Explore topic-wise InterviewSolutions in .

do any of the experts USE ADVANCED care system , i would like to know more about the utilities sectionWhilst you are waiting for an expert reply, my experience with it was good until it updated a couple of months AGO and caused problems. AWC forum was not helpful to either me or OTHERS who POSTED the same problem, so I have ditched it.
I've had no problems, but i've not updated it.

I think i'll update and let you know!!

Recently updated Panda and ran a scan, then logged off.  Now can't log back in.  When I shut off the POWER and restart windows looks like it's going to load but then goes into this saving your settings, logging off, saving your settings, logging off type loop.
I can't start up in safe mode, same thing happens but different messages ( loading personal settings, saving your settings loop)
Can't do the last known good one either that gives the first loop.
and safe mode command PROMPT goes same as safe mode.

Not SURE what to do and I am in the beginner to NOVICE range for COMPUTERS

About a week and a half ago, I CLICKED on a link on another forum that gave me a bunch of viruses and spyware(it was a tinyurl link, which I know I shouldn't have clicked on...).  I've managed to get almost all of it out, but there's one thing I can't get rid of.  It's a file called "88e25094" and it's located in F:\WINDOWS\system32\drivers.

Avast! will detect it, say it's a root kit, but I can't perform any actions on it.  Webroot Antivirus with Antispyware will detect it and have me reboot so it can delete it early, but it'll say that the file is missing.  Malwarebytes' Anti-Malware detects it and SAYS it'll delete the file on reboot, but the file is still there.  If I try to delete it myself, I get this error: "Cannot delete 88e25094: cannot find the specified file."

My computer started acting real sluggish when I originally got the viruses and spyware and considerably improved since then, but it's still not running anywhere near as well as before.


I've FOLLOWED everything in the sticky and attached the logs for SuperAntispyware, Malwarebytes' Anti-Malware, and HijackThis.


Thanks to anyone who can help.  If you need any more information about anything, I'll be checking this thread often, so I'll get you whatever you need asap.

[attachment deleted by admin]just try the avast boottime scan and i am sure u can delete or modify it...................



if u dont know how to run boot time scan read avast FAQ....








The first thing you need to do is boot into Safe Mode and try scanning that way.  Most infections LAY dormant in Safe Mode, which makes them easier to detect and remove.  So, while in Safe Mode, scan with MBAM, SAS, and Avast, one at a time.  When you're DONE, post the logs and here and let us know if the file is still returning.

Avira or Avast are the best bets.......


Here's the removal tool for Norton...Make sure you remove it completely.....

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/

Another good choice, but it may be a bit tougher on resources.......Completely remove Norton.

there's no way I'm looking to go cheap - I want the BEST available

But most of the best software is free.

Heh okay. No persuasion at all?

Hi,

I have a query.

If you get an attachment with an email that is infected, does it AFFECT your inbox or emails or anything at all.
Like, does the VIRUS SPREAD even though you haven't downloaded the attachment into your computer.

Thanks a lot.If you do not open the attachment you should be fine. Just delete the email.Yeah, So one has to delete the email, does that MEAN it will affect things?Again, not if you don't open the attachment, no. But you should delete the email just so nobody CAN open the attachment.Oh I see,

Thank you so much.Sure.its best not to open any unknown mail from the unknown PERSON which contain attachements(any format)............

I have the reader_s VIRUS in my Flash drive but I have something I need in there too. Is there anyway I can get what I need out of the flash drive, without getting infected? I'm using windows xp PROFESSIONAL sp3. If u need to know what KIND of file I want to get from the flash drive, its some cpp files and some PICS (I think they're jpg).
Is it safe to put it in the pc and than scan it, or it might be dangerous?Well, make sure you have your av ready to scan and plug in your flash drive. Scan it and remove any viruses then copy anything you need to keep. Format your FLASHDRIVE then do a FULL scan of your computer.
Hold your "shift" key down while you're plugging in your USB drive, then perform the scan with your AV and any other protective programs you have. hold the shiftkey down for atleast 30 secs during and after you pluged it in
scan the JPGS scanning the CPP files is unneccary because they are text files and cannot be executeddHave a look here....

http://www.kusangpalo.com/2008/usb-drive-tip-hold-down-shift-key.htmlbefore opening your flashdrive you must scan it with any spyware you got, but I highly prefer AVG or avast, after scanning you can easily see files that are infected and remove them, after that you can easily copy anything you want without worries. Quote from: printerface on September 08, 2009, 04:33:45 AM

before opening your flashdrive you must scan it with any spyware you got, but I highly prefer AVG or avast, after scanning you can easily see files that are infected and remove them, after that you can easily copy anything you want without worries.

I have installed 'Eraser' on my PC as I wish to CREATE a Nuke Boot Disk on a CD-R. We have an older model PC that we wish to dispose of, and want to wipe out the hard drive. We originally had this unit custom made without the internet options as we were not in an area where the internet was available ( on a REMOTE island !! ) The Eraser instructions specify - Start>All programs>Eraser>Create Nuke Boot Disk, but this last step doesn't appear anywhere -  - Any suggestions?? -  Well, if your gonna throw it away then I would suggest just SMASHING the hard drive with a HAMMER. Nope, not throwing it away - we want to DONATE it.Your windows disk can format the drive.

To answer all questions, everything is fine. We will take care of the IMGRogue-WiniFighter_Small[1].gif. before we are done.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeEvilfantasy, I had problems. I did what you asked and I received response that it had not been initialized properly. I attempted to use print screen button to "save" the messages to paste in paint and I received the reply that Paint was a key marked for deletion. Also, Combofix wanted to delete Avast key, Internet Explorer and Foxfire as well.  I thought I closed everything again or maybe I did things too soon. It did reboot to give the log---. After that I rebooted to safe mode and choose last known good restore point...Not sure of the terminology and I don't know much about restore points.  Also the magnifier which usually starts up on boot up or restart appeared and it has not been a problem until now....unless you count scattering the icons on desktop a problem. It is usually the bottom row and rightmost 2-3 columns that get moved or a random single one. The google sidebar reappeared; just prior to Combofix it wasn't there---just the google destop and I don't know how I had ended up with both! Also Combofix moved from bottom of my screen to top of screen and more towards the right.

In case it matters, Internet Explorer does not have a "run as administrator" selection while Foxfire does; Internet Explorer is the default browser.... Foxfire when originally put on this computer by a friend was the default; I changed it back to IE long ago.
Log follows:

ComboFix 09-08-28.01 - Susan M 08/28/2009 23:45.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1982.1072 [GMT -4:00]
Running from: c:\users\Susan M\Desktop\ComboFix.exe
Command switches used :: c:\users\Susan M\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2009-07-28 to 2009-08-29  )))))))))))))))))))))))))))))))
.

2009-08-29 03:50 . 2009-08-29 03:52   --------   d-----w-   c:\users\Susan M\AppData\Local\temp
2009-08-29 03:50 . 2009-08-29 03:50   --------   d-----w-   c:\users\Public\AppData\Local\temp
2009-08-29 03:50 . 2009-08-29 03:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-08-27 21:46 . 2009-08-27 22:44   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2009-08-27 21:46 . 2009-08-27 21:49   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-08-27 12:44 . 2009-08-27 12:44   --------   d-----w-   c:\programdata\Office Genuine Advantage
2009-08-26 18:01 . 2009-06-22 10:09   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-08-26 12:56 . 2009-06-05 09:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2009-08-26 12:56 . 2009-06-05 09:53   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 21:47 . 2009-08-28 13:03   --------   d-----w-   c:\program files\SpywareBlaster
2009-08-22 22:17 . 2009-08-22 22:17   --------   d-----w-   c:\program files\Trend Micro
2009-08-12 00:25 . 2009-06-04 12:07   2066432   ----a-w-   c:\windows\system32\mstscax.dll
2009-08-11 05:05 . 2009-08-17 16:04   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-11 05:05 . 2009-08-17 16:04   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-11 05:05 . 2009-08-17 16:02   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-08-11 05:05 . 2009-08-17 16:05   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-11 05:05 . 2009-08-17 16:05   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-11 05:05 . 2009-08-17 16:10   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-11 05:05 . 2009-08-17 16:05   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-08-11 05:05 . 2009-08-11 05:05   --------   d-----w-   c:\program files\Alwil Software
2009-08-03 19:07 . 2009-08-03 19:07   403816   ----a-w-   c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07   322928   ----a-w-   c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07   230768   ----a-w-   c:\windows\system32\OGAEXEC.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 03:52 . 2007-12-30 18:45   --------   d-----w-   c:\program files\Dl_cats
2009-08-29 03:51 . 2007-12-21 20:23   12   ----a-w-   c:\windows\bthservsdp.dat
2009-08-29 03:39 . 2009-06-23 01:32   117760   ----a-w-   c:\users\Susan M\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-19 01:40 . 2009-02-24 00:46   --------   d-----w-   c:\program files\Java
2009-08-12 00:27 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-08-11 02:38 . 2009-06-23 01:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-08-11 02:28 . 2009-07-11 23:51   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-08-11 01:38 . 2009-07-16 04:53   3942048   ----a-w-   c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-09 01:09 . 2007-12-31 22:49   9720   ----a-w-   c:\users\Susan M\AppData\Roaming\wklnhst.dat
2009-08-08 23:04 . 2009-04-02 01:38   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-08-03 17:36 . 2009-07-11 23:51   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-07-11 23:51   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-29 12:51 . 2008-09-10 13:08   --------   d-----w-   c:\program files\Dell DataSafe Online
2009-07-29 12:50 . 2008-11-23 05:05   8270752   ----a-w-   c:\users\Susan M\AppData\Roaming\DataSafeDotNet.exe
2009-07-29 12:50 . 2008-11-23 05:05   8270752   ----a-w-   c:\users\Susan M\AppData\Roaming\DataSafeDotNet.exe
2009-07-25 09:23 . 2009-02-24 00:46   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-25 04:13 . 2009-07-25 04:13   713992   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-21 21:52 . 2009-07-30 05:01   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 05:01   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 05:01   71680   ----a-w-   c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 05:01   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 00:24   71680   ----a-w-   c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 00:24   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 00:24   313344   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 00:24   4096   ----a-w-   c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 00:24   7680   ----a-w-   c:\windows\system32\spwmp.dll
2009-06-27 20:47 . 2009-06-27 20:47   709566   ----a-w-   c:\programdata\SPL736E.tmp
2009-06-15 23:15 . 2009-08-12 00:24   439864   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2009-06-15 14:54 . 2009-08-12 00:24   175104   ----a-w-   c:\windows\system32\wdigest.dll
2009-06-15 14:53 . 2009-07-15 12:37   156672   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-15 14:53 . 2009-08-12 00:24   72704   ----a-w-   c:\windows\system32\secur32.dll
2009-06-15 14:53 . 2009-08-12 00:24   270848   ----a-w-   c:\windows\system32\schannel.dll
2009-06-15 14:53 . 2009-08-12 00:24   218624   ----a-w-   c:\windows\system32\msv1_0.dll
2009-06-15 14:52 . 2009-08-12 00:24   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2009-06-15 14:52 . 2009-07-15 12:37   23552   ----a-w-   c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-08-12 00:24   499712   ----a-w-   c:\windows\system32\kerberos.dll
2009-06-15 14:52 . 2009-07-15 12:37   72704   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 12:37   10240   ----a-w-   c:\windows\system32\dciman32.dll
2009-06-15 12:48 . 2009-08-12 00:24   9728   ----a-w-   c:\windows\system32\lsass.exe
2009-06-15 12:42 . 2009-07-15 12:37   289792   ----a-w-   c:\windows\system32\atmfd.dll
2009-06-13 04:04 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\inf\drvindex.dat
2009-06-10 11:42 . 2009-08-12 00:24   160256   ----a-w-   c:\windows\system32\wkssvc.dll
2009-06-10 11:38 . 2009-08-12 00:24   91136   ----a-w-   c:\windows\system32\avifil32.dll
2007-12-22 04:05 . 2007-12-22 03:55   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((   [email protected]_00.00.47   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-30 18:29 . 2009-08-28 23:23   32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-30 18:29 . 2009-08-29 03:52   32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-30 18:29 . 2009-08-29 03:52   32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-30 18:29 . 2009-08-28 23:23   32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-30 18:29 . 2009-08-29 03:52   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-30 18:29 . 2009-08-28 23:23   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-29 21:26 . 2009-08-29 03:52   245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-29 21:26 . 2009-08-28 23:23   245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-26 29744]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):91,33,f5,30,dd,eb,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3588662981-376592854-2214661680-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F7822FD6-F6D0-4F27-91A7-C0AD1B1CE73A}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{BBF1B85C-9643-4C02-BD3C-FA25A6F9BE88}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{44FD6BC8-7F41-43A1-9F58-D5CDCA6A9105}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{90BC60DF-E730-4E61-8553-2B8C95354F7D}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{5141C4D6-F916-4E5F-BBCD-E5F3FC805E18}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{555B5C3C-690B-4093-9958-548FD832EF6E}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{09F02723-E8DC-45BC-B597-CED5202C2053}"= Disabled:UDP:135:TCP Port 135
"{E4E2D9D1-38EB-458A-853C-5E570C668A6A}"= Disabled:UDP:5000:TCP Port 5000
"{8930DE8D-6342-40F7-B226-E2D29B3749E2}"= Disabled:UDP:5001:TCP Port 5001
"{B68E5541-B4A1-49C4-8541-1CA11A153574}"= Disabled:UDP:5002:TCP Port 5002
"{9383E65A-FB56-4452-9170-8AF1145134E5}"= Disabled:UDP:5003:TCP Port 5003
"{9AD3CFDB-563C-423D-AF13-6139D94A7BE8}"= Disabled:UDP:5004:TCP Port 5004
"{FB2775F1-A7D2-47D3-B44F-BD45DD501FA5}"= Disabled:UDP:5005:TCP Port 5005
"{9C9104CA-5C33-42DB-9EC6-4B913D1C9387}"= Disabled:UDP:5006:TCP Port 5006
"{9BA2B06B-3350-40CE-82CE-A6A24181BB60}"= Disabled:UDP:5007:TCP Port 5007
"{BCA0B46D-96C8-4591-9B76-C092D1FEDFB3}"= Disabled:UDP:5008:TCP Port 5008
"{F62C0116-57CF-4E62-9B29-581269121CF4}"= Disabled:UDP:5009:TCP Port 5009
"{83F76203-F020-46D3-8632-B19A04E36EE6}"= Disabled:UDP:5010:TCP Port 5010
"{E5EC9F2D-D603-4C5D-90F4-89DE21F04C3F}"= Disabled:UDP:5011:TCP Port 5011
"{64B4E585-7F91-4F66-AB9B-52B3D5F87E4C}"= Disabled:UDP:5012:TCP Port 5012
"{0B64EFC9-3170-4C27-8B4E-CD72F1D271D8}"= Disabled:UDP:5013:TCP Port 5013
"{F18631F7-456F-493A-8015-F92EEF249626}"= Disabled:UDP:5014:TCP Port 5014
"{EC80A2F9-608E-4565-84A6-6C09F23935FA}"= Disabled:UDP:5015:TCP Port 5015
"{A7CE6CE9-35EF-4F90-AF9A-07BA5015B253}"= Disabled:UDP:5016:TCP Port 5016
"{85536E9B-0CA0-4BDF-9688-18363CB7C91B}"= Disabled:UDP:5017:TCP Port 5017
"{C8111B12-510B-4B77-BBA5-AC98074626F4}"= Disabled:UDP:5018:TCP Port 5018
"{0FE1E5F5-682B-4063-B281-29D250911D38}"= Disabled:UDP:5019:TCP Port 5019
"{7F7A26C4-ED89-4A15-93CB-B4CB9F633419}"= Disabled:UDP:5020:TCP Port 5020
"{A0309D64-84C6-4595-9D74-C8ED3AD93864}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3BF97467-1B54-46DA-986F-132DFD17D223}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{080DC243-A175-4EA0-AF2F-D65824C4F48C}c:\\program files\\popcap games\\alchemy deluxe\\winalch.exe"= UDP:c:\program files\popcap games\alchemy deluxe\winalch.exe:WinAlch
"UDP Query User{2DB51784-3EEF-4CC0-A4BC-0CC3A5C6465F}c:\\program files\\popcap games\\alchemy deluxe\\winalch.exe"= TCP:c:\program files\popcap games\alchemy deluxe\winalch.exe:WinAlch
"{B5A4A89A-5F98-4D80-BBCE-8250779AC25C}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{94FA2DBB-D677-420C-A5B5-5A2FDC57060C}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{9DF1615C-182A-4560-9A61-A341AD56A4F2}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{C8AA90C9-F508-43F6-ACC4-5F19FA0CC2A6}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{BD893CB9-D840-4005-8523-71F1CF74607F}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{A28901B6-CBA9-48AD-A979-4FD5AB4054BD}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{9BDDD5D0-5870-4717-A362-A803560E1604}"= UDP:c:\users\Susan M\Desktop\HouseCall.exe:HouseCall.exe
"{F43BC75E-E07C-41BF-A1FD-51839A4312FB}"= TCP:c:\users\Susan M\Desktop\HouseCall.exe:HouseCall.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-26 29744]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
S1 aswSP;avast! Self Protection;

• Click on SCAN NOW
  
• Click ACCEPT.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or SOMETHING similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

How do I delete temporary internet files and temporary files?

What must be off when I run this Combo /u?

Will Kaspersky let me choose settings before it starts scan?

I looked at your automation for Kaspersky and noticed that you need to run Internet Explorer as administrator and I have no such option. What do I do about this?

What about dds.scr which is still on my desktop?

What about the C:\Program Files\Trend Micro\sniper.exe

Any special instructions for Spyware Blaster and SpyBot Search and Destroy?  Tea time is still off

I don't know if you need to know about PEB Corruption error that showed up in Problem reports in Windows vista(date of entry August 28). Do you?

PEB Corruption error

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Also I still have the Oldtimer executable on my desktop: what does it take to get this removed?

In reference to your question about Avast and my firewall, I would refer you to the hjt that I just used the tool to evaluate  but I cannot figure how to get back to the evaluation. This evaluation did not recognize my firewall. As for what is wrong with Avast, I cannot get it to scan my email in my Windows Mail inbox. I do not understand their settings and what they mean by redirected email. I don't think that I used your method to run IE 8 as administrator when installing Avast and am wondering if I need to reinstall it. What do you think?

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5551/mcfscan.cab

You're WELCOME, CHUCK. KEEP SAFE

Hey folks,

My boy opened his computer and saw the alert that "Windows security alert. Windows reports that computer is infected, and TRIES to steer you to update to some fix.  1)I have Bitdefender and it is up to DATE. 2)Firewall is enabled through Bitdefender 3)Had to GO to Safe Mode to populate Add-Remove programs removed LoudMo Contexual Adware(saw nothing else) 4)Ran CCleaner Slim in SafeMode and deleted all cookies 5)SuperAntispyware would not load in Safe or regular mode (message SAID 'system admin has set policies to prevent this installation'6)Loaded MBAM in safemode (could not get to net to update in either mode)attached a quick scan and full scan log.  7)Will not let me get to the net to update java Could not load HijackThis in regular mode, but did in SafeMode.  Cant get to net, open programs in desktop.  Please help when you get time and thanks for the help

[Saving space, attachment deleted by admin]Hi

It is probably a rogue.

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

I recently had a COMPUTER problem, where it was telling me i had no firewall, and wouldn't let me GO on mozilla. I installed Super antispyware thinking it would work, it showed alot of viruses and trojans amongst other things . When i deleted all the intrusions, it asked to restart and when i did, i can't click on any of my icons or my system restore, everytime i click on them it brings up a open with, and when i go to the program and click on it it won't work. When i try to go to my control panel and try to click on any icons there it says application not found. Now i am completely lost in what this is or how to fix it. I am up for any HELP here.......Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.i don't get it, i did everything they instructed me to do. With the avira rescue cd i waited 1 1/2 HRS because it SAID it was loading modules and never loaded, and i can't start a scan until it finishes loading modules. With the weblive cd i got to the point to start the scan but when i get to it my mouse doesn't work and i can't go to start scan as if it froze up. Any suggestions....I couldn't get it to work, i scanned the computer and it found 177 warnings, and 7 records. It didn't delete any of them or repair any of them. I don't where i was suppose to delete them. but i still have th problem.

Did you create the Rescue CD on a clean computer?

Quote

I tried to download and install the updates but have been continually failed as the Microsoft installer seems to be inoperative/corrupted, inaccessible.

I went there and did Dial-a-Fix and it came back with,

1. Windows Installer access denied.

2. Dial-a-fix error code 2147467259 was encountered while trying to unregister C:\windows\system32\msxml3.dll. Error text is unspecified error.

Is there a way to find out which CD is the right one for this computer (usually I write it on the CD)?

I have in the past tried the wrong CD in different machines and it tries to install a new copy all the time.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

and here is my OTL report.


[2011/03/28 11:12:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/03/28 11:12:40 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/03/28 11:12:39 | 000,019,016 | ---- | C] (Kingston Technology Company                                                             ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/03/28 11:12:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/03/28 11:12:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/03/28 11:12:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/03/28 11:10:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/03/28 11:10:28 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/03/28 11:10:

From what you're telling me, there is a problem with some of the Windows files. If you made a copy of your harddrive, you could use it to restore your computer back to when the copy was made and you should be back in business. I will check with my buddy to see if there's anything else we can do.

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

I regularly use memory sticks and and external harddrive. Yesterday when I plugged in the external hard drive, I tried to open the drive in My COMPUTER. I get the following error message. Error loading setup 50045.fon The SPECIFIED module could not be FOUND. I RAN Malwarebytes and it did find a couple of items. I rebooted the computer and same thing. I plugged in a memory stick and it has the same error too. I re-ran MBAM, and it found a few things while scanning the external hard drive and the memory stick. Is this from one of the infections or something ELSE?

thanks

Chris

I've fixed the problem, what next?Please tell me how your computer is running. Any other issues?Running much better than it was but still seems slow when i go to access programs.   Once i pull up the internet, no issues there.  Just if i step away for awhile and then try to click on something, the response time is slow. Ok. Let's clean up. I have some instructions at the bottom for a slow computer.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its FOLDERS and files, hides System files and folders, and resets System Restore.
  

Ok, that will take me a few days. Will you still be here? I should probably have it done by Sunday at the latest. I work during the day, that's why it will take so long. Quote

Will you still be here?

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

am still really busy. I have two jobs, and one of them is high school teacher, so I have grading and whatnot to do when I get home. I really appreciate your help, and I'm sorry to make you wait like this.

and the windows CD still doesn't detect the OS.
Usually that means that the OS disk doesn't match the OS on the computer. In your case it's probably because the OS is on the E drive.

SIGH, okay, well thank you for all your help.

I have a website hosted on Startlogic and it keeps getting hacked. I have changed my password and deleted all files and replaced with new ones that I have on my external hd.  When trying to open my website Advast blocked it from opening so I ran a scan through http://sitecheck.sucuri.net. (Log also attached). But even after deleting all files it still SCANS with the same results. Is there anyway for me to find these and remove them without paying to have it done. Also I ran a scan on my computer Windows 8.1 with MALWAREBYTES Anti-Malware and the log is also attached. I wasn't able to download the other two as requested. One wouldn't allow me to download and the other was a dead link. Any help would be greatly appreciated.  Startlogic is only suggesting hiring sitelock.


[attachment deleted by admin to conserve space]It appears that the problem is not with your computer but with the website. You should have Startlogic fix it for you.Thank you so much for your reply! I've already asked but they singled me out and said it wasn't on their end it was on mine. Do you know of any way to figure out how they're getting into my website? This is about the 6th time this has happened. I don't think it's my computer because I've scanned it with everything I can think of. I've gotten a couple of adware and removed pup, whatever that is - but it's showing it's CLEAN now with running 3 different anti virus and malware programs. THANKS again for your response. I wasn't able to download Adwcleaner yesterday. Could you TAKE a look at this attachment and see what you think? I'm not sure if  I should clean or not?

[attachment deleted by admin to conserve space]Yes, clean it.Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.Dave.

Hi
I have a serious problem
When I run the any game, two or THREE times on the error, and after a few minutes to play, the game will hang
These programs also got tested, but that does not work
SpyHunter
malwarebytes
ccleaner

Curious as to why you feel this is a virus or malware?

 It appears to be a bad install of the game, hopefully a legal install of the game and not an illegally downloaded IMAGE copy of Witcher 3 bundled with a trojan. The error message itself is telling you to uninstall and install a clean copy of the game.Based on a cursory search, The Witcher 3's minimum requirements INCLUDE specs like 6GB of RAM which leads me to believe the game doesn't work on 32-bit SYSTEMS.

Hi I had a RUNDLL problem that said it was missing. Then i tried the forums guide on how to remove malware. It hasn't been showing but I am not sure if it is good.

Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2

10:13:11 PM 09/08/2008
mbam-log-8-9-2008 (22-13-11).txt

Scan type: Quick Scan
Objects scanned: 45971
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8395920-840d-4347-b1d9-b5694a6d077f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8395920-840d-4347-b1d9-b5694a6d077f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7fd6c15-4927-4aae-bf12-fbdabd287eb1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7fd6c15-4927-4aae-bf12-fbdabd287eb1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d7fd6c15-4927-4aae-bf12-fbdabd287eb1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm07a827e6 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zangotoolbar 4.8.2 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\kdjkmqst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000050.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\JavaCore .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07a827e6.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07a827e6.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqtss.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> Quarantined and deleted successfully.




HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:49 PM, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel MATRIX Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {F5048629-2F0A-49BB-89BA-7C55D59AA570} - C:\WINDOWS\SYSTEM32\SSTQO.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifdabb - iifdabb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM ACCESS - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11717 bytes
Welcome to CH.

Download ViewpointKiller.zip

• Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
  
• Double click the ViewpointKiller icon to run ViewpointKiller.exe.
  
• Select the File menu, and select Check to see if you have Viewpoint installed.
  
• If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper KILL option in the File menu.

• Follow the prompts and instructions very carefully, answering Yes or No depending on which option you are most comfortable with.
  
• The MSCONFIG instructions are very important, so be sure to read them carefully.

• Note: When done with ViewpointKiller right click and delete all files that were unzipped.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC and run the tool again to ensure everything has been removed.

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum.
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) 6 Update 7 (5th one down the list) version for your computer.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• MAKE sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

So here is the deal

My tech folks have came out and deemed my cable(ish) INTERNET (it is wirelessly transmitted from their tower to my roof and then via cord transfered to what they dubed a modem [teeeeeny thing] that then plugs into my computer) connection is...well fine. Its my computer ( my barely a month old HP pavillion dv9000) that is causing the connection to flicker at a consistent rate from "enabled" to "Network Cable Unplugged" .  I called HP and they  told me that is a virus that is doing this. Ahem. One I picked up from facebook and or myspace that automatically installs itself via java not necessarily from even someones page i visited but possibly a page ten times removed due to both sites being networking sites.  Idk. And at this point dont care I just want the darn thing fixed. I can pick up wireless connections with out an issue and will be going probably tommorow to pick up a wireless router, but i still would like to know what the drama is with my computer!

Any input would be appreciated and all three logs are attached, Thank You!!

[recovering disk space -- attachment deleted by admin]Hey there, Hanna, glad to see you took my advice and decided to stop by.  I'll take a quick look at your logs right now.Well, everything looks pretty clean to me.  You had nice easy logs.  Heh.  You don't have a third-party firewall installed (which I would recommend doing), but I'm usually a bit more lenient about this with Vista because the Vista Firewall is supposed to have decent protection.  You may still want to consider third-party SOFTWARE, however.

Other than that, things seem to look okay infection-wise.  But just so I know...who is your Internet Service Provider?  An entry in your HijackThis log points to a company called Ad-Base, which I'm not familiar with, so I'm a bit curious.Air Advantage, i think its a relatively new company. I appreciate you looking into it for me Chris! Just curious, I went through the satellite type of connection process with my aunts new PC about a month ago. Everything (including the tiny modem) was mailed to her and it was a straight forward procedure.....until I connected to the net.

A few new grey hairs, hours on the phone and a service call from the ISP and it was discovered that the filters between the PC and wall jack (telephone line) were the wrong kind. A new filter and everything was smoking right along.

Just a thought. It was working fine actually for a while, a storm hit and knocked out something on their tower, they fixed it the next day but my stuff wasnt up and running like it should have been. And someone hooked up to the connection effortlessly on their laptop so its an issue with mine.

My connection doesn't actually deal with a wall jack or even phone line  at all. I was wondering that since you didn't mention any phone line but thought I would voice my frustrations anyway I'm trying to find some sort of connection between Air Advantage and Ad-Base Systems/Group, but nothing's coming up so far.  I'm still looking into it, but it seems a LITTLE suspicious to me.

I'm going to have you TRY something real quick.  It's something I would normally advise against (anyone else reading this should not try anything like this), but I'm curious.  I'm going to go ahead and have you remove the entry in question.  If it's not supposed to be there, then everything should be fine.  If it's actually important, then it will likely disconnect you from the internet, but I will explain how to reverse the process...


1.  Open HijackThis (sniper) and click on Do a system scan only.
2.  Check the following entry:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA02BDA1-5EF4-4FAD-8EE0-38DC0765AED5}: NameServer = 64.136.173.5 64.136.164.77
3.  Click on Fix Checked.

This will remove the information from your computer's registry.  Now try performing your regular online activities.  Are you able to be online normally?  If following my steps has broken your internet connection, then do the following...

1.  Open HijackThis again.
2.  Click on View the list of backups.
3.  Place a checkmark next to the entry you removed, and then click on Restore.

This should return your internet access.  It may require you to restart, but you shouldn't have to.



Give this a try and see what happens.Keep in mind that this isn't something we normally try, but because I know you, I've decided that it gives me permission to test it out.  Heh.lol guinea pig ey? haha ok im going to give that a go.It should be just fine.  But just in case anything goes awry, I sent my phone number to your private messages.  Ha.ok did it, and still connected it seems.  wait.. maybe....And my internet connection is still doing what it was doing no change... and google refused to load for me. Haha. perhaps i should restore it?
If you are experiencing any problems, then yes, go ahead and restore it.  You said the internet connects to a sort of modem that then TRANSMITS the signal to your computer?  Since I can't see anything wrong software-wise, I suspect that either you are getting a weak signal (it's being transmitted a couple of times), or your modem and/or cable may be to blame.  Because you can still pick up a wireless signal without any trouble, I don't think your computer is at fault here.Ok rebooted back to normal. 

It connects to the modem and that plugs into my computer. Nothing right now is being wirelessly transmitted to m,y computer, it was just when i called tech support they told ,me to see if I was having this problem with wireless too so I had to lug it to school and tote it around all day while running errands.


And the modem and cable was working fine when it was plugged into the techs computer. *shrugs* he even commented on how fast of a connection I had, and i seen it was indeed working on his.

Its all odd as far as im concerned

I seem to have BECOME infected with a trojan! After running the prerequisites, Webroot  says I'm clean but would like some confirmation...

Logs attached. Thanks!!!! Reading the previous threads has been very helpful in "battling" this infection.


[recovering disk space -- attachment deleted by admin]Getting ready to take a look right now.  This should only take a few moments...Well, the scans seem to have picked up just about everything, so let's just remove these entries with HijackThis (close all other windows, including this one)...

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O16 - DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D} (v4 silent install) - https://hef.metafileonline.com/tsweb/v4rdpchk.cab
O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://hef.metafileonline.com/tsweb/v3rdpchk.cab


You may want to consider removing this one as well...
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l

It is not MALICIOUS, but some people think of it as a form of spyware.  It's up to you.  Removing it will not harm your Earthlink connection.

Also, you have a program on your computer called SpiralFrog.  Is this related to the music site?  If so, you can leave it alone.

Another thing...you have anti-spyware, but I didn't notice any anti-virus.  You should look into getting a program such as Avast! or AVG.  I also don't see a reliable firewall.  You're vulnerable without a firewall, so you should look into getting either ZONEALARM, Kerio Personal Firewall, or Comodo.  They're all good free firewalls.  Just be sure you only have one installed at a time!  Download the firewall of your choice, DISCONNECT from the internet, disable Windows Firewall, and install your new firewall.




How's your computer running?Awesome! Thanks for the help.

I do use the music site SpiralFrog so that's the origin of that. Also, I use Webroot Spy Sweeper with Anti-Virus so I thought I had anti-virus protection. I'll take your firewall advice as well! Webroot is considered anti-spyware, which doesn't work the same as anti-virus.  I see that you have Symantec products on your computer, but it doesn't appear to be related to anti-virus (but I could be wrong).

Did a stupid thing yesterday , tried downloading atorrent software from mininova which badly infected my computer to the extent that i had to reinstall windows.
Everything is now working fine but i still ran a couple of scans ,spybot , superanti spyware, and malwarebites which all found something ,so can one of you experts  take a look at my logs to see if alls ok.
when i say everything is ok it is except a couple of keys are not right the is now on the 2 key and the " is on the key ?
skyblue

[recovering disk space -- attachment deleted by admin]Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not MOUSECLICK ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixCheers evilfantasy
logs you need

[recovering disk space -- attachment deleted by admin]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.
----------

Use the

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save
  
• Save the file to your desktop.

• Extract avenger.exe from the Zip file and save it to your Desktop
• Run avenger.exe by double-clicking on it.
• Do not change any CHECK box options!!
  
• Copy everything in the Code box below, and paste it into the Input script here window:

• Now click the Execute button.
  
• Click YES to the prompt to confirm you want to execute.
  
• Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
  
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

• Add the Avenger log in your next post.

You will end up destroying your Hard Drive using cracked software.

Download

• Save it to your desktop.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

where are we going with this

Cleaning the computer... Would you rather stop?

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. KEEP a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Everytime I close a page or tab in IE8, I get a message saying "Internet Explorer has stopped working...Windows is checking for a SOLUTION to this problem" Then I have to hit Close Program. After that a box pops up in my toolbar saying"Data Execution Prevention has closed internet explorer to protect your computer" (copied from a Jul 6 message)

I have the same problem. I read the "Read this before requesting malware..." and have accomplished steps A, 1, & 5.  Don't believe that I'm smart ENOUGH to TRY your self help process as it has taken me quite a long time to figure out how to get this WINDOW to open.  I will try to start step #2 while I WAIT for your response.
Thanks, RonI tried steps 2 & 3. Step 3 log is attached - I hope.

[attachment deleted by admin]Here are the logs from steps 4 & 6 - I hope

[attachment deleted by admin]

Well, I had AVG turned off (Resident Shield that is) that whole time before and after ComboFix did it's job. I just now turned it back on and the constant trojan notifications have stopped.. so problem solved there. All AVG seems to be running fine now. Is it safe to empty the vault of all those "infections"?

As for Malwarebytes'... I'm still having the same issue. I assume you don't know the problem there, eh?Not sure what's going on with MBAM.

Please do this.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel. (if you can)
2. Restart your computer (very important)
3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe
4. It will ask to restart your computer (please allow it to).

Now go ahead with the other steps. We can try MBAM again after everything else is done.
Alright, I did the ComboFix uninstall, TFC, and Kscan. The latter's report is posted below.

A couple questions...

The ComboFix uninstall didn't get rid of the icon on the desktop. Should I delete that since all the other things related to it were (probably) uninstalled? And in general... what programs (that you've had me install throughout the process) would you suggest I keep to help keep the computer in shape on a regular basis? Are there any that I can/should get rid of when I'm done?

On a related note (to the remaining ComboFix icon), I downloaded JavaRa to get rid of older Java VERSIONS (when I went through your removal tutorial). When I used the program it said that it got rid of jre1.6.0_07 but when I look in my program files, there's still an 80mb folder there. I assume it did it's job, but I was curious about that.

And finally, it seems several things around my computer have returned to default settings. Is that a "side effect" of ComboFix? Things like the wallpaper changing and icons returning (without performing a system restore) make me a little wary.


As for Malwarebytes', I uninstalled that yesterday after we tried the redownload and installation. I'm pretty sure I've restarted several times since then. Should I restart yet again and then try your link?


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
 Saturday, July 18, 2009
 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
 Kaspersky Online Scanner  version: 7.0.26.13
 Program database last update: Saturday, July 18, 2009 09:35:29
 Records in database: 2486942
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   C:\
   D:\
   E:\

Scan statistics:
   Files scanned: 132957
   Threat name: 0
   Infected objects: 0
   Suspicious objects: 0
   Duration of the scan: 01:53:30

No malware has been detected. The scan area is clean.

The selected area was scanned.


---

It seems this is clean One note on it THOUGH. I assume it performed a complete scan, but I can't be sure since I went to sleep and after waking up, the computer was in sleep mode. I assume I wouldn't suspend while the scan was going...

Is there a way to check the number of files on the computer matches what was scanned? Quote

The ComboFix uninstall didn't get rid of the icon on the desktop. Should I delete that since all the other things related to it were (probably) uninstalled?

And in general... what programs (that you've had me install throughout the process) would you suggest I keep to help keep the computer in shape on a regular basis? Are there any that I can/should get rid of when I'm done?

got rid of jre1.6.0_07 but when I look in my program files, there's still an 80mb folder there.

And finally, it seems several things around my computer have returned to default settings. Is that a "side effect" of ComboFix? Things like the wallpaper changing and icons returning (without performing a system restore) make me a little wary.

As for Malwarebytes', I uninstalled that yesterday after we tried the redownload and installation. I'm pretty sure I've restarted several times since then. Should I restart yet again and then try your link?

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to SEE if any updates are needed.
• Update anything listed.

I also wanted to know if there is a safe registry cleaner that you'd recommend or if you think it's best to leave it alone.

I was also curious about the Kapersky Scan. Is there anything I need to clear out that it downloaded?

Lastly, I use the No Script add-on for Firefox

(jre6, jre1.6.0_07, jre1.6.0_13)

Thank you so much for your time and help Kevin. I'm very grateful.

Hi, can anyone tell me how to fix this problem? Every few minutes the following message pops up on my computer from spyware dr:

"MALICIOUS ACTION BLOCKED

Spyware Doctor has blocked an application svchost.exe attempting to access a file.

Path:
C:\WINDOWS\SYSTEM32\DLLHOST.EXE"


I followed the steps in the "Before you post" posting and below are my logs attached

[attachment deleted by admin]Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.thank you, here they are:


DDS (Ver_09-06-26.01) - NTFSx86
Run by PhilS at 17:35:36.99 on Sat 07/18/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2814.1816 [GMT -7:00]

SP: Windows DEFENDER *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PhilS\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\phils\appdata\roaming\mozilla\firefox\profiles\r2or64x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-29 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-3-29 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-3-29 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-29 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-25 348752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-26 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-3-29 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-3-29 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-17 14:47   1,056,768   a-------   c:\windows\system32\defltbase.sdb
2009-07-17 03:37      --dsh---   C:\$RECYCLE.BIN
2009-07-17 03:17   219,648   a-------   c:\windows\PEV.exe
2009-07-17 03:17   161,792   a-------   c:\windows\SWREG.exe
2009-07-17 03:17   98,816   a-------   c:\windows\sed.exe
2009-07-15 14:01      --d-----   c:\program files\Trend Micro
2009-07-15 01:51      --d-----   c:\users\phils\appdata\roaming\Malwarebytes
2009-07-15 01:51   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 01:51      --d-----   c:\programdata\Malwarebytes
2009-07-15 01:51      --d-----   c:\progra~2\Malwarebytes
2009-07-15 01:51   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-07-15 01:51      --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:11   156,672   a-------   c:\windows\system32\t2embed.dll
2009-07-14 13:11   72,704   a-------   c:\windows\system32\fontsub.dll
2009-07-14 13:11   289,792   a-------   c:\windows\system32\atmfd.dll
2009-07-14 13:11   23,552   a-------   c:\windows\system32\lpk.dll
2009-07-14 13:11   10,240   a-------   c:\windows\system32\dciman32.dll
2009-07-14 10:16   224   a-------   c:\windows\system32\9B13A86D.plf
2009-07-14 10:06      --d-----   c:\programdata\Cached Installations
2009-07-14 10:06      --d-----   c:\progra~2\Cached Installations
2009-07-14 10:02      --d-----   c:\users\phils\appdata\roaming\ParetoLogic
2009-07-14 10:00      --d-----   c:\programdata\Downloaded Installations
2009-07-14 10:00      --d-----   c:\progra~2\Downloaded Installations
2009-07-14 09:59      --d-----   c:\users\phils\appdata\roaming\DriverCure
2009-07-14 09:58      --d-----   c:\programdata\ParetoLogic
2009-07-14 09:58      --d-----   c:\programdata\DriverCure
2009-07-14 09:58      --d-----   c:\progra~2\ParetoLogic
2009-07-14 09:58      --d-----   c:\progra~2\DriverCure
2009-07-14 01:25      --d-----   c:\programdata\RegCure
2009-07-14 01:25      --d-----   c:\progra~2\RegCure
2009-07-13 10:41      --d-----   c:\programdata\SUPERAntiSpyware.com
2009-07-13 10:41      --d-----   c:\progra~2\SUPERAntiSpyware.com
2009-07-13 10:40      --d-----   c:\users\phils\appdata\roaming\SUPERAntiSpyware.com
2009-07-13 10:40      --d-----   c:\program files\SUPERAntiSpyware
2009-07-13 10:39      --d-----   c:\program files\common files\Wise Installation Wizard
2009-07-10 16:43      --d-----   c:\users\phils\appdata\roaming\funkitron
2009-07-09 02:08      --d-----   c:\users\phils\appdata\roaming\iWin
2009-07-04 14:05      --d-----   c:\windows\system32\eu-ES
2009-07-04 14:05      --d-----   c:\windows\system32\ca-ES
2009-07-04 14:05      --d-----   c:\windows\system32\vi-VN
2009-07-04 12:40      --d-----   c:\windows\system32\EventProviders
2009-07-04 12:36   289,792   a-------   c:\windows\system32\spinstall.exe
2009-07-04 12:35   409,600   a-------   c:\windows\system32\odbc32.dll
2009-07-04 12:34   638,976   a-------   c:\windows\system32\Utilman.exe
2009-07-04 12:33   140,288   a-------   c:\windows\system32\wpcsvc.dll
2009-07-04 12:32   83,968   a-------   c:\windows\system32\wbem\wmiutils.dll
2009-07-04 12:32   744,448   a-------   c:\windows\system32\wbem\wbemcore.dll
2009-07-04 12:32   614,912   a-------   c:\windows\system32\wbem\fastprox.dll
2009-07-04 12:32   265,728   a-------   c:\windows\system32\wbem\repdrvfs.dll
2009-07-04 12:32   265,728   a-------   c:\windows\system32\wbem\esscli.dll
2009-07-04 12:32   189,440   a-------   c:\windows\system32\wbem\mofd.dll
2009-07-04 12:32   30,208   a-------   c:\windows\system32\wbem\wbemprox.dll
2009-07-04 12:32   705,536   a-------   c:\windows\system32\SmiEngine.dll
2009-07-04 12:32   218,624   a-------   c:\windows\system32\wdscore.dll
2009-07-04 12:32   130,560   a-------   c:\windows\system32\PkgMgr.exe
2009-07-04 12:32   247,808   a-------   c:\windows\system32\drvstore.dll
2009-06-25 01:20      --d-----   c:\program files\SystemRequirementsLab
2009-06-21 14:50   68,640   a-------   c:\windows\unTMV.exe
2009-06-21 14:50      --d-----   c:\program files\SoftMaker Viewer
2009-06-19 04:32      --d-----   c:\programdata\NCH Swift Sound
2009-06-19 04:32      --d-----   c:\program files\NCH Software
2009-06-19 04:31      --d-----   c:\program files\NCH Swift Sound
2009-06-19 04:28      --d-----   c:\programdata\FreeRIP
2009-06-19 04:28      --d-----   c:\progra~2\FreeRIP
2009-06-19 04:28      --d-----   c:\program files\FreeRIP3

==================== Find3M  ====================

2009-07-18 17:35   27,839   a-------   c:\programdata\nvModes.dat
2009-07-18 17:35   27,839   a-------   c:\progra~2\nvModes.dat
2009-07-14 17:12   1,092   a-------   c:\users\phils\appdata\roaming\wklnhst.dat
2009-07-14 10:06   51,200   a-------   c:\windows\inf\infpub.dat
2009-07-14 10:06   143,360   a-------   c:\windows\inf\infstrng.dat
2009-07-14 10:06   86,016   a-------   c:\windows\inf\infstor.dat
2009-07-04 14:05   665,600   a-------   c:\windows\inf\drvindex.dat
2009-06-30 15:36   18,696   a-------   c:\windows\help\oem\scripts\HC_BatteryReplaceNew.exe
2009-06-30 15:10   18,696   a-------   c:\windows\help\oem\scripts\HC_BatteryNoTravel.exe
2009-06-30 15:03   18,696   a-------   c:\windows\help\oem\scripts\HC_BatteryAccessories.exe
2009-06-30 12:44   18,184   a-------   c:\windows\help\oem\scripts\HC_BatteryWeakNew.exe
2009-06-26 18:36   18,184   a-------   c:\windows\help\oem\scripts\HC_BatteryUpgrade.exe
2009-05-08 22:50   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-08 22:34   71,680   a-------   c:\windows\system32\iesetup.dll
2009-05-01 14:02   90,112   a-------   c:\windows\system32\dpl100.dll
2009-05-01 14:02   823,296   a-------   c:\windows\system32\divx_xx0c.dll
2009-05-01 14:02   823,296   a-------   c:\windows\system32\divx_xx07.dll
2009-05-01 14:02   815,104   a-------   c:\windows\system32\divx_xx0a.dll
2009-05-01 14:02   811,008   a-------   c:\windows\system32\divx_xx16.dll
2009-05-01 14:02   802,816   a-------   c:\windows\system32\divx_xx11.dll
2009-05-01 14:02   685,056   a-------   c:\windows\system32\DivX.dll
2009-04-23 05:15   784,896   a-------   c:\windows\system32\rpcrt4.dll
2009-04-23 05:14   623,616   a-------   c:\windows\system32\localspl.dll
2009-04-21 04:39   2,034,688   a-------   c:\windows\system32\win32k.sys
2008-01-20 19:43   174   a--sh---   c:\program files\desktop.ini
2006-11-02 05:42   287,440   a-------   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42   287,440   a-------   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42   30,674   a-------   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42   30,674   a-------   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20   287,440   a-------   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20   287,440   a-------   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20   30,674   a-------   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20   30,674   a-------   c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:36:54.89 ===============







DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2008 6:50:33 PM
System Uptime: 7/18/2009 2:26:10 PM (3 hours ago)

Motherboard: Wistron |  | 303C
Processor: AMD Turion Dual-Core RM-70 | Socket A | 2000/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 71.407 GiB FREE.
D: is FIXED (NTFS) - 10 GiB total, 1.732 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AAC Decoder
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AIM 6
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AutoUpdate
Bonjour
CAM UnZip 4.42
Cards_Calendar_OrderGift_DoMorePlugout
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ESU for Microsoft Vista
Express Burn
Express Rip
FreeRIP v3.1
GPL MPEG-1/2 DirectShow Decoder Filter
H.264 Decoder
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 5
LabelPrint
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek USB 2.0 Card Reader
RegCure 1.6.0.0
Spelling Dictionaries Support For Adobe Reader 8
Spyware Doctor 6.0
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
TextMaker Viewer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Viewpoint Media Player
VLC media player 0.9.9
WavePad Sound Editor

==== Event Viewer Messages From Past Week ========

7/18/2009 5:36:58 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}
7/18/2009 12:58:24 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
7/18/2009 12:58:19 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {56EA1054-1959-467F-BE3B-A2A787C4B6EA}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
7/18/2009 12:58:17 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/18/2009 12:57:59 PM, Error: EventLog [6008]  - The previous system shutdown at 12:57:01 PM on 7/18/2009 was unexpected.
7/18/2009 12:48:26 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {4D111E08-CBF7-4F12-A926-2C7920AF52FC}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{4D111E08-CBF7-4F12-A926-2C7920AF52FC}
7/18/2009 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {86D5EB8A-859F-4C7B-A76B-2BD819B7A850}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}
7/17/2009 8:04:59 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {FCC74B77-EC3E-4DD8-A80B-008A702075A9}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
7/17/2009 8:00:40 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3AD05575-8857-4850-9277-11B85BDB8E09}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
7/17/2009 5:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {A2D8CFE7-7BA4-4BAD-B86B-851376B59134}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{A2D8CFE7-7BA4-4BAD-B86B-851376B59134}
7/17/2009 5:33:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
7/17/2009 3:31:17 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
7/17/2009 3:31:16 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/16/2009 9:43:33 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BBD8C065-5E6C-4E88-BFD7-BE3E6D1C063B}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{BBD8C065-5E6C-4E88-BFD7-BE3E6D1C063B}
7/15/2009 12:43:38 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E9495B87-D950-4AB5-87A5-FF6D70BF3E90}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{E9495B87-D950-4AB5-87A5-FF6D70BF3E90}
7/15/2009 12:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {A2D75874-6750-4931-94C1-C99D3BC9D0C7}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{A79DB36D-6218-48E6-9EC9-DCBA9A39BF0F}
7/14/2009 10:23:16 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.0.10 for the Network Card with network address 00234E139720 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/14/2009 10:12:38 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {D1F60CCB-8329-406E-976F-660B1BDF0D97}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{D1F60CCB-8329-406E-976F-660B1BDF0D97}
7/14/2009 1:46:03 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {1F2E5C40-9550-11CE-99D2-00AA006E086C}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{1F2E5C40-9550-11CE-99D2-00AA006E086C}
7/14/2009 1:23:01 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {9DF523B0-A6C0-4EA9-B5F1-F4565C3AC8B8}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{9DF523B0-A6C0-4EA9-B5F1-F4565C3AC8B8}
7/11/2009 7:52:05 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BB46F03E-7CD2-489F-8F95-BB950F395FDB}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
7/11/2009 2:39:06 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 76.105.214.195 for the Network Card with network address 001F16498BEF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/11/2009 2:35:55 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BA126F01-2166-11D1-B1D0-00805FC1270E}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{BA126F01-2166-11D1-B1D0-00805FC1270E}
7/11/2009 1:11:58 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {71E7431B-17AA-4018-B62B-08C5F9AA4D8E}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{71E7431B-17AA-4018-B62B-08C5F9AA4D8E}

==== End Of File ===========================
Go to Add or Remove Programs and uninstall:

• RegCure 1.6.0.0
• Viewpoint Media Player

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Thanks to combo-fix, I think everything is OK now! Thanks!Uninstall ComboFix

Click Start then Run and enter everything from the Code box below into the run box and then click OK.
Code: [Select]"%userprofile%\Desktop\Combo-Fix" /u
Note: The space between the Combo-fix" and the /u must be there.

The above procedure will

• Delete ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Hi guy's any idea why this keeps cropping up?

[attachment deleted by ADMIN] Quote

Behavior
Pwdump is a hack tool that is used to grab Windows password hashes from a REMOTE Windows computer.

Hi,

I'm having some trouble with my computer. Its being slower then normal and when I go to shut down there are a couple of errors that always pop up. And they're not always the same ones. One POPS up sometimes saying that yahoo messenger has stopped responding or one called sprtmcd.exe, I think it is. Also, I've been recently getting one with app and then a bunch of numbers when I shut down.

I recently switched internet providers and am going with MSN for internet instead of AOL. And I -thought- that I removed everything AOL related aside from AIM but... on the processes it lists aolsoftware.exe. Which, seems to slow down MSN sometimes. But after I cancel it out my internet works fine. Anyway I can delete it?

Have already run a HiJackThis log and here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:10 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kucampus.kaplan.edu/Login/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138933720\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,[email protected]
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\DOCUMENTS and Settings\Laci Bailey\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B0A3E34-A88D-4821-A324-9B2429F65F46}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! ANTIVIRUS - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10376 bytesYou have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as  http://en.wikipedia.org/wiki/Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

http://www.greatis.com/appdata/u/v/viewmgr.exe.htm


It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
•Viewpoint

•Viewpoint Manager

•Viewpoint Media Player

•Viewpoint Toolbar

•Viewpoint Experience Technology

Computer is slow at certain task, like going to any sites that have microsoft URL.  Still have major problems with microsoft update.  I did a services pack update, which did give a clue that something is running under stealth.  I've reloaded hundreds of XP systems, and have updated services packs many times.  But this one exhibits one strange behavior, on reboot (after service pack 3 applied) it had three command windows open after windows was completely loaded.  They stayed open about 10 second then closed.Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background LABELED Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue  progress bar goes away

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
  
• Type 1, to choose Option 1 (Search) then press Enter
  
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

During computer shut down, I get a message that CLayoutEngine-Tooltip is having a PROBLEM shutting down. I eventually have to click "END" to close it.  I know that this type of occurrence SOMETIMES indicates a problem which may be associated with viruses or spy-ware.

Can anyone help please?

"CLayoutEngine-Tooltip" is a part of YAHOO messenger.

I'd try downloading and reinstalling the NEWEST version of yahoo messenger, and see if that fixes the issue.Thanks for that I'll give it a try.

Have had Internet connection loss at regular intervals requiring a reboot, which has coincided with a rather active DVD ROM drive drawer opening and closing repeatedly at given periods.

Requested logs attached:


***HIJACK THIS***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:48, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows LIVE Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/tiny/
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133029434858
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32603D8A-B0E2-4EDB-A061-83F6DAE2D8C6}: NameServer = 212.139.132.105 212.139.132.107
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9b95a98ef3fc2) (gupdate1c9b95a98ef3fc2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet MONITOR (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://www.palantir.net/2001/gfx/main.jpg

--
End of file - 11995 bytes


***MALWAREBYTES***

Malwarebytes' Anti-Malware 1.39
Database version: 2467
Windows 5.1.2600 Service Pack 3

20/07/2009 16:20:18
mbam-log-2009-07-20 (16-20-18).txt

Scan type: Quick Scan
Objects scanned: 120332
Time elapsed: 16 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


***Superantispyware***


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2009 at 03:42 PM

Application Version : 4.26.1006

Core Rules Database Version : 4004
Trace Rules Database Version: 1944

Scan type       : Complete Scan
Total Scan Time : 03:54:05

Memory items scanned      : 453
Memory threats detected   : 0
Registry items scanned    : 8456
Registry threats detected : 0
File items scanned        : 111822
File threats detected     : 2

Adware.Tracking Cookie
   C:\Documents and Settings\James Pauley\Cookies\[email protected][1].txt
   C:\Documents and Settings\James Pauley\Cookies\[email protected][1].txt

I have just a simple question:
Can a Virus DAMAGE a hardware part on the computer?
Cheers.
Probably not.

Although I suppose, if they were CORRECTLY written, they might be able to say, overclock a component and cause it to fail, but that would be fairly SPECIFIC to each PC, not something you could make into a generic virus.

Okay have run the combofix and the cleaner.  Now the Kapersky Lab ask that you turn off antivirus programs to run but I don't feel comfortable doing that is that safe?Yes it's safe.Okay, here is the Kscan report and GMER:


Sunday, July 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 19, 2009 15:18:32
Records in database: 2494909
Scan settings
Scan using the following database    extended
Scan archives    yes
Scan mail databases    yes
Scan area    My Computer
C:\
D:\
E:\
Scan statistics
Files scanned    110042
Threat name    0
Infected objects    0
Suspicious objects    0
Duration of the scan    01:41:27

No malware has been detected. The scan area is clean.
The selected area was scanned.


GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-19 22:19:25
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            spcs.sys                                                          ZwEnumerateKey [0xB9EC6CA2]
SSDT            spcs.sys                                                          ZwEnumerateValueKey [0xB9EC7030]

Code            fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)  IoCreateDevice

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                            8A6501F8
Device          \Driver\Tcpip \Device\Ip                                          fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\Tcp                                         fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\Udp                                         fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\RawIp                                       fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                           SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                           SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


higruidmydckil & UACd.sys are still showing up in my registry even though everything seems clean, is there anything that will delete them? Thank you for all your help!Download Registry Search by Bobbi Flekman
(see the link titled RegSearch Download Link)

* Extract the files from Regsearch.zip into a folder.
* Doubleclick regsearch.exe to start the program.
* Enter UACd.sys in the top area of the form and then click OK
* Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
* Add the contents of the Notepad file to your next reply.

----------

Also search for higruidmydckil and post that log.Here are the logs from the registry search::

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 7/20/2009 10:22:47 AM for strings:
;  'hjgruidmydckil'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_USERS\S-1-5-21-1277242506-2705649472-1450290610-1007\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet003\\Services\\hjgruidmydckil"

; End Of The Log...



Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 7/20/2009 10:51:28 AM for strings:
;  'uacd.sys'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_USERS\S-1-5-21-1277242506-2705649472-1450290610-1007\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet003\\Services\\UACd.sys"

; End Of The Log...


Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

FixCSet::

Quit::

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Now the registry again for those entries and post the logs.

.okay here are the logs:

ComboFix 09-07-20.03 - Suil 07/20/2009 20:25.4.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1385 [GMT -4:00]
Running from: c:\documents and settings\Suil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Suil\Desktop\CFScript.txt

AV: EMBARQ® Online Security 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2009-06-21 to 2009-07-21  )))))))))))))))))))))))))))))))
.

2009-07-20 18:24 . 2009-07-20 18:24   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-20 16:51 . 2009-07-20 16:51   --------   d-----w-   c:\windows\system32\wbem\Repository
2009-07-18 03:00 . 2009-07-18 03:00   --------   d-----w-   C:\Rooter$
2009-07-17 17:38 . 2009-07-17 19:22   117760   ----a-w-   c:\documents and settings\\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-17 17:37 . 2009-07-17 17:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-17 17:37 . 2009-07-20 16:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-17 17:37 . 2009-07-20 16:23   --------   d-----w-   c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2009-07-17 00:02 . 2009-07-17 00:02   --------   d-----w-   c:\program files\Alwil Software
2009-07-16 19:56 . 2009-07-16 19:56   --------   d-----w-   c:\documents and settings\\Application Data\ImgBurn
2009-07-16 19:50 . 2009-07-16 19:50   --------   d-----w-   c:\program files\ImgBurn
2009-07-16 14:17 . 2008-06-13 13:10   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2009-07-16 14:17 . 2008-10-24 11:10   453632   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-07-16 14:15 . 2009-02-06 09:49   2020864   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-16 14:15 . 2009-02-06 09:49   2062976   -c----w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-16 02:44 . 2009-07-16 02:44   717296   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-07-16 00:09 . 2009-07-20 16:47   --------   d-----w-   C:\UBCD4Win
2009-07-15 21:02 . 2001-08-17 18:56   66048   -c--a-w-   c:\windows\system32\dllcache\s3legacy.dll
2009-07-15 20:29 . 2009-07-15 20:29   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-15 20:28 . 2009-07-15 20:28   152576   ----a-w-   c:\documents and settings\\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-15 19:30 . 2009-07-15 19:30   3775176   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 17:29 . 2004-08-04 10:00   456704   -c--a-w-   c:\windows\system32\dllcache\smtpsvc.dll
2009-07-15 17:28 . 2004-08-04 10:00   10129408   -c--a-w-   c:\windows\system32\dllcache\hwxkor.dll
2009-07-15 17:27 . 2004-08-04 10:00   829440   -c--a-w-   c:\windows\system32\dllcache\inetmgr.dll
2009-07-15 17:24 . 2004-08-04 10:00   16384   -c--a-w-   c:\windows\system32\dllcache\isignup.exe
2009-07-15 17:08 . 2004-08-04 10:00   24661   -c--a-w-   c:\windows\system32\dllcache\spxcoins.dll
2009-07-15 17:08 . 2004-08-04 10:00   24661   ----a-w-   c:\windows\system32\spxcoins.dll
2009-07-15 17:08 . 2004-08-04 10:00   13312   -c--a-w-   c:\windows\system32\dllcache\irclass.dll
2009-07-15 17:08 . 2004-08-04 10:00   13312   ----a-w-   c:\windows\system32\irclass.dll
2009-07-15 17:08 . 2009-07-15 17:08   --------   d-s---w-   c:\windows\system32\config\systemprofile\History
2009-07-15 12:54 . 2009-07-15 12:54   --------   d-----w-   c:\windows\dell
2009-07-14 19:35 . 2009-07-14 19:35   --------   d-----w-   c:\program files\Windows Resource Kits
2009-07-14 18:09 . 2009-07-14 18:09   --------   d-sh--w-   c:\documents and settings\\PrivacIE
2009-07-14 18:05 . 2009-07-14 18:05   --------   d-sh--w-   c:\documents and settings\\IETldCache
2009-07-14 18:04 . 2009-07-14 18:04   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 18:03 . 2009-07-14 18:03   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-07-14 18:01 . 2009-07-14 18:01   --------   d-----w-   c:\windows\ie8updates
2009-07-14 17:59 . 2009-07-14 18:00   --------   dc-h--w-   c:\windows\ie8
2009-07-13 00:22 . 2009-07-13 00:22   --------   d-----w-   c:\documents and settings\\Application Data\Apple Computer
2009-07-12 23:52 . 2009-07-12 23:52   --------   d-----w-   c:\program files\Trend Micro
2009-07-12 00:29 . 2009-07-12 00:29   --------   d-----w-   c:\documents and settings\\Application Data\Malwarebytes
2009-07-12 00:29 . 2009-07-13 17:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 00:29 . 2009-07-15 19:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-12 00:29 . 2009-07-13 17:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-12 00:29 . 2009-07-12 00:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 01:26 . 2009-07-11 01:26   --------   d--h--w-   c:\windows\system32\GroupPolicy
2009-07-09 00:00 . 2009-07-09 00:01   --------   d-----w-   c:\program files\QuickTime
2009-07-09 00:00 . 2009-07-09 00:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-09 00:00 . 2009-07-09 00:00   --------   d-----w-   c:\documents and settings\\Local Settings\Application Data\Apple
2009-07-08 23:59 . 2009-07-09 00:00   --------   d-----w-   c:\program files\Apple Software Update
2009-07-08 23:59 . 2009-07-08 23:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2009-07-08 23:59 . 2009-07-08 23:59   --------   d-----w-   c:\documents and settings\\Local Settings\Application Data\Apple Computer
2009-06-29 21:10 . 2009-06-29 21:10   --------   d-----w-   c:\program files\IKEA HomePlanner
2009-06-29 21:10 . 2009-07-20 16:59   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-23 12:14 . 2009-06-23 12:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-06-23 12:14 . 2009-06-23 12:14   --------   d-----w-   c:\documents and settings\\Application Data\HPAppData
2009-06-23 12:11 . 2009-06-23 12:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-23 12:07 . 2009-07-09 13:46   145901   ----a-w-   c:\windows\hpoins21.dat
2009-06-23 12:07 . 2007-09-05 18:26   8138   ----a-w-   c:\windows\hpomdl21.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 00:03 . 2009-06-05 16:12   --------   d-----w-   c:\program files\Mozilla Thunderbird
2009-07-20 21:04 . 2008-11-14 22:09   --------   d-----w-   c:\program files\Embarq Online Security 8
2009-07-20 16:53 . 2008-09-15 14:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-07-17 19:35 . 2006-05-30 20:23   --------   d-----w-   c:\program files\Java
2009-07-17 02:28 . 2006-06-04 16:29   204744   ----a-w-   c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 02:44 . 2006-05-30 20:26   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-07-15 19:21 . 2006-06-07 22:14   302   ----a-w-   c:\windows\system32\wacom.dat
2009-07-15 17:23 . 2004-08-11 22:12   23428   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-07-11 00:58 . 2006-06-14 20:25   163712   ----a-w-   c:\windows\system32\drivers\vidstub.*censored*
2009-07-08 13:44 . 2008-11-14 22:21   33920   ----a-w-   c:\windows\system32\drivers\fsbts.sys
2009-06-23 12:14 . 2006-10-15 23:19   --------   d-----w-   c:\program files\HP
2009-06-23 00:57 . 2006-10-15 23:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP
2009-06-16 14:55 . 2004-08-04 10:00   82432   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 10:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-11 14:55 . 2009-06-11 14:56   25784   ----a-w-   c:\windows\Fonts\ROTORCAP.TTF
2009-06-11 14:43 . 2009-06-11 14:44   37388   ----a-w-   c:\windows\Fonts\visitor2.ttf
2009-06-11 14:43 . 2009-06-11 14:44   3520   ----a-w-   c:\windows\Fonts\VISITOR.FON
2009-06-11 14:43 . 2009-06-11 14:44   3856   ----a-w-   c:\windows\Fonts\mints-strong.fon
2009-06-11 14:39 . 2009-06-11 14:40   256880   ----a-w-   c:\windows\Fonts\Calibribold.ttf
2009-06-11 14:39 . 2009-06-11 14:40   367620   ----a-w-   c:\windows\Fonts\CalibriIz.TTF
2009-06-11 14:39 . 2009-06-11 14:40   36648   ----a-w-   c:\windows\Fonts\MARKEN__.TTF
2009-06-11 14:39 . 2009-06-11 14:40   36552   ----a-w-   c:\windows\Fonts\MARKEN__CAPS.ttf
2009-06-11 14:35 . 2009-06-11 14:36   52680   ----a-w-   c:\windows\Fonts\STAN0757CAPS.TTF
2009-06-11 14:35 . 2009-06-11 14:36   316876   ----a-w-   c:\windows\Fonts\arialcaps.ttf
2009-06-11 02:44 . 2009-06-11 02:45   46596   ----a-w-   c:\windows\Fonts\Arial Special G1 Caps.ttf
2009-06-11 02:12 . 2009-06-11 02:13   71132   ----a-w-   c:\windows\Fonts\ITC Avant Garde Gothic LT Bold.ttf
2009-06-11 02:12 . 2009-06-11 02:13   70040   ----a-w-   c:\windows\Fonts\ITC Avant Garde Gothic LT Medium.ttf
2009-06-11 02:12 . 2009-06-11 02:13   6928   ----a-w-   c:\windows\Fonts\HaxrCorp 4088.fon
2009-06-11 02:12 . 2009-06-11 02:13   64396   ----a-w-   c:\windows\Fonts\ITC Avant Garde Gothic LT Medium Caps.ttf
2009-06-11 02:12 . 2009-06-11 02:13   4240   ----a-w-   c:\windows\Fonts\HaxrCorp Caps.FON
2009-06-11 02:12 . 2009-06-11 02:13   254296   ----a-w-   c:\windows\Fonts\calibri.ttf
2009-06-11 02:03 . 2009-06-11 02:03   --------   d-----w-   c:\program files\Free RAR Extract Frog
2009-06-07 03:15 . 2009-06-07 03:15   47792   ----a-w-   c:\windows\Fonts\HOOG0554.TTF
2009-06-07 02:52 . 2009-06-07 02:53   46368   ----a-w-   c:\windows\Fonts\Kroe0555caps.ttf
2009-06-07 02:52 . 2009-06-07 02:53   3952   ----a-w-   c:\windows\Fonts\Kroeger0.fon
2009-06-07 02:52 . 2009-06-07 02:53   22464   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_extended.ttf
2009-06-07 02:52 . 2009-06-07 02:53   22176   ----a-w-   c:\windows\Fonts\pf_tempesta_seven.ttf
2009-06-07 02:52 . 2009-06-07 02:53   22160   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_extended_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53   21780   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53   21616   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_condensed.ttf
2009-06-07 02:52 . 2009-06-07 02:53   21160   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_condensed_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53   20796   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_compressed_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53   20396   ----a-w-   c:\windows\Fonts\pf_tempesta_seven_compressed.ttf
2009-06-07 02:37 . 2009-06-07 02:38   48080   ----a-w-   c:\windows\Fonts\KROE0555.TTF
2009-06-07 02:37 . 2009-06-07 02:38   365264   ----a-w-   c:\windows\Fonts\Segoe UI .ttf
2009-06-07 02:37 . 2009-06-07 02:38   12056   ----a-w-   c:\windows\Fonts\Blank.ttf
2009-06-05 16:13 . 2009-06-05 16:13   --------   d-----w-   c:\documents and settings\Suil\Application Data\Thunderbird
2009-06-03 19:27 . 2004-08-04 10:00   1290752   ----a-w-   c:\windows\system32\quartz.dll
2009-05-07 15:44 . 2004-08-04 10:00   344064   ----a-w-   c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2006-03-04 03:33   659456   ----a-w-   c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 10:00   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-15 14:37 . 2008-09-17 21:10   134648   ----a-w-   c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-06-05 22:05 . 2006-06-05 22:05   56   --sha-r-   c:\windows\system32\0E1A64F2CB.sys
2006-06-05 22:05 . 2006-06-05 22:05   1890   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-16 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"F-Secure Manager"="c:\program files\Embarq Online Security 8\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\Embarq Online Security 8\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-4 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-4 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-30 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TabletService"=2 (0x2)
"stllssvr"=3 (0x3)
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/14/2008 6:21 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/14/2008 6:10 PM 79904]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Embarq Online Security 8\HIPS\drivers\fshs.sys [11/14/2008 6:10 PM 66720]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [7/22/2006 10:40 AM 8192]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Embarq Online Security 8\Anti-Virus\minifilter\fsgk.sys [11/14/2008 6:09 PM 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Embarq Online Security 8\ORSP Client\fsorsp.exe [11/14/2008 6:10 PM 55904]
S2 BootScreen;BootScreen;c:\windows\system32\drivers\vidstub.sys --> c:\windows\system32\drivers\vidstub.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/13/2008 5:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/13/2008 5:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/13/2008 5:49 PM 23680]
S3 VirtualDK;VirtualDK;\??\c:\ubcd4win\vdk.sys --> c:\ubcd4win\vdk.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Embarq Online Security 8\Anti-Virus\win2k\fsfilter.sys [11/14/2008 6:09 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Embarq Online Security 8\Anti-Virus\win2k\fsrec.sys [11/14/2008 6:09 PM 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 03:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT1978305
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 127.0.0.1:8100
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Embarq Online Security 8\FSPS\program\fslsp.dll
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\9lqkiec1.Default User\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?continue=http://www.google.com/ig&followup=http://www.google.com/ig&service=ig&passive=true&cd=US&hl=en&nui=1&ltmpl=default
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 20:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Æ  3*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\program files\Embarq Online Security 8\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(932)
c:\program files\Embarq Online Security 8\FSPS\program\fslsp.dll
c:\program files\Embarq Online Security 8\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(5384)
c:\program files\Embarq Online Security 8\Spam Control\fsscoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(848)
c:\program files\Embarq Online Security 8\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Embarq Online Security 8\Anti-Virus\fsgk32st.exe
c:\program files\Embarq Online Security 8\Common\FSMA32.EXE
c:\program files\Embarq Online Security 8\Anti-Virus\fsgk32.exe
c:\program files\Embarq Online Security 8\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Embarq Online Security 8\Common\FCH32.EXE
c:\program files\Embarq Online Security 8\Anti-Virus\fsqh.exe
c:\program files\Embarq Online Security 8\Common\FAMEH32.EXE
c:\program files\Embarq Online Security 8\FSPC\fspc.exe
c:\program files\Embarq Online Security 8\FSAUA\program\fsaua.exe
c:\program files\Embarq Online Security 8\Anti-Virus\fssm32.exe
c:\program files\Embarq Online Security 8\FWES\program\fsdfwd.exe
c:\program files\Embarq Online Security 8\FSAUA\program\fsus.exe
c:\progra~1\EMBARQ~1\ANTI-V~1\fsav32.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\EMBARQ~1\Common\FSM32.EXE
c:\program files\Embarq Online Security 8\FSGUI\fsguidll.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-07-21 20:39 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-21 00:39

Pre-Run: 10,793,132,032 bytes free
Post-Run: 10,828,546,048 bytes free

436   --- E O F ---   2009-07-19 20:13


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 7/20/2009 8:48:40 PM for strings:
;  'hjgruidmydckil'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


; End Of The Log...


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 7/20/2009 8:44:06 PM for strings:
;  'uacd.sys'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


; End Of The Log...Looks like that fixed it.

How is the computer running now?Thank you Mr.EvilFantasy!!! it seems to be doing FINE.  I am having a few other issues but I think that is because I had to replace a system file and NOTHING to do with viruses... all well...thanks again and I will send anyone else with a malware problem your way.... Your welcome.