6/2013 5:19:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 5/6/2013 5:19:17 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================

This is a virus I just picked up within the last day or so. On startup, my computer gave me a black screen with a Disk Boot Failure message. I hit the restart button on my computer tower and was able to boot as normal. When I got to the desktop, Windows Action Center gave me a message to remove the win32/small.ca virus from my PC. I ran MalwareBytes, but it did not detect anything. I'm currently running a full Avira scan, but nothing has been detected by it yet either. MalwareBytes log below: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.09.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Joe :: JOE-PC [administrator] 5/9/2013 7:12:24 AM mbam-log-2013-05-09 (07-12-24).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 438684 Time elapsed: 5 hour(s), 6 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Nope. Our computer does run a little slow, but we've had it for years now and will probably be getting rid of it soon anyway.

Ok, here's all the logs...MB and HJT included and ComboFix attached. Malwarebytes' Anti-Malware 1.32 Database version: 1634 Windows 5.1.2600 Service Pack 3 1/9/2009 11:03:53 AM mbam-log-2009-01-09 (11-03-53).txt Scan type: Quick Scan Objects scanned: 60318 Time elapsed: 5 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04:45 AM, on 1/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\AOL\1126304052\ee\AOLSoftware.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126304052\ee\AOLSoftware.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://games.bigfishgames.com/en_tastyplan...net.1.0.0.4.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.bigfishgames.com/online/dinerda...h2.1.0.0.48.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165179581281 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishgames.com/online/mystery...mesLauncher.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - https://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.bigfishgames.com/online/dinerda...sh.1.0.0.58.cab O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfishgames.com/en_wedding-d...sh.1.0.0.47.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Safety Settings Service - America Online, Inc. - C:\WINDOWS\system32\tdiins.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10993 bytes log.txt log.txt

Ran the first scan with Trend Micro Internet Security and it found one thing. MalwareBytes didn't find anything in the subsequent scan.

Here's the zip file with the scan. gmerlog.zip gmerlog.zip

Here's the MBAM and HJT logs with the gmer log attached. Malwarebytes' Anti-Malware 1.32 Database version: 1629 Windows 5.1.2600 Service Pack 3 1/7/2009 8:37:04 PM mbam-log-2009-01-07 (20-37-04).txt Scan type: Quick Scan Objects scanned: 60804 Time elapsed: 10 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:59 PM, on 1/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\AOL\1126304052\ee\AOLSoftware.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\America Online 9.0\aoltray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126304052\ee\AOLSoftware.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://games.bigfishgames.com/en_tastyplan...net.1.0.0.4.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.bigfishgames.com/online/dinerda...h2.1.0.0.48.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165179581281 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishgames.com/online/mystery...mesLauncher.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - https://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.bigfishgames.com/online/dinerda...sh.1.0.0.58.cab O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfishgames.com/en_wedding-d...sh.1.0.0.47.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Safety Settings Service - America Online, Inc. - C:\WINDOWS\system32\tdiins.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12467 bytes gmerlog.zip gmerlog.zip