Author Topic: no windows update, browser redirects, no task bar or icons at startup (Read 22441 times)

turinj5677 · « **on:** December 30, 2010, 08:56:33 PM »

Please Help!! I have been going nuts for a few days with this.

I am running Windows XP pro version 2002 sp3.

My problems started a few days ago when I began to get a windows "no disc" error. It would give me three options of retry, cancel, or continue. After several clicks the window would close. My machine would hang up on shut down at the screen "windows is shutting down". My home page in both ie and firefox were changed, and I was getting redirected to various search pages when I tried links from google. I also could not access the windows update site.

I had recently installed itunes and quick time so I assumed that was the problem. When I tried to remove them my computer would freeze up. So I tried a system restore to the point before I installed them, but it didn't work. I was still having the same problem.

I ran an avg scan that came up empty. I tried to run an ad-aware scan but the system froze. I went to a site called eset.com and ran an online scan there that found some problems and supposedly rectified them. I then downloaded combofix from another site after being reccomended to do so by someone at another site, and ran that. After these the no disc error was gone, and my machine would shut down, but the other problems were still there. Along with these sometimes after start up my screen would be blank with no task bar and no desktop items. When I would try to shut down through task mgr the system would freeze. I also occasionally get an error message that says "Generic Host Process for Win32 Services had encountered a problem and needs to close."

I then downloaded spybot s+d and Super antispyware and ran those in safe mode. The found a few issues as well and removed them. I also ran CClean in safe mode. After rebooting the problems were still there.

I read a few threads on another site and then downloaded MBAM and ran it. It found one problem and fixed it. The problems are still there however. I still am getting redirected to other search sites in both explorer and fire fox. When I try to get to windows update I get a "cannot display webpage" message whether I try to get there from ie or from the start menu. I still have the occasional boot to empty screen and the Generic Host Process Error message.

Can anyone help??? I know that there are a few different symptoms here but since they all started at the same time I am assuming they are from the same problem.

I posted this in another part of this board and they advised me to follow the isntructions in "Read this before requesting malware removal". I have followed all the instructions in order. Thanks in advance for any help. Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/30/2010 at 09:08 PM

Application Version : 4.47.1000

Core Rules Database Version : 6104
Trace Rules Database Version: 3916

Scan type : Complete Scan
Total Scan Time : 01:20:11

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 6878
Registry threats detected : 0
File items scanned : 107589
File threats detected : 139

Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\LocalService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@technoratimedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@advertising[2].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@atdmt[1].txt
C:\Documents and Settings\Mom\Cookies\mom@atwola[1].txt
C:\Documents and Settings\Mom\Cookies\mom@collective-media[1].txt
C:\Documents and Settings\Mom\Cookies\mom@doubleclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@fastclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@interclick[1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@trafficmp[1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@yieldmanager[1].txt
C:\Documents and Settings\Mom\Cookies\mom@zedo[1].txt
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXRZGUDT ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adinterax[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5426

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/30/2010 10:07:31 PM
mbam-log-2010-12-30 (22-07-31).txt

Scan type: Quick scan
Objects scanned: 233026
Time elapsed: 21 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:29 PM, on 12/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNDczMzg4ODgxLVQxNS1VODUrMS1CQSsxLUtWMys3L
VhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5 LUYxME0rNS1YMjAxMCsyLVFJWDErNC1WSVAxMCs xLUYxME0xMEQrMQ"&"prod=90"&"ver=10.0.1187
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9062 bytes

SuperDave · « **Reply #1 on:** December 31, 2010, 05:01:00 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

You can get information about Generic Host Process for Win32 Services here.You mentioned that you can't get your updates so we'll have to fix that and then try the updates.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
************************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.

***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

turinj5677 · « **Reply #2 on:** January 01, 2011, 12:45:07 PM »

Hello and Happy New Year Dave.

My name is Tom. Thank you so much for replying. I cannot tell you how much I appreciate you giving your time to help me out.

I followed your instructions. It took me a while. The machine is running very slow and the easiest of tasks seems to take forever, sometimes it even hangs up. I had to reboot several times, and about 1 out of five boot to a blank desktop. I am able to get onto the internet from this machine but only through firefox. IE hangs almost all the time. Firefox runs, but slowly.

I had to completely uninstall avg to run combofix. Even after I followed the directions to disable it I was getting a message from combofix that it had to be removed. After I finished the combofix scan I re-installed it, however I didn't let it run a scan.

I read the link on the Generic Host Processes for Win 32 Services, I did not try to download anything because I was unclear as to whether you wanted me to or not.

I have also gotten a message a few times after boot up today that said jusched.exe is not responding do I wish to end now. I have clicked on end now.

turinj5677 · « **Reply #3 on:** January 01, 2011, 12:48:32 PM »

Here are the logs from security check and combo fix:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
ESET Online Scanner v3
Outpost Firewall 2009
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

ComboFix 11-01-01.01 - Dad 01/01/2011 13:33:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1182 [GMT -5:00]
Running from: c:\documents and settings\Dad\desktop\commy.exe
Command switches used :: /stepdel
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2011-01-01 18:11 . 2011-01-01 18:12   --------   d-----w-   C:\commy
2010-12-31 03:38 . 2010-12-31 03:38   388096   ----a-r-   c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 03:38 . 2010-12-31 03:38   --------   d-----w-   c:\program files\Trend Micro
2010-12-31 03:22 . 2010-12-31 03:22   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 03:22 . 2010-12-31 03:21   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-12-31 00:39 . 2010-12-31 00:39   --------   d-----w-   c:\program files\CCleaner
2010-12-31 00:11 . 2009-04-06 16:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2010-12-31 00:11 . 2009-02-10 21:15   257432   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2010-12-31 00:10 . 2009-02-18 22:30   31128   ----a-w-   c:\windows\system32\drivers\afw.sys
2010-12-31 00:10 . 2010-12-31 00:10   --------   d-----w-   c:\program files\Agnitum
2010-12-31 00:09 . 2010-12-31 00:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Agnitum
2010-12-30 23:03 . 2010-12-30 23:48   --------   d-----w-   c:\documents and settings\Dad\Application Data\OnlineArmor
2010-12-30 01:17 . 2010-12-30 01:17   --------   d-----w-   c:\documents and settings\Dad\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 01:17 . 2010-12-30 01:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-30 01:17   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-30 01:17 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-29 20:25 . 2010-12-29 20:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-29 20:25 . 2010-12-29 20:25   --------   d-----w-   c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-12-29 20:21 . 2010-12-29 20:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-29 02:10 . 2010-12-29 02:10   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-28 05:36 . 2010-12-28 05:36   --------   d-----w-   c:\program files\iPod
2010-12-28 05:36 . 2010-12-28 05:37   --------   d-----w-   c:\program files\iTunes
2010-12-28 01:03 . 2010-12-28 01:03   --------   d-----w-   c:\program files\ESET
2010-12-28 00:08 . 2010-12-28 00:08   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-12-28 00:06 . 2010-12-28 05:35   --------   d-----w-   c:\program files\QuickTime
2010-12-27 04:56 . 2010-12-28 00:06   --------   d-s---w-   c:\documents and settings\Administrator
2010-12-26 15:57 . 2010-12-28 00:07   --------   d-----w-   c:\documents and settings\Dad\Application Data\Intelli-studio
2010-12-26 15:57 . 2010-12-26 15:57   --------   d-----w-   c:\program files\Samsung
2010-12-26 03:27 . 2010-12-26 03:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 03:24 . 2010-12-26 03:24   --------   d-----w-   c:\program files\Apple Software Update
2010-12-26 03:22 . 2010-12-26 03:22   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 03:22 . 2010-09-28 20:44   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-12-26 03:22 . 2010-09-28 20:44   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-12-16 00:01 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:59 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2010-12-13 07:28 . 2010-12-13 07:28   --------   d-----w-   c:\documents and settings\Mom\Application Data\vShare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 03:22 . 2007-06-25 04:05   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-11-29 22:38 . 2010-11-29 22:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-31 00:38   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-08 22:52 . 2010-11-08 22:52   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-11-08 22:03 . 2010-11-08 22:03   1   ----a-w-   c:\documents and settings\Dad\SI.bin
2010-11-06 00:26 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-28_04.49.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19   54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-01-01 18:52 . 2011-01-01 18:52   16384 c:\windows\temp\Perflib_Perfdata_408.dat
+ 2007-05-30 13:14 . 2010-12-30 20:53   53248 c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
+ 2010-12-28 05:37 . 2009-05-18 18:17   26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-12-25 23:20 . 2009-05-18 18:17   26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2004-08-04 12:00 . 2008-04-14 00:12   95744 c:\windows\system32\dllcache\scardsvr.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22   157472 c:\windows\system32\javaws.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22   145184 c:\windows\system32\javaw.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22   145184 c:\windows\system32\java.exe
- 2008-12-25 23:20 . 2008-04-17 18:12   107368 c:\windows\system32\GEARAspi.dll
+ 2008-12-25 23:20 . 2008-04-17 17:12   107368 c:\windows\system32\GEARAspi.dll
+ 2005-12-30 19:08 . 2010-12-30 00:52   162728 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-28 05:37 . 2008-04-17 17:12   107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2006-01-02 02:07 . 2010-12-31 00:39   262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2006-01-02 02:07 . 2006-01-02 02:07   262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-12-31 00:10 . 2010-12-31 00:10   228352 c:\windows\Installer\bdeb7.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22   180224 c:\windows\Installer\290323.msi
+ 2010-12-31 03:21 . 2010-12-31 03:21   675840 c:\windows\Installer\29031c.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38   380928 c:\windows\Installer\{881F5DE8-9367-4B81-A325-E91BBC6472F9}\iTunesIco.exe
+ 2010-12-28 05:38 . 2010-12-28 05:38   6248448 c:\windows\Installer\85f1f.msi
+ 2010-12-31 03:38 . 2010-12-31 03:38   1094656 c:\windows\Installer\60073.msi
+ 2010-12-28 05:18 . 2010-12-28 05:18   3141632 c:\windows\Installer\2b418.msi
+ 2010-12-28 05:16 . 2010-12-28 05:16   1568768 c:\windows\Installer\2b414.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-14 7110656]
"nwiz"="nwiz.exe" [2005-10-14 1519616]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-3-8 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24   50760   ----a-w-   c:\program files\Common Files\AOL\1136251813\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12   49152   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59   124520   -c--a-w-   c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2003-11-20 19:08   57344   ----a-w-   c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40   155648   -c--a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-14 02:15   86016   ----a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 14:13   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-08 22:02   198160   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38   247144   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05   204288   ------w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"d:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17779:TCP"= 17779:TCP:BitComet 17779 TCP
"17779:UDP"= 17779:UDP:BitComet 17779 UDP
"27555:TCP"= 27555:TCP:BitComet 27555 TCP
"27555:UDP"= 27555:UDP:BitComet 27555 UDP

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2010 7:11 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/30/2010 7:10 PM 1195008]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2010 7:10 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2010 7:11 PM 257432]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 8:14 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:05]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 13:14]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 13:14]

2011-01-01 c:\windows\Tasks\User_Feed_Synchronization-{181CDA17-A9FC-4BF4-A657-523B2F907238}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: startfreshtoday.com\www
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\jcftzkea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Photobucket Uploader em:version=1.3>: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IntelAudioStudio - c:\program files\Intel Audio Studio\IntelAudioStudio.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 13:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1328)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-01 13:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-01 18:59
ComboFix2.txt 2010-12-28 04:53

Pre-Run: 19,267,321,856 bytes free
Post-Run: 20,240,592,896 bytes free

- - End Of File - - A1CA438D6C7A017EEC9075B5768BED66

SuperDave · « **Reply #4 on:** January 01, 2011, 01:36:22 PM »

To remove AVG, use this tool.

AVG Antivirus - AVG Antivirus Remover utility

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
P2P - I see you have P2P software installed on your machine (P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*****************************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\program files\Google\Update\GoogleUpdate.exe
DDS::
Trusted Zone: startfreshtoday.com\www

Driver::
gupdate
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

***********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The

log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list].

turinj5677 · « **Reply #5 on:** January 01, 2011, 08:31:52 PM »

I was running bit comet a while back but thought I had uninstalled it. I looked at all my programs and saw myplayer and xvid. Those were two programs I didn't recognize and didn't remember installing intentionally. So I removed those two as well. Are these the p2p's you were talking about or are there others that I am missing? Here are the logs from combofix and sysprot logs:

ComboFix 11-01-01.01 - Dad 01/01/2011 20:01:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1184 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\commy.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Update\GoogleUpdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE
-------\Service_gupdate

((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 00:15 . 2011-01-02 00:15   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-01-01 18:11 . 2011-01-01 18:12   --------   d-----w-   C:\commy
2010-12-31 03:38 . 2010-12-31 03:38   388096   ----a-r-   c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 03:38 . 2010-12-31 03:38   --------   d-----w-   c:\program files\Trend Micro
2010-12-31 03:22 . 2010-12-31 03:22   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 03:22 . 2010-12-31 03:21   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-12-31 00:39 . 2010-12-31 00:39   --------   d-----w-   c:\program files\CCleaner
2010-12-31 00:11 . 2009-04-06 16:37   704384   ------w-   c:\windows\system32\drivers\SandBox.sys
2010-12-31 00:11 . 2009-02-10 21:15   257432   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2010-12-31 00:10 . 2009-02-18 22:30   31128   ----a-w-   c:\windows\system32\drivers\afw.sys
2010-12-31 00:10 . 2010-12-31 00:10   --------   d-----w-   c:\program files\Agnitum
2010-12-31 00:09 . 2010-12-31 00:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Agnitum
2010-12-30 23:03 . 2010-12-30 23:48   --------   d-----w-   c:\documents and settings\Dad\Application Data\OnlineArmor
2010-12-30 01:17 . 2010-12-30 01:17   --------   d-----w-   c:\documents and settings\Dad\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 01:17 . 2010-12-30 01:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-30 01:17   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-30 01:17 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-29 20:25 . 2010-12-29 20:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-29 20:25 . 2010-12-29 20:25   --------   d-----w-   c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-12-29 20:21 . 2010-12-29 20:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-29 02:10 . 2010-12-29 02:10   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-28 05:36 . 2010-12-28 05:36   --------   d-----w-   c:\program files\iPod
2010-12-28 05:36 . 2010-12-28 05:37   --------   d-----w-   c:\program files\iTunes
2010-12-28 01:03 . 2010-12-28 01:03   --------   d-----w-   c:\program files\ESET
2010-12-28 00:08 . 2010-12-28 00:08   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-12-28 00:06 . 2010-12-28 05:35   --------   d-----w-   c:\program files\QuickTime
2010-12-27 04:56 . 2010-12-28 00:06   --------   d-s---w-   c:\documents and settings\Administrator
2010-12-26 15:57 . 2010-12-28 00:07   --------   d-----w-   c:\documents and settings\Dad\Application Data\Intelli-studio
2010-12-26 15:57 . 2010-12-26 15:57   --------   d-----w-   c:\program files\Samsung
2010-12-26 03:27 . 2010-12-26 03:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 03:24 . 2010-12-26 03:24   --------   d-----w-   c:\program files\Apple Software Update
2010-12-26 03:22 . 2010-12-26 03:22   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 03:22 . 2010-09-28 20:44   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-12-26 03:22 . 2010-09-28 20:44   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-12-16 00:01 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:59 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2010-12-13 07:28 . 2010-12-13 07:28   --------   d-----w-   c:\documents and settings\Mom\Application Data\vShare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 03:22 . 2007-06-25 04:05   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-11-29 22:38 . 2010-11-29 22:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-31 00:38   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-08 22:52 . 2010-11-08 22:52   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-11-08 22:03 . 2010-11-08 22:03   1   ----a-w-   c:\documents and settings\Dad\SI.bin
2010-11-06 00:26 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-28_04.49.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19   54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-01-02 01:15 . 2011-01-02 01:15   16384 c:\windows\temp\Perflib_Perfdata_fc.dat
+ 2007-05-30 13:14 . 2010-12-30 20:53   53248 c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
+ 2010-12-28 05:37 . 2009-05-18 18:17   26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-12-25 23:20 . 2009-05-18 18:17   26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2004-08-04 12:00 . 2008-04-14 00:12   95744 c:\windows\system32\dllcache\scardsvr.exe
+ 2011-01-02 00:15 . 2011-01-02 00:15   28160 c:\windows\Installer\af7f2.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22   157472 c:\windows\system32\javaws.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22   145184 c:\windows\system32\javaw.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22   145184 c:\windows\system32\java.exe
+ 2008-12-25 23:20 . 2008-04-17 17:12   107368 c:\windows\system32\GEARAspi.dll
- 2008-12-25 23:20 . 2008-04-17 18:12   107368 c:\windows\system32\GEARAspi.dll
+ 2005-12-30 19:08 . 2010-12-30 00:52   162728 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-28 05:37 . 2008-04-17 17:12   107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
- 2006-01-02 02:07 . 2006-01-02 02:07   262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2006-01-02 02:07 . 2010-12-31 00:39   262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-12-31 00:10 . 2010-12-31 00:10   228352 c:\windows\Installer\bdeb7.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22   180224 c:\windows\Installer\290323.msi
+ 2010-12-31 03:21 . 2010-12-31 03:21   675840 c:\windows\Installer\29031c.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38   380928 c:\windows\Installer\{881F5DE8-9367-4B81-A325-E91BBC6472F9}\iTunesIco.exe
+ 2011-01-02 00:20 . 2011-01-02 00:20   2283008 c:\windows\Installer\af7f9.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38   6248448 c:\windows\Installer\85f1f.msi
+ 2010-12-31 03:38 . 2010-12-31 03:38   1094656 c:\windows\Installer\60073.msi
+ 2011-01-01 19:23 . 2011-01-01 19:23   3141632 c:\windows\Installer\1b6cd7.msi
+ 2011-01-01 19:21 . 2011-01-01 19:21   1568768 c:\windows\Installer\1b6cd3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-14 7110656]
"nwiz"="nwiz.exe" [2005-10-14 1519616]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-3-8 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24   50760   ----a-w-   c:\program files\Common Files\AOL\1136251813\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12   49152   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59   124520   -c--a-w-   c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2003-11-20 19:08   57344   ----a-w-   c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40   155648   -c--a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-14 02:15   86016   ----a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 14:13   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-08 22:02   198160   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38   247144   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05   204288   ------w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"d:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17779:TCP"= 17779:TCP:BitComet 17779 TCP
"17779:UDP"= 17779:UDP:BitComet 17779 UDP
"27555:TCP"= 27555:TCP:BitComet 27555 TCP
"27555:UDP"= 27555:UDP:BitComet 27555 UDP

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2010 7:11 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/30/2010 7:10 PM 1195008]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2010 7:10 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2010 7:11 PM 257432]
.
Contents of the 'Scheduled Tasks' folder

2010-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:05]

2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{181CDA17-A9FC-4BF4-A657-523B2F907238}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\jcftzkea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Photobucket Uploader em:version=1.3>: [email protected] - %profile%\extensions\[email protected]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-01-01 21:54:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-02 02:54
ComboFix2.txt 2011-01-01 18:59
ComboFix3.txt 2010-12-28 04:53

Pre-Run: 19,995,639,808 bytes free
Post-Run: 20,288,434,176 bytes free

- - End Of File - - 445BB2A96DF1B67A2657218396346DE9

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AB867000
Module End: AB87F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA624000
Module End: BA626000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: B2647A60
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwClose
Address: B262CBF0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwConnectPort
Address: B2649920
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateFile
Address: B2628F60
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateKey
Address: B2634090
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateProcess
Address: B26402B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateProcessEx
Address: B2640BB0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateSection
Address: B2627D10
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateSymbolicLinkObject
Address: B2633E40
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwCreateThread
Address: B263ED70
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDebugActiveProcess
Address: B264CF30
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDeleteFile
Address: B2632B20
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDeleteKey
Address: B2635900
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwDeleteValueKey
Address: B263C3A0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwLoadDriver
Address: B263DBB0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwMakeTemporaryObject
Address: B26336B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenFile
Address: B262BC10
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenKey
Address: B2634FC0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenProcess
Address: B2642CA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenSection
Address: B2628580
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwOpenThread
Address: B2642060
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwProtectVirtualMemory
Address: B2648DA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueryDirectoryFile
Address: B262D8A0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueryKey
Address: B2637750
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueryValueKey
Address: B2637FA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwQueueApcThread
Address: B2646ED0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRenameKey
Address: B263B590
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwReplaceKey
Address: B2639500
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRequestPort
Address: B264BA50
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRequestWaitReplyPort
Address: B264BD70
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwRestoreKey
Address: B263AD20
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSaveKey
Address: B2639C80
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSaveKeyEx
Address: B263A4D0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSecureConnectPort
Address: B264A480
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetContextThread
Address: B2646440
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetInformationDebugObject
Address: B264D520
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetInformationFile
Address: B262EBF0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetSystemInformation
Address: B263D1C0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSetValueKey
Address: B2638820
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSuspendProcess
Address: B2645190
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSuspendThread
Address: B2645AC0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwSystemDebugControl
Address: B264C770
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwTerminateProcess
Address: B2643790
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwTerminateThread
Address: B2644620
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwUnloadDriver
Address: B263E530
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

Function Name: ZwWriteVirtualMemory
Address: B26482B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\01\17-{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}-v1-{9A
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\19\19-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v19-{9
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\20\20-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v20-{9
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\21\21-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v21-{9
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\22\22-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v22-{9
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\23\23-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v23-{9
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\24\24-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v24-{9
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\01\133-{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}-v1-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\25\25-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v25-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\26\26-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v26-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\27\27-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v27-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\28\28-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v28-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\29\29-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v29-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\30\30-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v30-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\01\175-{DF1CC13D-E369-D39A-EF88-06A16758991A}-v1-{
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\45\169-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v45-
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\46\46-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v46-{
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\47\170-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v47-
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\49\171-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v49-
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\51\172-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v51-
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\52\173-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v52-
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\53\174-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v53-
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\01\188-{19BACEC6-6B29-A09D-33F2-4C8B1C206683}-v1-{9AD5F18
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\11\11-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v11-{9AD5F18
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\11\11-{A687D1DB-86D3-42DD-B993-89979A706CED}-v11-{A687D1D
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\12\12-{A687D1DB-86D3-42DD-B993-89979A706CED}-v12-{A687D1D
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\12\177-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v12-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\13\13-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v13-{9AD5F18
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\13\181-{A687D1DB-86D3-42DD-B993-89979A706CED}-v13-{9AD5F1
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\14\14-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v14-{9AD5F18
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\15\15-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v15-{9AD5F18
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\16\16-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v16-{9AD5F18
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\21\21-{A687D1DB-86D3-42DD-B993-89979A706CED}-v21-{A687D1D
Status: Hidden

Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\22\22-{A687D1DB-86D3-42DD-B993-89979A706CED}-v22-{A687D1D
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\RECYCLER\NPROTECT\00220634.
Status: Hidden

turinj5677 · « **Reply #6 on:** January 01, 2011, 09:41:29 PM »

Under Regular starting points in that second log I noticed a few things that I don't understand. I noticed a program called IMVU, which I am not familiar with and is not in my add/remove program list, or my program menu. There is something called power reg schedule I don't know what that is for. There is something for AOL, which aol appears on my add/remove program list but when I click on it, it doesn't find anything to remove. There is something about symantec. Isn't that the company that makes norton?? I haven't had that on my machine for a long time and I had downloaded a program from them to get rid of it all. And also I saw all the lines regarding bit comet, which I had uninstalled, and no longer see on my add/remove programs list or in my program menu. Should these things still all be there? How can I get rid of them?

SuperDave · « **Reply #7 on:** January 02, 2011, 12:21:35 PM »

Quote

Are these the p2p's you were talking about or are there others that I am missing?

Yes. I can't see any more P2P's.

Quote

I noticed a program called IMVU, which I am not familiar with and is not in my add/remove program list, or my program menu.

It's a shortcut for some other program. Give me a list of installed programs by doing this:

•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.
**************************************

Quote

There is something about symantec. Isn't that the company that makes norton??

Norton/Symantec Removal Tool - Norton Removal Tool
******************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

turinj5677 · « **Reply #8 on:** January 02, 2011, 05:55:58 PM »

Here is the uninstall list

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
CardRd81
CCleaner
CCScore
Clifford Phonics
Compatibility Pack for the 2007 Office system
CR2
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
GdiplusUpgrade
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Intel(R) PRO Network Connections Drivers
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
KSU
Logitech SetPoint
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mouse Suite
Mozilla Firefox (3.5.10)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
Notifier
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
OTtBP
OTtBPSDK
Outpost Firewall 2009
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SFR2
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy
Star Wars Battlefront
Star Wars JK II Jedi Outcast
Star Wars Republic Commando
staticcr
SUPERAntiSpyware
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
WIRELESS
Yahtzee 1.1.6

And here is the eset log

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\72a437bb-242dbbf5 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\62\588b6b3e-66b8d472 a variant of Java/TrojanDownloader.OpenStream.NAS trojan deleted - quarantined

SuperDave · « **Reply #9 on:** January 03, 2011, 01:24:02 PM »

How's your computer running now?

turinj5677 · « **Reply #10 on:** January 03, 2011, 01:46:12 PM »

It has been booting up better. I haven't had the blank desktop in a while. It still is running slow though. And I am still getting redirected when I click on links from search sites. I still cannot get onto windows update. I am still getting the jusched.exe has encountered a problem and needs to shut down message.

SuperDave · « **Reply #11 on:** January 03, 2011, 04:55:46 PM »

Quote

And I am still getting redirected when I click on links from search sites. I still cannot get onto windows update. I am still getting the jusched.exe has encountered a problem and needs to shut down message.

Ok. We'll try to fix these one at a time. What happens when you try to get your updates from MS?
Click Start, Control Panel and double-click System. Click the Automatic Updates tab and click on the Windows Update Web Site. Tell me if you get any errors.The latest updates you received was 9/12/2010.

turinj5677 · « **Reply #12 on:** January 03, 2011, 05:08:12 PM »

When I click on the Windows Update Web Site IE opens and I get "Windows cannot display web page"

turinj5677 · « **Reply #13 on:** January 03, 2011, 05:11:43 PM »

I can go to microsoft.com without a problem. When I click on the link for updates it says that it is checking my system for the latest update software. Then it says that the website has encountered a problem and cannot display the page I am trying to view.

SuperDave · « **Reply #14 on:** January 04, 2011, 04:54:08 PM »

Please do this whether or not you have the OS disk. If it asks for the disk, we'll know there's some corrupted files.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

turinj5677 · « **Reply #15 on:** January 04, 2011, 05:47:30 PM »

I do have an xp cd so I ran the program as you said. It did access the cd a few times. During the process I did get a window open from outpost saying that postupdate.exe was trying to modify a critical registry entry. I clicked allow. At the end of the process I got an avg notification that said threat was blocked.

File name: 9472350473.org/fg74ut7dfgju4/kucrjsinb.php
Threat name: Exploit Phoenix Exploit Kit (type 1834)

When I clicked on more info it said this:

process name c:/windows/system32/svchost.exe
process id: 1416

As I was copying this info from that window the screen blinked for a second, the taskbar changed colors for a few seconds, then the screen blinked again and it went back to normal.

turinj5677 · « **Reply #16 on:** January 04, 2011, 05:48:41 PM »

It didn't seem to make a difference at all in the way the machine is running. I still cannot access the update site.

SuperDave · « **Reply #17 on:** January 05, 2011, 04:53:30 PM »

Ok. Let's try this:

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies
•Check the box in section 1, Empty temp folders.

•Check the box in section 2, Fix Windows Installer.

•Check the box in section 3, Fix Windows Update.

•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

•Check all boxes in section 5, labeled Registration Center.

•Click Go

•OK any error messages if received, but write them down and post them here.

•Restart the computer when done.

turinj5677 · « **Reply #18 on:** January 05, 2011, 08:18:28 PM »

Dave I hope you don't mind but I am gonna post the whole log from dial-a-fix because there were many errors and most were saying the same thing about different files. I highlighted all the errors.

During the time the program was running my screen blinked twice and the task bar changed colors. The second time they never went back until after I rebooted.

Once I rebooted I got an alert from the security center saying my automatic updates were off. When I clicked on the balloon and tried to turn them on from the security center I got a little message saying that windows couldn't perform that operation at this time through the security center to go to system in the control panel and click on automatic updates. When I went to system, there was no longer an automatic update tab. When I click on windows update from program files I still get the same cannot display web page message.

The first time I re-booted after running the program the machine locked up just as the windows emblem came up. It re-booted ok after that. Since I have had the computer re-booted it has been working away. Light flashing and I hear my hard drive working like there was a scan going on. I looked at my task manager but there was no other application running except firefox. Don't know if that is anything, just seemed unusual to me.

9:12:40 PM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
[email protected] and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 76487-OEM
CPU: Intel(R) Pentium(R) D CPU 3.20GHz (~3200MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 7/11/2005
Memory (approx): 1533MB
Uptime: 0 hour(s)
Current directory: C:\Documents and Settings\Dad\Desktop\Dial-a-fix-v0.60.0.24
---

1/5/2011 9:12:40 PM -- Dial-a-fix : [v0.60.0.24] -- started
9:12:41 PM | Policy scan started
9:12:41 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
9:15:03 PM | Deleting C:\Documents and Settings\Dad\Local Settings\temp...
9:15:04 PM | C:\Documents and Settings\Dad\Local Settings\temp could not be completely emptied, please reboot and try again
9:15:04 PM | Deleting C:\WINDOWS\temp...
9:15:04 PM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
9:15:04 PM | Deleting C:\DOCUME~1\Dad\LOCALS~1\Temp...
9:15:04 PM | Re-created directory C:\DOCUME~1\Dad\LOCALS~1\Temp
--- MSI ---
9:15:11 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
9:15:18 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
9:15:18 PM | Registered: C:\WINDOWS\system32\msxml.dll
9:15:19 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
9:15:19 PM | Registered: C:\WINDOWS\system32\msxml2.dll
9:15:22 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll
9:15:23 PM | Registered: C:\WINDOWS\system32\msxml3.dll
9:15:23 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
9:15:23 PM | Registered: C:\WINDOWS\system32\msxml4.dll
9:15:24 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
9:15:24 PM | Registered: C:\WINDOWS\system32\qmgr.dll
9:15:24 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
9:15:24 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
9:15:24 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
9:15:24 PM | Registered: C:\WINDOWS\system32\muweb.dll
9:15:25 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:15:25 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:15:25 PM | Registered: C:\WINDOWS\system32\wuapi.dll
9:16:42 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
9:21:42 PM | Error during registration of C:\WINDOWS\system32\wuaueng.dll - version: 7.4.7600.226. The error returned is: The specified service has been marked for deletion.
(-2147023824)
9:21:42 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wucltui.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wups.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wups.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wups2.dll
9:21:43 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\wuweb.dll
9:21:43 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
9:21:48 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
9:21:50 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
9:21:50 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\cryptui.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\cryptext.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\dssenh.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
9:21:51 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
9:21:51 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\initpki.dll
9:22:34 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\licdll.dll
9:22:34 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\mssign32.dll
9:22:34 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
9:22:34 PM | Registered: C:\WINDOWS\system32\mssip32.dll
9:22:35 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
9:22:36 PM | Registered: C:\WINDOWS\system32\scardssp.dll
9:22:36 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
9:22:36 PM | Registered: C:\WINDOWS\system32\sccbase.dll
9:22:36 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
9:22:36 PM | Registered: C:\WINDOWS\system32\scecli.dll
9:22:37 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
9:22:37 PM | Registered: C:\WINDOWS\system32\softpub.dll
9:22:37 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
9:22:37 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
9:22:39 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
9:22:39 PM | Registered: C:\WINDOWS\system32\regwizc.dll
9:22:39 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
9:22:39 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
9:22:39 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:22:40 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:22:40 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
9:22:40 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
9:22:41 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
9:22:41 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
9:22:41 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
9:22:42 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
9:22:42 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
9:22:42 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
9:22:42 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
9:22:42 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
9:22:47 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
9:22:47 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
9:22:47 PM | Registered: C:\WINDOWS\system32\tdc.ocx
9:22:47 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
9:22:48 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
9:22:48 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
9:22:48 PM | Registered: C:\WINDOWS\system32\appwiz.cpl
9:22:48 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
9:22:49 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
9:22:49 PM | Registered: C:\WINDOWS\system32\quartz.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\danim.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dmscript.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
9:22:50 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
9:22:51 PM | Registered: C:\WINDOWS\system32\atl.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\corpol.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\jscript.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\dispex.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\scrrun.dll
9:22:51 PM | Registered: C:\WINDOWS\system32\scrobj.dll
9:22:52 PM | Registered: C:\WINDOWS\system32\vbscript.dll
9:22:52 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
9:22:52 PM | Registered: C:\WINDOWS\system32\activeds.dll
9:22:52 PM | Registered: C:\WINDOWS\system32\audiodev.dll
9:22:54 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll
9:22:54 PM | Registered: C:\WINDOWS\system32\browseui.dll
9:22:54 PM | Registered: C:\WINDOWS\system32\browsewm.dll
9:22:55 PM | Registered: C:\WINDOWS\system32\cabview.dll
9:22:55 PM | Registered: C:\WINDOWS\system32\cdfview.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\comcat.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\cscui.dll
9:22:56 PM | Registered: C:\WINDOWS\system32\credui.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\datime.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\devmgr.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmloader.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmocx.dll
9:22:57 PM | Registered: C:\WINDOWS\system32\dmview.ocx
9:22:58 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
9:22:58 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
9:22:58 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
9:22:58 PM | Registered: C:\WINDOWS\system32\dsquery.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\els.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\es.dll
9:22:59 PM | Registered: C:\WINDOWS\system32\fontext.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\hlink.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
9:23:00 PM | Registered: C:\WINDOWS\system32\iepeers.dll
9:23:00 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:26:35 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
9:29:37 PM | Registered: C:\WINDOWS\system32\ils.dll
9:29:37 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:31:18 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
9:31:19 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
9:31:19 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:32:02 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
9:32:59 PM | Registered: C:\WINDOWS\system32\laprxy.dll
9:33:00 PM | Registered: C:\WINDOWS\system32\lmrt.dll
9:33:00 PM | Registered: C:\WINDOWS\system32\mlang.dll
9:33:01 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
9:33:01 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
9:33:02 PM | Registered: C:\WINDOWS\system32\mscoree.dll
9:33:02 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18999
9:35:10 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18999
9:36:03 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
9:36:03 PM | Registered: C:\WINDOWS\system32\msieftp.dll
9:36:04 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
9:36:04 PM | Registered: C:\WINDOWS\system32\msr2c.dll
9:36:04 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:37:31 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
9:37:32 PM | Registered: C:\WINDOWS\system32\mydocs.dll
9:37:32 PM | Registered: C:\WINDOWS\system32\mstime.dll
9:37:32 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
9:37:32 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
9:37:33 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
9:37:33 PM | Registered: C:\WINDOWS\system32\netman.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\netshell.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
9:37:34 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
9:37:34 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
9:37:35 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18992
9:38:46 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18992
9:39:30 PM | Registered: C:\WINDOWS\system32\ole32.dll
9:39:31 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
9:39:31 PM | Registered: C:\WINDOWS\system32\oleacc.dll
9:39:31 PM | Registered: C:\WINDOWS\system32\olepro32.dll
9:39:31 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
9:39:32 PM | Registered: C:\WINDOWS\system32\photowiz.dll
9:39:32 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:41:06 PM | Registered: C:\WINDOWS\system32\remotepg.dll
9:41:06 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
9:41:07 PM | Registered: C:\WINDOWS\system32\rshx32.dll
9:41:07 PM | Registered: C:\WINDOWS\system32\sendmail.dll
9:41:07 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
9:41:10 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
9:41:11 PM | Registered: C:\WINDOWS\system32\shdocvw.dll
9:41:11 PM | Registered: C:\WINDOWS\system32\shell32.dll
9:41:14 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
9:41:15 PM | Registered: C:\WINDOWS\system32\shmedia.dll
9:41:15 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
9:41:16 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
9:41:16 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
9:41:16 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
9:41:16 PM | Registered: C:\WINDOWS\system32\srclient.dll
9:41:17 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
9:41:17 PM | Registered: C:\WINDOWS\system32\stobject.dll
9:41:17 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll
9:41:18 PM | Registered: C:\WINDOWS\system32\themeui.dll
9:41:18 PM | Registered: C:\WINDOWS\system32\twext.dll
9:41:21 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
9:41:21 PM | Registered: C:\WINDOWS\system32\urlmon.dll
9:41:21 PM | Registered: C:\WINDOWS\system32\userenv.dll
9:41:21 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
9:42:08 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
9:42:58 PM | Registered: C:\WINDOWS\system32\webvw.dll
9:42:58 PM | Registered: C:\WINDOWS\system32\winhttp.dll
9:42:58 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
9:42:59 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
9:42:59 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
9:42:59 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
9:42:59 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
9:43:00 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
9:43:01 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
9:43:02 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
9:43:02 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
9:43:02 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
9:43:03 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

SuperDave · « **Reply #19 on:** January 06, 2011, 12:40:19 PM »

Please run SFC again as instructed in Reply # 14

turinj5677 · « **Reply #20 on:** January 06, 2011, 02:38:13 PM »

Quote from: SuperDave on January 06, 2011, 12:40:19 PM

Please run SFC again as instructed in Reply # 14

Should I disable my anti-virus and firewall first this time??

SuperDave · « **Reply #21 on:** January 06, 2011, 05:08:43 PM »

Quote from: turinj5677 on January 06, 2011, 02:38:13 PM

Should I disable my anti-virus and firewall first this time??

No. Not necessary.

turinj5677 · « **Reply #22 on:** January 06, 2011, 07:24:15 PM »

Ok. Ran it again. No errors this time. Ran much faster too. But nothing seems to have changed with the computer. After I rebooted I tried to access windows update to no avail. IE ended up hanging up and I had to end task.

SuperDave · « **Reply #23 on:** January 06, 2011, 07:53:16 PM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

turinj5677 · « **Reply #24 on:** January 06, 2011, 08:16:23 PM »

It found one error that it cured. After reboot I am able to acess the windows update site!!

Should I go ahead and get and install my updates?

Here is the report:

2011/01/06 22:04:09.0390   TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/06 22:04:09.0390   ================================================================================
2011/01/06 22:04:09.0390   SystemInfo:
2011/01/06 22:04:09.0390
2011/01/06 22:04:09.0390   OS Version: 5.1.2600 ServicePack: 3.0
2011/01/06 22:04:09.0390   Product type: Workstation
2011/01/06 22:04:09.0390   ComputerName: THOMAS-BBFF0909
2011/01/06 22:04:09.0390   UserName: Dad
2011/01/06 22:04:09.0390   Windows directory: C:\WINDOWS
2011/01/06 22:04:09.0390   System windows directory: C:\WINDOWS
2011/01/06 22:04:09.0390   Processor architecture: Intel x86
2011/01/06 22:04:09.0390   Number of processors: 2
2011/01/06 22:04:09.0390   Page size: 0x1000
2011/01/06 22:04:09.0390   Boot type: Normal boot
2011/01/06 22:04:09.0390   ================================================================================
2011/01/06 22:04:10.0750   Initialize success
2011/01/06 22:05:12.0687   ================================================================================
2011/01/06 22:05:12.0687   Scan started
2011/01/06 22:05:12.0687   Mode: Manual;
2011/01/06 22:05:12.0687   ================================================================================
2011/01/06 22:05:13.0046   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/06 22:05:13.0093   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/06 22:05:13.0171   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/06 22:05:13.0218   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/06 22:05:13.0281   afw (f85e257cae6133fcda85332fa52b455e) C:\WINDOWS\system32\DRIVERS\afw.sys
2011/01/06 22:05:13.0328   afwcore (90b57bf63271cd3df6bb264f91e0be35) C:\WINDOWS\system32\drivers\afwcore.sys
2011/01/06 22:05:13.0468   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/06 22:05:13.0578   Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/01/06 22:05:13.0609   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/06 22:05:13.0625   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/06 22:05:13.0703   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/06 22:05:13.0734   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/06 22:05:13.0781   AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/06 22:05:13.0812   AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/06 22:05:13.0875   AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/06 22:05:13.0890   AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/06 22:05:13.0937   Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/06 22:05:13.0984   Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/06 22:05:14.0015   Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/06 22:05:14.0046   Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/06 22:05:14.0109   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/06 22:05:14.0171   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/06 22:05:14.0218   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/06 22:05:14.0250   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/06 22:05:14.0296   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/06 22:05:14.0453   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/06 22:05:14.0531   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/06 22:05:14.0593   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/06 22:05:14.0625   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/06 22:05:14.0671   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/06 22:05:14.0718   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/06 22:05:14.0765   e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/01/06 22:05:14.0828   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/06 22:05:14.0859   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/06 22:05:14.0890   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/06 22:05:14.0906   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/06 22:05:14.0953   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/06 22:05:15.0000   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/06 22:05:15.0015   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/06 22:05:15.0046   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/06 22:05:15.0078   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/06 22:05:15.0156   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/06 22:05:15.0203   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/06 22:05:15.0265   HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/06 22:05:15.0312   HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/06 22:05:15.0343   HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/06 22:05:15.0421   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/06 22:05:15.0546   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/06 22:05:15.0562   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/06 22:05:15.0656   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/06 22:05:15.0703   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/06 22:05:15.0750   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/06 22:05:15.0796   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/06 22:05:15.0828   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/06 22:05:15.0875   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/06 22:05:15.0921   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/06 22:05:15.0953   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/06 22:05:15.0984   iviVD (7bd8ff29fecc1f4ef5b26ce3ffa80ae8) C:\WINDOWS\system32\DRIVERS\iviVD.sys
2011/01/06 22:05:16.0015   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/06 22:05:16.0046   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/06 22:05:16.0093   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/06 22:05:16.0125   L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/01/06 22:05:16.0156   L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/01/06 22:05:16.0218   LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/01/06 22:05:16.0250   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/06 22:05:16.0296   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/06 22:05:16.0312   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/06 22:05:16.0359   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/06 22:05:16.0375   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/06 22:05:16.0437   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/06 22:05:16.0484   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/06 22:05:16.0531   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/06 22:05:16.0546   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/06 22:05:16.0593   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/06 22:05:16.0640   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/06 22:05:16.0687   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/06 22:05:16.0734   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/06 22:05:16.0765   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/06 22:05:16.0796   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/06 22:05:16.0828   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/06 22:05:16.0859   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/06 22:05:16.0890   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/06 22:05:16.0937   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/06 22:05:16.0968   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/06 22:05:17.0031   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/06 22:05:17.0046   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/06 22:05:17.0093   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/06 22:05:17.0140   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/06 22:05:17.0281   nv (920d2d77a9c17dc628123d16eeea5c22) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/06 22:05:17.0406   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/06 22:05:17.0421   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/06 22:05:17.0453   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/06 22:05:17.0484   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/06 22:05:17.0515   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/06 22:05:17.0562   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/06 22:05:17.0578   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/06 22:05:17.0609   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/06 22:05:17.0656   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/06 22:05:17.0796   pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/01/06 22:05:17.0843   pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/01/06 22:05:17.0937   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/06 22:05:17.0984   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/06 22:05:18.0000   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/06 22:05:18.0031   PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/01/06 22:05:18.0171   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/06 22:05:18.0218   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/06 22:05:18.0234   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/06 22:05:18.0250   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/06 22:05:18.0281   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/06 22:05:18.0328   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/06 22:05:18.0359   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/06 22:05:18.0406   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/06 22:05:18.0453   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/06 22:05:18.0515   RTSTOR (578d3aa8c0b8a575839d451a142d2973) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2011/01/06 22:05:18.0593   SandBox (57ef0a92bada411c563384c08a4a25cd) C:\WINDOWS\system32\drivers\SandBox.sys
2011/01/06 22:05:18.0656   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/06 22:05:18.0671   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/06 22:05:18.0734   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/06 22:05:18.0796   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/06 22:05:18.0828   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/06 22:05:18.0875   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/06 22:05:18.0921   sfng32 (71011e31a67514be6e5468734766f673) C:\WINDOWS\system32\drivers\sfng32.sys
2011/01/06 22:05:19.0015   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/06 22:05:19.0062   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/06 22:05:19.0109   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/06 22:05:19.0171   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/06 22:05:19.0218   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/06 22:05:19.0312   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/06 22:05:19.0359   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/06 22:05:19.0406   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/06 22:05:19.0421   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/06 22:05:19.0468   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/06 22:05:19.0562   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/06 22:05:19.0625   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/06 22:05:19.0671   USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/06 22:05:19.0734   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/06 22:05:19.0781   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/06 22:05:19.0843   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/06 22:05:19.0875   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/06 22:05:19.0921   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/06 22:05:19.0953   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/06 22:05:20.0000   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/06 22:05:20.0031   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/06 22:05:20.0062   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/06 22:05:20.0125   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/06 22:05:20.0187   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/06 22:05:20.0250   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/06 22:05:20.0328   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/06 22:05:20.0390   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/06 22:05:20.0437   \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/06 22:05:20.0437   ================================================================================
2011/01/06 22:05:20.0437   Scan finished
2011/01/06 22:05:20.0437   ================================================================================
2011/01/06 22:05:20.0453   Detected object count: 1
2011/01/06 22:05:33.0281   \HardDisk0 - will be cured after reboot
2011/01/06 22:05:33.0281   Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/06 22:05:45.0296   Deinitialize success

SuperDave · « **Reply #25 on:** January 07, 2011, 01:30:59 PM »

Quote

Should I go ahead and get and install my updates?

Yes, please. Let me know how that goes, then we'll do some cleanup.

turinj5677 · « **Reply #26 on:** January 07, 2011, 05:07:15 PM »

Ok. Things are running a lot better than they were! My browser is not redirecting anymore. Internet Explorer seems to be running trouble free so far.

There wasn't many critical updates. It started with just one, then after that one another one popped up, then one last one. They were all related to Microsoft .NET Framework. At first it told me that I had that update hidden and had to unhide it. The first was Framework itself 1.1 sp 1 . Then there was two security updates for that. (kb982670) and (kb2416447).

I have not gotten the Generic Host Processes error the last few times I have booted up, however should I go to the link you provided in reply #1 and download the hotfix??

I am still getting the jsched.exe has encountered a problem and needed to shut down.

The last few times I have shut down I have gotten a end program message that program - n is not responding.

There are several optional updates that ms is offering. Do I need any of these??

Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2447568)

Update for Root Certificates [October 2010] (KB931125)

Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930)

Update for Windows XP (KB971513)

Windows Search 4.0 for Windows XP (KB940157)

Microsoft Silverlight (KB2416427)

SuperDave · « **Reply #27 on:** January 07, 2011, 07:38:32 PM »

Quote

I am still getting the jsched.exe has encountered a problem and needed to shut down.

You can try this to disable it. If that doesn't work, we can try a new install. Please let me know.

Quote

There are several optional updates that ms is offering. Do I need any of these??

You should download them. Any program that is not kept up-to-date is a breeding ground for infections.

turinj5677 · « **Reply #28 on:** January 07, 2011, 08:30:08 PM »

So far so good on the jusched.exe. Doesn't seem to be popping up and I scheduled the it in my tasks.

I think I am all updated now!!

SuperDave · « **Reply #29 on:** January 08, 2011, 12:21:15 PM »

Ok. If there's nothing else, let's do some cleanup.
You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis.

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt
You may have a problem deleting one of the folders. In that case, just empyt the folder of whatever files you can and leave it.
**********************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore Point.
************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

turinj5677 · « **Reply #30 on:** January 08, 2011, 05:09:19 PM »

Dave, when I ran the Secunia Software Inspector it said that I needed to update my Internet Explorer and I should go to windows update to get a bunch of missing patches. But when I go to windows update it tells me there are no updates for my computer. What should I do? Here is the info from the scan:

This installation of Microsoft Internet Explorer 8.x is insecure and potentially exposes your system to security threats!

Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.

Update Instructions:
Download via Microsoft Windows Update.

Missing KB Articles:
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB980195
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB980195
KB980195
KB980195
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461

turinj5677 · « **Reply #31 on:** January 08, 2011, 06:08:41 PM »

I have ran the software inspector several times from both IE and firefox. I was able to update all the software except fro the IE patches listed above, and also it keeps saying I need to update my firefox from version 3.5.10 to the latest 3.5.16. I have downloaded the upgrade several times, and when I check from in firefox it says I am running version 3.5.16. I also checked for updates from within firefox and it said no updates were available.

SuperDave · « **Reply #32 on:** January 08, 2011, 07:15:03 PM »

Quote

when I go to windows update it tells me there are no updates for my computer. What should I do?

I would tend to agree with MicroSoft.

Quote

This installation of Microsoft Internet Explorer 8.x is insecure and potentially exposes your system to security threats!

I think IE9 is out now. I'll have to upgrade mine soon.

Quote

I have downloaded the upgrade several times, and when I check from in firefox it says I am running version 3.5.16. I also checked for updates from within firefox and it said no updates were available.

I wouldn't worry about Firefox too much, if I were you. One day you'll open it and it will tell you to upgrade. My version is also 3.5.16 and I upgrade not too long ago.

turinj5677 · « **Reply #33 on:** January 09, 2011, 04:42:06 PM »

Ok. Followed all your instructions and suggestions. So far machine is running well. Thanks so much for all your help!!

Computer Hope Forum

News:

Author Topic: no windows update, browser redirects, no task bar or icons at startup (Read 22441 times)

turinj5677

SuperDave

turinj5677

turinj5677

SuperDave

turinj5677

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

turinj5677

SuperDave

turinj5677

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

SuperDave

turinj5677

turinj5677

SuperDave

turinj5677