[Jonesiegirl]

32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player ActiveX
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Avanquest update
avast! Antivirus
AviSynth 2.5
Bonjour
BookWorm Deluxe 1.01
Canon Camera Access Library
Canon Camera Support Core Library
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.6.1
Canon Utilities EOS Capture 1.3
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Combined Community Codec Pack 2007-07-22
Creative Jukebox Driver
Creative NOMAD II Driver
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft DVD to iPod Converter 7.07
DivX Codec
Do More
DVD
ePocrates Clinical Suite
F5U109 Driver Uninstall
Gateway Multi-function Keyboard
GTW V.92 Voicemodem
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Ethernet Adapter and Software
InterActual Player
Internet Explorer Q903235
iTunes
Java(TM) 6 Update 14
Learn2 Player (Uninstall Only)
LP Recorder
LP Ripper
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Computer Dictionary, 5th Ed eBook
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Encyclopedia of Networking Second Edition eBook
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Web Components
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP SBS Deluxe Files
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Motorola Driver Installation
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NOMAD Jukebox 3 Driver
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
SpywareBlaster 4.2
Synaptics TouchPad
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URGE
Wave Corrector DeClick version 1.1
WebView Livescope Viewer for PC Ver. 3.60
Weight Watchers On-the-Go
WexTech AnswerWorks
Windows Communication Foundation
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Service Pack 3

[Jonesiegirl]

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 7/5/2009
Time: 10:29:22 AM
User: N/A
Computer: DIANEHARDY
Description:
Faulting application iexplore.exe, version 7.0.6000.16827, faulting module unknown, version 0.0.0.0, fault address 0x8b909090.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 38 32 37 00.16827
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 38 62 ffset 8b
0050: 39 30 39 30 39 30 0d 0a 909090..




Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 7/5/2009
Time: 11:45:38 AM
User: DIANEHARDY\Owner
Computer: DIANEHARDY
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 7/5/2009
Time: 10:34:38 AM
User: DIANEHARDY\Owner
Computer: DIANEHARDY
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 7/5/2009
Time: 10:30:24 AM
User: N/A
Computer: DIANEHARDY
Description:
The Automatic Updates service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 7/5/2009
Time: 10:23:16 AM
User: DIANEHARDY\Owner
Computer: DIANEHARDY
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 7/5/2009
Time: 10:22:42 AM
User: N/A
Computer: DIANEHARDY
Description:
The Automatic Updates service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/5/2009
Time: 10:22:42 AM
User: N/A
Computer: DIANEHARDY
Description:
The Windows Audio service failed to start due to the following error:
All pipe instances are busy.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/5/2009
Time: 10:22:41 AM
User: N/A
Computer: DIANEHARDY
Description:
The Task Scheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 7/5/2009
Time: 10:22:41 AM
User: N/A
Computer: DIANEHARDY
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 7/5/2009
Time: 10:22:41 AM
User: N/A
Computer: DIANEHARDY
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 7/5/2009
Time: 10:22:41 AM
User: N/A
Computer: DIANEHARDY
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 7/4/2009
Time: 3:39:34 PM
User: DIANEHARDY\Owner
Computer: DIANEHARDY
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 7/4/2009
Time: 3:37:11 PM
User: N/A
Computer: DIANEHARDY
Description:
The Automatic Updates service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

[Jonesiegirl]

Karen, I've noticed that my non computer literate ( ) friend is running both Norton and AVG on her Dell Vista machine. Norton was a 6 month trial, which is now expired. Can I use the link you posted to uninstall it?

[Cookiegal]

Do you know if she tried to uninstall AOL? It doesn't look like it was done properly. There are still a couple of AOL services on this computer. I don't know what consequence deleting them may have, even though she's no longer using AOL, so let's start by disabling them rather than deleting. If there are any connectivity problems then can be restarted.

Go to Start - Run - type in services.msc and click OK.

Scroll down to the following two services and for each one, click the STOP button under Service Status to stop the service. Then change the startup type in the drop down menu to: Disabled - click Apply and OK.

AOL TopSpeedMonitor
WANMiniportService

I don't see the Google toolbar installed yet the Google Updater service is trying to run. Does she have any Google programs?

[Cookiegal]

Quote:

Originally Posted by Jonesiegirl

Karen, I've noticed that my non computer literate ( ) friend is running both Norton and AVG on her Dell Vista machine. Norton was a 6 month trial, which is now expired. Can I use the link you posted to uninstall it?

You should always uninstall from Add/remove programs first and then run the uninstaller tool as a follow up in case there are any remnants.

[Jonesiegirl]

I tried stopping the service on that AOL TopSpeedMonitor the other night... no go. Will try again.

That google toolbar entry has had me in a quandry... I've tried to get rid of it, too. No go.

I've set Google as her home page, it is quite slow in loading.

[Jonesiegirl]

Quote:

Originally Posted by Cookiegal

Do you know if she tried to uninstall AOL? It doesn't look like it was done properly. There are still a couple of AOL services on this computer. I don't know what consequence deleting them may have, even though she's no longer using AOL, so let's start by disabling them rather than deleting. If there are any connectivity problems then can be restarted.

Go to Start - Run - type in services.msc and click OK.

Scroll down to the following two services and for each one, click the STOP button under Service Status to stop the service. Then change the startup type in the drop down menu to: Disabled - click Apply and OK.

AOL TopSpeedMonitor
WANMiniportService

By golly! It worked that time!

[Jonesiegirl]

Quote:

Originally Posted by Cookiegal

You should always uninstall from Add/remove programs first and then run the uninstaller tool as a follow up in case there are any remnants.

Yes, I know that. I just wasn't certain if I could use that link for Vista, should there be remnants. I'm not confident in working with the Vista OS.

[Cookiegal]

Go to Start - Run type in cmd then click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop gusvc

Then press Enter

Type:

SC Delete gusvc

Then press Enter.

Reboot and post a new HijackThis log please.

[Cookiegal]

Quote:

Originally Posted by Jonesiegirl

Yes, I know that. I just wasn't certain if I could use that link for Vista, should there be remnants. I'm not confident in working with the Vista OS.

I believe it should work on Vista too.

[Cookiegal]

Once you've done the above, please run OTS again. I'll repeat the instructions here so you don't have to go back but of course you don't have to redownload the program.

Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.

1. Close any open browsers.
2. If your Real protection or Antivirus interferes with OTS, allow it to run.
3. Open the OTS folder and double-click on OTS.exe to start the program.
4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
5. Now click the Run Scan button on the toolbar.
6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
7. When the scan is complete Notepad will open with the report file loaded in it.
8. Save that notepad file.

Use the Reply button, scroll down to the attachments section and attach the notepad file here.

[Jonesiegirl]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:55 PM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\dmadmin.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://71.9.57.2:50000/JpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dianehardy
O17 - HKLM\Software\..\Telephony: DomainName = dianehardy
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dianehardy
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dianehardy
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dianehardy
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

--
End of file - 7674 bytes

[Jonesiegirl]

OTS log attached.

[Cookiegal]

Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

Code:

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &AOL Toolbar Search -> c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html [c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0a\waol.exe" -> C:\Program Files\America Online 9.0a\waol.exe [C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a]
YN -> "C:\Program Files\Common Files\AOL\1106704514\EE\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1106704514\EE\aolsoftware.exe [C:\Program Files\Common Files\AOL\1106704514\EE\aolsoftware.exe:*:Enabled:AOL Services]
YN -> "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\KEM.exe
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> AOL Spyware Protection hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
YN -> HostManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\AOL\1106704514\ee\AOLSoftware.exe
YN -> MCAgentExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
YN -> MCUpdateExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
YN -> TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
YN -> VirusScan Online hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
YN -> VSOCheckTask hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]

[Jonesiegirl]

All Processes Killed
[Registry - Safe List]
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search\ deleted successfully.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\Contains\Files\ not found.
C:\WINNT\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106704514\EE\aolsoftware.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk\ deleted successfully.
File C:\WINNT\pss\ogitech SetPoint.lnk not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusScan Online hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VSOCheckTask hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 4449 bytes
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2721541 bytes
->Java cache emptied: 13425511 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINNT\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\Perflib_Perfdata_5e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 73844 bytes

RecycleBin emptied: 200896 bytes

Total Files Cleaned = 15.79 mb

< End of fix log >
OTS by OldTimer - Version 3.0.9.1 fix logfile created on 07052009_155452

Files\Folders moved on Reboot...
File move failed. C:\WINNT\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINNT\temp\Perflib_Perfdata_5e0.dat moved successfully.

Registry entries deleted on Reboot...