Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: ejeanruport on April 27, 2010, 05:44:47 PM
-
I have Verizon Wireless Internet using a USB Modem, using "VZAccess Manager" as the connection program.
I have a HP Pavillion dv8000 Laptop running Windows XP Pro, x86 Service Pack 3, I am using Internet Explorer 7 as a web browser.
April 14, 2010, AVG found a "PUP Adware Generic2.ABZP", also found evidence of the same virus on the 21st of April in different places. On April 25, 2010 AVG found "Trojan Horse Dropper Generic2.CKX". All were fixed and placed in AVG Virus Vault.
I use AVG anti-virus, Ad-Aware and have used SpyBot S&D, and Malwarebytes to check for viruses. I have disabled Restore to eliminate saving and re-infecting the computer.
These are the Log files I created using Virus & Spy Removal Guide:
I uninstalled SpyBot S&D and TeaTimer-
I am running AVG Anti Virus and Ad-Aware- I disabled Ad-Aware
I am using Online Armor as a Firewall-
I found nothing unusual in the Control Panel, I recognized most everything as having been there since I started.
I ran CCleaner but AVG shows it has tracking cookie Overture attached to it.
I do not have SUPERAntiSpyWare and could not download it from the Internet-
This is the log from mbam-
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4043
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
4/27/2010 6:00:27 PM
mbam-log-2010-04-27 (18-00-27).txt
Scan type: Quick scan
Objects scanned: 112349
Time elapsed: 6 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
My Java Version 6 Update 20
HiJack This Log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:52 PM, on 4/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" "C:\All Jeans Files\Saved email from Outlook Express\Inbox.dbx"
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C479BC32-6C3E-46DA-A943-A40BBC69B386}: NameServer = 75.116.63.154 75.116.127.154
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 7672 bytes
Thank You, Jean
[email protected]
-
These are 2 posts that I put in the wrong forum hopefully someone sees them soon as this is multiplying. Thanks Jean
Topic Starter
Rookie
Posts: 17
Thanked: 0
OS: Unknown
Experience: Familiar
Re: IE7 will not display Windows Update
« Reply #15 on: Today at 05:35:57 AM »
--------------------------------------------------------------------------------
While checking Online Armors list of "allowed" Programs, I came across "Speedy PC". It was not something I recognized as having installed on my laptop so checked for more info from Online Armor. This is the information they showed:
About Au_.exe
Size 375,487 byte(s)
Status Unknown
Vendor SpeedyPC Software (Unknown)
Product SpeedyPC
Sighting 14-Apr-10 26-Apr-10
Actions Allowed by 33% user(s)
Au_.exe Description:
SpeedyPC Installer
Also known as:
uninst.exe
What does Au_.exe do?
Cache
Installer - Installs software on your computer.
Process - a process that runs on your computer
ProcessStart
ProcessSuspend
RemoteDataModification
StartWithParams
Au_.exe Version info
Au_.exe describes itself as follows. Note that this information can easy be faked
Product Name SpeedyPC
Product Version 3.0.1.0
File Version 3.0.1.0
Copyright Copyright © 2010 SpeedyPC Software
Description SpeedyPC Installer
OA Version(s):
4.0.0.35
4.0.0.44
Locations:
Au_.exe is found in location(s)
%ProfilesDirectory%\%UserName%\AppData\Local\Temp\~nsu.tmp\
%ProgramFiles%\SpeedyPC\
Countries
Au_.exe has been sighted in the following countries
Italy 14-Apr-10 14-Apr-10
United Kingdom 20-Apr-10 20-Apr-10
United States 20-Apr-10 26-Apr-10
I find it ironic that the first sightings correspond to the first date AVG found a virus in my computer.
Tracked it down and it is located at "C\Documents and Settings\E. Jean Ruport\Local Settings\Temp\~nsu.tmp\Bu .exe"
The first time I checked with Online Armor, I am sure the exe was "Au .exe."
Also, The infection on April 24 that AVG found was "Trojan HorseDropper.Generic2.CKX" in "C:\Documents and settings\E. Jean Ruport\Desktop\a .exe"
I find this SUSPICIOUS!
It is not listed in my Program Files....
I checked it with AVG and MBAM but it showed clean in both.
As I am not able to get to Anti Virus sites on Internet Explorer could you please investigate this for me.
As for me I am going to Isolate this program as much as possible until I hear from you.
Thank you so Much for all your help and time.
Report abuse | 75.253.228.77
ejeanruport
Topic Starter
Rookie
Posts: 17
Thanked: 0
OS: Unknown
Experience: Familiar
Re: IE7 will not display Windows Update
« Reply #16 on: Today at 06:29:33 AM »
--------------------------------------------------------------------------------
7:30 AM Tried to get AVG updated and updates failed so I Just Checked Online Armor again and it now has "Cu .exe" so this file is multiplying. The program is called Speedy PC. I have blocked them through Online Armor. Don't know what else to do.
-
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
==================================
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C479BC32-6C3E-46DA-A943-A40BBC69B386}: NameServer = 75.116.63.154 75.116.127.154
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
====================================
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
thank you SuperDave for your offer to help. I have downloaded MessengerDisable.exe. It opened as soon as I unzipped it. I choose uninstall Windows Mwssenger and it checked a box to do the same for Outlook Express (uninstall from Outlook Express).. Program finished and said Windows Messenger had been uninstalled. I Exited the program but the only file I find on my desktop is the zip file. did I do it wrong? Jean
-
thank you SuperDave for your offer to help. I have downloaded MessengerDisable.exe. It opened as soon as I unzipped it. I choose uninstall Windows Messenger and it checked a box to do the same for Outlook Express (uninstall from Outlook Express).. Program finished and said Windows Messenger had been uninstalled. I Exited the program but the only file I find on my desktop is the zip file. did I do it wrong? Jean
I also was able to download SUPERAntiSpyware (before I got your email) through CNET as SuperAntiSpyware was one of the programs I could not get before I sent the first set of Virus & spyware removal log files that included MBAM and Hijack This. I ran that program and consequently The HJT file is different than the first one I ran. I am so sorry.... I screwed up.
Also I do keep my IE start page to BLANK as it suits the way I surf the net. That seems to be a worry for everyone including the Online Armor firewall.
Next question; Should I resubmit a new HJT log? Jean
-
Jean, I would like you to please send me another HJT log and then download and run ComboFix.
-
I have completed all the steps in your list including installing MS Windows Recovery Console. I ran HJT, did a system scan only, and clicked on R0, 017, 018, & 020. Then closed all windows except for HJT and clicked on Fix Checked.
I then downloaded Combo Fix and ran that. It needed the hp recovery CD which hp will not issue, so I did not have. It did create a log file and here it is:
ComboFix 10-05-01.04 - E. Jean Ruport 05/01/2010 20:26:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.285 [GMT -5:00]
Running from: C:\Documents and Settings\E. Jean Ruport\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\WindowsUpdate
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 22:35:28 . 2010-05-01 22:35:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-01 22:34:20 . 2010-05-01 22:34:20 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\SUPERAntiSpyware.com
2010-05-01 10:11:52 . 2010-05-01 02:43:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-27 04:46:35 . 2010-04-27 03:55:46 241952 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2010-04-27 04:46:34 . 2010-04-27 03:55:46 24608 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat
2010-04-27 03:55:48 . 2010-04-27 03:55:46 32 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx
2010-04-27 03:55:48 . 2010-04-27 03:55:46 32 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2010-04-26 23:28:26 . 2010-04-26 20:29:55 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\OnlineArmor
2010-04-26 20:49:22 . 2010-04-26 20:29:55 -------- d-----w- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-04-26 14:05:59 . 2010-04-25 14:45:33 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-26 11:53:49 . 2010-04-26 11:54:09 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-04-25 19:20:17 . 2010-04-25 19:20:17 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\AVG9
2010-04-25 18:51:00 . 2010-04-25 18:41:22 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\Error Fix
2010-04-25 16:35:26 . 2010-04-25 16:35:26 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\Malwarebytes
2010-04-25 16:35:10 . 2010-04-25 16:35:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-20 21:05:07 . 2010-04-20 21:05:10 95024 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-04-20 21:03:55 . 2010-04-20 22:38:21 15880 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2010-04-20 20:37:30 . 2010-04-20 20:30:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-20 20:31:19 . 2010-04-20 20:31:15 -------- dc-h--w- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-20 19:24:01 . 2010-04-20 19:12:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
2010-04-20 19:16:02 . 2010-04-20 19:16:02 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\Verizon Wireless
2010-04-20 19:09:20 . 2010-04-20 19:09:20 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\InstallShield
2010-04-20 09:13:30 . 2010-04-26 20:29:30 24440 ----a-w- C:\WINDOWS\system32\drivers\OAmon.sys
2010-04-20 09:13:14 . 2010-04-26 20:29:30 29560 ----a-w- C:\WINDOWS\system32\drivers\OAnet.sys
2010-04-20 09:13:10 . 2010-04-26 20:29:30 228216 ----a-w- C:\WINDOWS\system32\drivers\OADriver.sys
2010-04-14 23:53:08 . 2010-04-14 22:25:34 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-04-14 22:25:44 . 2010-04-14 22:25:42 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2010-04-14 22:25:42 . 2010-04-14 22:25:40 242696 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-04-14 22:25:39 . 2010-04-14 22:25:39 216200 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-04-14 22:25:38 . 2010-04-14 22:25:37 29512 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-04-14 22:17:32 . 2010-04-14 22:17:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\avg9
2010-04-14 18:32:08 . 2010-04-14 18:32:08 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\AdobeUM
2010-04-13 18:33:10 . 2006-04-14 04:53:24 69640 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 18:18:58 . 2006-04-14 04:41:00 109568 ------w- C:\WINDOWS\system32\pxinsi64.exe
2010-04-13 18:18:58 . 2006-04-14 04:41:00 108544 ------w- C:\WINDOWS\system32\pxcpyi64.exe
2010-04-13 18:02:38 . 2006-04-14 04:41:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Intuit
2010-04-13 17:34:02 . 2010-04-13 17:34:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2010-04-13 16:44:46 . 2010-04-13 16:44:46 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2010-04-13 16:44:30 . 2010-04-13 16:44:30 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\Sierra Wireless
2010-04-13 15:44:56 . 2005-08-17 17:20:54 94363 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 14:09:24 . 2010-04-13 14:07:17 137 ----a-w- C:\Documents and Settings\E. Jean Ruport\Local Settings\Application Data\fusioncache.dat
2010-04-13 13:15:03 . 2006-04-14 04:40:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2010-04-13 13:15:03 . 2006-04-14 04:01:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Sonic
2010-04-13 13:15:03 . 2006-04-14 02:40:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SBSI
2010-04-13 13:14:58 . 2006-04-14 04:44:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HP
2010-04-13 13:14:58 . 2006-04-14 04:44:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CyberLink
2010-04-13 13:14:58 . 2006-04-14 04:24:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\InstallShield
2010-04-13 13:14:55 . 2010-04-13 14:07:15 -------- d-----w- C:\Documents and Settings\E. Jean Ruport\Application Data\Intuit
2010-03-30 05:46:30 . 2010-04-26 16:00:31 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 . 2010-04-26 16:00:28 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-02-04 15:53:02 . 2010-04-20 20:37:22 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2006-08-29 10:04:48 . 2010-04-13 13:46:03 22 --sha-w- C:\WINDOWS\SMINST\HPCD.SYS
2008-04-14 10:41:58 . 2004-08-10 15:00:00 224214 --sha-r- C:\WINDOWS\system32\mbnxtssb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 14:14:02 188416]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 22:25:44 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42:18 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56:34 64512 ----a-w- C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23:50 1187840 ----a-w- C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"C:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware\\ToolBox\\AutoStart Manager\\AutoStart Manager.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\Photoshop Elements 5.0.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1518:TCP"= 1518:TCP:*:Disabled:fjakhjoy
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [4/20/2010 3:37:22 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [4/14/2010 5:25:39 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [4/14/2010 5:25:40 PM 242696]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [4/26/2010 3:29:30 PM 228216]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [4/26/2010 3:29:30 PM 24440]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [4/26/2010 3:29:30 PM 29560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30:10 PM 61440]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [4/14/2010 5:19:07 PM 916760]
R2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [4/14/2010 5:19:02 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52:57 AM 1265264]
R2 OAcat;Online Armor Helper Service;C:\Program Files\Tall Emu\Online Armor\oacat.exe [4/26/2010 3:29:29 PM 1284600]
R2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [4/26/2010 3:29:29 PM 3364856]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\drivers\HSFHWATI.sys [8/22/2005 4:06:00 AM 231424]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\drivers\nwusbser2.sys [5/9/2008 11:08:40 AM 174336]
S2 gpvcprl;ygjezyo;C:\WINDOWS\system32\svchost.exe -k netsvcs [8/10/2004 10:00:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/14/2010 5:25:33 PM 369920]
S3 bcm;WiMAX Network Adapter;C:\WINDOWS\system32\drivers\drxvi314.sys [9/3/2009 1:06:24 PM 280576]
S3 bcmbusctr;WiMAX Bus Driver;C:\WINDOWS\system32\drivers\BcmBusCtr.sys [9/3/2009 1:06:24 PM 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;C:\WINDOWS\system32\drivers\cm_net.sys [4/13/2010 11:48:39 AM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\WINDOWS\system32\drivers\cm_ser.sys [4/13/2010 11:48:46 AM 103680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;C:\WINDOWS\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23:56 PM 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03:36 PM 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gpvcprl
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" "C:\All Jeans Files\Saved email from Outlook Express\Inbox.dbx"
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.windowsupdate
TCP: {C479BC32-6C3E-46DA-A943-A40BBC69B386} = 75.116.63.154 75.116.127.154
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
After it finished I waited 20 minutes for the laptop to restart but all it gave me was the desktop, no taskbar, no start, no links, so I shut it down with the switch and restarted after 30 seconds..
Then I went online and posted this reply. I have done nothing else.. except read your reply online. I am sorry I didn't wait longer before I completed your instructions.
I will now wait for further instructions.
I am very sorry. jean
-
Jean, I would like you to please send me another HJT log and then download and run ComboFix.
Here is the HJT log "after" I ran ComboFix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:17 PM, on 5/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" "C:\All Jeans Files\Saved email from Outlook
Express\Inbox.dbx"
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C479BC32-6C3E-46DA-A943-A40BBC69B386}: NameServer = 75.116.63.154 75.116.127.154
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 7226 bytes
-
I am very sorry. jean
It's was not a big deal. Please re-enable your System Restore. An infected Restore point is better than no Restore Point.
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
* Copy the file path in the below Code box:
C:\WINDOWS\system32\mbnxtssb.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
============================
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.windowsupdate
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
How is your computer running now?
-
I have a problem.. My computer will NOT let me connect to any site that has an anti-virus address. It tells me IE cannot display this page. So is there an alternative site for Jotti's malware scan?
-
If you can't download this program on your computer please download it on another computer and burn it to a CD-RW or a DVD-RW and transfer it to your computer.
Please download RootRepeal from GooglePages.com (http://rootrepeal.googlepages.com/RootRepeal.zip).- Extract the program file to your Desktop.
- Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
(http://i39.tinypic.com/nclahc.gif)
- Select ALL of the checkboxes and then click OK and it will start scanning your system.
(http://i39.tinypic.com/2j5lb6.gif)
- If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
- When done, click on Save Report
- Save it to the Desktop.
- Please copy/paste the contents of the report in your next reply.
Please remove any e-mail address in the RootRepeal report (if present).
-
I was able to connect to RootRepeal, ran the program and saved the report. Did not find any email addresses.
RootRepeal report:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/02 18:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE8B9000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B99000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE95B000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xEF11E000 Size: 139264 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\documents and settings\e. jean ruport\application data\verizon wireless\vzaccess manager\diagnostics.txt
Status: Size mismatch (API: 446339, Raw: 446274)
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f13e0
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1c10
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef300
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fedd0
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf867787e
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eee40
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebb80
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebf90
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb440
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed480
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee0f0
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eec50
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0a00
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ff450
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ecf80
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb860
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed980
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1860
#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0f80
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1db0
#: 199 Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eff00
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0500
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fe960
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee8a0
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef6f0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eded0
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee290
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf8677bfe
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f08e0
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eea80
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee690
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee4a0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed1e0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0edcc0
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0d10
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1a30
Hidden Services
-------------------
Service Name: gpvcprl
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs
Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9bd0
#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9f20
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6990
#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8790
#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e82c0
#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9400
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7440
#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8b40
#: 401 Function Name: NtUserGetDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e97f0
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7310
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e71e0
#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9a20
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7570
#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8f20
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7a50
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7f00
#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e67a0
#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8540
#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8930
#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8ce0
#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e92b0
#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6250
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e5df0
#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e64f0
#: 555 Function Name: NtUserShowWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e91c0
==EOF==
-
I was able to connect to RootRepeal, ran the program and saved the report. Did not find any email addresses.
RootRepeal report:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/02 18:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE8B9000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B99000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE95B000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xEF11E000 Size: 139264 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\documents and settings\e. jean ruport\application data\verizon wireless\vzaccess manager\diagnostics.txt
Status: Size mismatch (API: 446339, Raw: 446274)
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f13e0
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1c10
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef300
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fedd0
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf867787e
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eee40
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebb80
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebf90
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb440
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed480
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee0f0
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eec50
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0a00
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ff450
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ecf80
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb860
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed980
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1860
#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0f80
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1db0
#: 199 Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eff00
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0500
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fe960
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee8a0
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef6f0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eded0
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee290
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf8677bfe
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f08e0
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eea80
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee690
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee4a0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed1e0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0edcc0
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0d10
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1a30
Hidden Services
-------------------
Service Name: gpvcprl
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs
Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9bd0
#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9f20
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6990
#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8790
#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e82c0
#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9400
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7440
#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8b40
#: 401 Function Name: NtUserGetDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e97f0
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7310
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e71e0
#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9a20
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7570
#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8f20
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7a50
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7f00
#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e67a0
#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8540
#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8930
#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8ce0
#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e92b0
#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6250
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e5df0
#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e64f0
#: 555 Function Name: NtUserShowWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e91c0
==EOF==
I ran the rest of your instructions. ComboFix did restart the computer, then it opened my Desktop but there was nothing on it, not the Taskbar, links or anything. I waited for 75 minutes and then rebooted it with the on/off button. Did a search for Combofix.txt and this is what I found:
ComboFix Log file:
ComboFix 10-05-01.04 - E. Jean Ruport 05/03/2010 8:32:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.186 [GMT -5:00]
Running from: C:\Documents and Settings\E. Jean Ruport\Desktop\commy.exe
Command switches used :: C:\Documents and Settings\E. Jean Ruport\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
Is this what you expected to see?
I tried to get updates to AVG but got the same message "Internet Explorer cannot display the webpage." and gave me info to correct it which I have tried several times.
Don't know what to do next. Jean
-
Did you run the ComboFix script as described in Reply #8? If not, please try to run it.
-
Did you run the ComboFix script as described in Reply #8? If not, please try to run it.
I did run the ComboFix script as you instructed in Reply #8 and added the only log file I could find and these were the results copied from my post to you on May 3, 2010, 9:16:02 AM;
"I ran the rest of your instructions. ComboFix did restart the computer, then it opened my Desktop but there was nothing on it, not the Taskbar, links or anything. I waited for 75 minutes and then rebooted it with the on/off button. Did a search for Combofix.txt and this is what I found:
ComboFix Log file:
ComboFix 10-05-01.04 - E. Jean Ruport 05/03/2010 8:32:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.186 [GMT -5:00]
Running from: C:\Documents and Settings\E. Jean Ruport\Desktop\commy.exe
Command switches used :: C:\Documents and Settings\E. Jean Ruport\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
Is this what you expected to see?
I tried to get updates to AVG but got the same message "Internet Explorer cannot display the webpage." and gave me info to correct it which I have tried several times.
Don't know what to do next. Jean"
-
Jean. Could you please delete ComboFix from your desktop, go to Reply #2 and download a new version and see if it will run. Please make sure that your Firewall is disabled before running ComboFix.
-
Jean. Could you please delete ComboFix from your desktop, go to Reply #2 and download a new version and see if it will run. Please make sure that your Firewall is disabled before running ComboFix.
I deleted Commy.exe from my desktop. Downloaded new ComboFix from Reply #2. Then I ran it per instructions in Reply #2 and I am inclosing the log it created.
I wasn't sure if that was what you wanted or if you wanted me to follow instructions in Reply #8. If you want me to re-do 8, please let me know and I will try again.
ComboFix 10-05-04.03 - E. Jean Ruport 05/04/2010 19:30:35.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.163 [GMT -5:00]
Running from: c:\documents and settings\E. Jean Ruport\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.
2010-05-03 18:24 . 2010-05-03 18:24 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-05-03 17:44 . 2010-05-03 17:44 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Smith Micro
2010-05-02 23:00 . 2010-05-02 23:00 0 ----a-w- c:\documents and settings\E. Jean Ruport\settings.dat
2010-05-02 03:17 . 2003-05-14 12:45 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2010-05-02 03:17 . 2003-05-14 12:14 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2010-05-02 03:17 . 2003-05-14 12:14 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2010-05-02 03:17 . 2003-05-14 12:45 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2010-05-02 03:17 . 2003-05-14 12:23 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2010-05-02 03:17 . 2003-05-14 12:21 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2010-05-02 03:17 . 2003-05-14 12:19 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-05-02 03:17 . 2003-05-14 12:19 51056 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-04-27 13:28 . 2003-05-14 12:24 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2010-04-27 13:28 . 2003-05-14 12:17 21488 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-04-27 13:12 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-27 13:12 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-27 03:55 . 2010-04-27 04:46 241952 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-27 03:55 . 2010-04-27 04:46 24608 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-27 02:38 . 2010-04-27 02:38 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Downloaded Installations
2010-04-26 21:48 . 2010-04-26 21:48 -------- d-----w- c:\program files\Trend Micro
2010-04-26 21:12 . 2010-04-26 21:12 -------- d-----w- c:\program files\CCleaner
2010-04-26 20:29 . 2010-04-26 23:28 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\OnlineArmor
2010-04-26 20:29 . 2010-04-26 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-04-26 20:29 . 2010-04-20 09:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-26 20:29 . 2010-04-20 09:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-26 20:29 . 2010-04-20 09:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-26 20:29 . 2010-04-26 20:29 -------- d-----w- c:\program files\Tall Emu
2010-04-26 13:46 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-26 13:46 . 2010-04-26 13:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-26 13:42 . 2010-04-26 13:42 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-26 11:55 . 2010-04-26 11:55 503808 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\msvcp71.dll
2010-04-26 11:55 . 2010-04-26 11:55 499712 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\jmc.dll
2010-04-26 11:55 . 2010-04-26 11:55 348160 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\msvcr71.dll
2010-04-26 11:54 . 2010-04-26 11:54 61440 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24184443-n\decora-sse.dll
2010-04-26 11:54 . 2010-04-26 11:54 12800 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24184443-n\decora-d3d.dll
2010-04-26 11:54 . 2010-04-26 11:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 10:56 . 2004-08-10 07:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-04-26 10:56 . 2004-08-10 07:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-04-25 19:20 . 2010-04-25 19:20 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\AVG9
2010-04-25 18:41 . 2010-04-25 18:51 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Error Fix
2010-04-25 18:40 . 2010-04-25 19:10 -------- d-----w- c:\program files\Error Fix
2010-04-25 17:03 . 2010-04-25 17:06 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 16:35 . 2010-04-25 16:35 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Malwarebytes
2010-04-25 16:35 . 2010-04-25 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-25 14:45 . 2010-04-26 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-25 14:00 . 2010-04-25 14:00 -------- d-----w- c:\windows\Sun
2010-04-20 22:38 . 2010-04-20 21:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-20 21:05 . 2010-04-20 21:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 21:05 . 2010-04-20 21:05 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-20 21:04 . 2010-04-20 21:04 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-20 21:04 . 2010-05-03 18:29 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-20 21:03 . 2010-04-20 21:04 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-20 21:03 . 2010-05-03 18:29 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-20 21:03 . 2010-05-03 18:29 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-20 21:03 . 2010-05-03 18:29 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-20 21:03 . 2010-05-03 18:28 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-20 21:03 . 2010-04-20 21:03 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-20 21:02 . 2010-05-03 18:28 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-20 21:02 . 2010-05-03 18:28 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-20 21:02 . 2010-05-03 18:28 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-20 21:01 . 2010-04-20 21:02 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-20 21:01 . 2010-04-20 21:01 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-20 21:00 . 2010-05-03 18:26 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-20 21:00 . 2010-05-03 18:26 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-20 21:00 . 2010-05-03 18:26 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-20 20:58 . 2010-05-03 18:26 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-20 20:54 . 2010-05-03 18:26 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-20 20:54 . 2010-05-03 18:24 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-20 20:53 . 2010-05-03 18:24 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-20 20:52 . 2010-05-03 18:24 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-20 20:51 . 2010-05-03 18:24 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-20 20:51 . 2010-05-03 18:24 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-20 20:37 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-20 20:31 . 2010-04-20 20:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-20 20:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-20 20:30 . 2010-04-20 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-20 20:30 . 2010-04-20 20:31 -------- d-----w- c:\program files\Lavasoft
2010-04-20 19:16 . 2010-04-20 19:16 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Verizon Wireless
2010-04-20 19:12 . 2010-04-20 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-04-20 19:12 . 2010-04-20 19:12 -------- d-----w- c:\program files\Verizon Wireless
2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- c:\program files\Novatel Wireless
2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- c:\windows\Downloaded Installations
2010-04-20 19:09 . 2010-04-20 19:09 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\InstallShield
2010-04-15 03:10 . 2010-04-15 03:10 -------- d-----w- C:\$AVG
2010-04-14 23:53 . 2010-02-23 19:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-04-14 22:25 . 2010-04-14 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 22:25 . 2010-04-14 22:25 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 22:25 . 2010-04-14 22:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 22:25 . 2010-05-03 13:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-14 22:25 . 2010-04-14 22:25 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-14 22:25 . 2010-04-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-14 22:17 . 2010-04-14 22:17 -------- d-----w- c:\program files\AVG
2010-04-14 22:17 . 2010-05-03 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-14 18:47 . 2010-04-14 18:47 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Identities
2010-04-14 18:32 . 2010-04-26 13:57 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Adobe
2010-04-14 18:32 . 2010-04-14 18:32 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\AdobeUM
2010-04-14 13:26 . 2010-04-26 00:52 -------- d-----w- c:\program files\GameHouse
2010-04-13 22:45 . 2010-04-25 02:27 -------- d-----w- c:\program files\Sierra On-Line
2010-04-13 22:45 . 2010-04-13 22:45 -------- d-----w- c:\program files\WON
2010-04-13 18:31 . 2010-04-20 20:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-13 18:19 . 2010-04-26 13:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 18:02 . 2010-04-13 18:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit
2010-04-13 18:00 . 2010-04-13 18:00 -------- d-----w- c:\program files\Common Files\supportsoft
2010-04-13 17:52 . 2007-06-28 19:09 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2010-04-13 17:52 . 2007-07-30 19:44 3518464 ----a-w- c:\windows\system32\cdintf300.dll
2010-04-13 17:37 . 2010-04-13 17:41 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-13 17:37 . 2010-04-13 17:37 -------- d-----w- c:\program files\Intuit
2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2010-04-13 17:32 . 2010-04-13 17:32 -------- d-----w- c:\program files\MSXML 4.0
2010-04-13 17:20 . 2010-04-13 17:20 -------- d-----w- c:\windows\BBSTORE
2010-04-13 17:08 . 2003-06-18 22:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-13 17:08 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-13 17:07 . 2010-04-13 17:07 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-13 17:07 . 2010-04-13 17:07 -------- d-----w- c:\windows\SHELLNEW
2010-04-13 17:05 . 2010-04-13 17:05 -------- d-----w- c:\program files\Microsoft.NET
2010-04-13 17:00 . 2010-04-13 17:00 -------- d-----r- C:\MSOCache
2010-04-13 16:48 . 2008-04-14 05:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-13 16:48 . 2008-05-29 20:53 103680 ----a-r- c:\windows\system32\drivers\cm_ser32.sys
2010-04-13 16:48 . 2008-05-29 20:53 103680 ----a-r- c:\windows\system32\drivers\cm_ser.sys
2010-04-13 16:48 . 2008-05-29 20:53 112640 ----a-r- c:\windows\system32\drivers\cm_net32.sys
2010-04-13 16:48 . 2008-05-29 20:53 112640 ----a-r- c:\windows\system32\drivers\cm_net.sys
2010-04-13 16:48 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-13 16:48 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-13 16:44 . 2010-04-13 16:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2010-04-13 16:44 . 2005-03-15 16:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2010-04-13 16:44 . 2010-04-13 16:44 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Sierra Wireless
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 03:55 . 2010-04-27 03:55 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-27 03:55 . 2010-04-27 03:55 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-26 21:39 . 2006-04-14 03:51 -------- d-----w- c:\program files\Java
2010-04-14 13:19 . 2006-04-14 04:11 -------- d-----w- c:\program files\RGB
2010-04-13 18:36 . 2006-04-14 04:29 -------- d-----w- c:\program files\WildTangent
2010-04-13 18:33 . 2006-04-14 04:53 69640 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 18:18 . 2006-04-14 04:41 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-04-13 18:18 . 2006-04-14 04:41 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-13 18:02 . 2006-04-14 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-04-13 17:18 . 2006-04-14 03:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 15:44 . 2005-08-17 17:20 94363 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 14:11 . 2006-04-14 03:48 -------- d-----w- c:\program files\HPQ
2010-04-13 14:09 . 2010-04-13 14:07 137 ----a-w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\fusioncache.dat
2010-04-13 13:29 . 2006-04-14 02:40 -------- d-----w- c:\program files\Windows Plus
2010-04-13 13:26 . 2006-04-14 04:25 -------- d-----w- c:\program files\Synaptics
2010-04-13 13:26 . 2006-04-14 04:23 -------- d-----w- c:\program files\Sonic
2010-04-13 13:25 . 2006-04-14 04:41 -------- d-----w- c:\program files\Quickensetup
2010-04-13 13:23 . 2006-04-14 04:39 -------- d-----w- c:\program files\Netscape
2010-04-13 13:23 . 2006-04-14 04:40 -------- d-----w- c:\program files\muvee Technologies
2010-04-13 13:23 . 2006-04-14 04:40 -------- d-----w- c:\program files\music_now
2010-04-13 13:23 . 2006-04-14 04:16 -------- d-----w- c:\program files\MSN Encarta Plus
2010-04-13 13:23 . 2006-04-14 04:22 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-04-13 13:22 . 2006-04-14 02:40 -------- d-----w- c:\program files\microsoft frontpage
2010-04-13 13:22 . 2006-04-14 04:32 -------- d-----w- c:\program files\HP Rhapsody
2010-04-13 13:22 . 2006-04-14 04:00 -------- d-----w- c:\program files\HP
2010-04-13 13:21 . 2006-04-14 04:06 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-13 13:21 . 2006-04-14 04:39 -------- d-----w- c:\program files\Google
2010-04-13 13:21 . 2006-04-14 02:43 -------- d-----w- c:\program files\CONEXANT
2010-04-13 13:21 . 2006-04-14 04:24 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-04-13 13:20 . 2006-04-14 04:23 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-13 13:20 . 2006-04-14 04:01 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-13 13:20 . 2006-04-14 04:40 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-13 13:20 . 2006-04-14 04:44 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-13 13:20 . 2006-04-14 03:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-13 13:20 . 2006-04-14 03:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-13 13:20 . 2006-04-14 04:00 -------- d-----w- c:\program files\Common Files\HP
2010-04-13 13:20 . 2006-04-14 04:00 -------- d-----w- c:\program files\AMD
2010-04-13 13:20 . 2006-04-14 03:48 -------- d-----w- c:\program files\ATI Technologies
2010-04-13 13:15 . 2006-04-14 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-04-13 13:15 . 2006-04-14 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-13 13:15 . 2006-04-14 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-04-13 13:14 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-04-13 13:14 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-04-13 13:14 . 2006-04-14 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-13 13:14 . 2010-04-13 14:07 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Intuit
2006-08-29 10:04 . 2010-04-13 13:46 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-04-14 10:41 . 2004-08-10 15:00 224214 --sha-r- c:\windows\system32\mbnxtssb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 12:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-11-11 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-08-01 21:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-07-25 14:14 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-12-13 21:45 507904 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-19 20:50 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\ToolBox\\AutoStart Manager\\AutoStart Manager.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\Photoshop Elements 5.0.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1518:TCP"= 1518:TCP:*:Disabled:fjakhjoy
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/20/2010 3:37 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/14/2010 5:25 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/14/2010 5:25 PM 242696]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/26/2010 3:29 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/26/2010 3:29 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/26/2010 3:29 PM 29560]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/14/2010 5:19 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/14/2010 5:19 PM 308064]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/26/2010 3:29 PM 1284600]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S2 gpvcprl;ygjezyo;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 10:00 AM 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1285864]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/26/2010 3:29 PM 3364856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/14/2010 5:25 PM 369920]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 1:06 PM 280576]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 1:06 PM 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [4/13/2010 11:48 AM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [4/13/2010 11:48 AM 103680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gpvcprl
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" "c:\all jeans files\Saved email from Outlook Express\Inbox.dbx"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: avg.com\guru
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: microsoft.com\www
TCP: {C479BC32-6C3E-46DA-A943-A40BBC69B386} = 75.116.63.154 75.116.127.154
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 19:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpvcprl]
"ServiceDll"="c:\windows\system32\mbnxtssb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2010-05-04 19:36:38
ComboFix-quarantined-files.txt 2010-05-05 00:36
Pre-Run: 43,220,975,616 bytes free
Post-Run: 43,189,379,072 bytes free
- - End Of File - - B5F3CC61B4198C50EE5448665985F74F
Thank you for your patience. Jean
-
I wasn't sure if that was what you wanted or if you wanted me to follow instructions in Reply #8. If you want me to re-do 8, please let me know and I will try again.
No. This is perfect.
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
For this reason you may want to uninstall this program.
c:\program files\Error Fix
==================================
Please read here for more information about WildTangent (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-spyware-6472). Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driver (or any program with the name WildTangent.)
======================================
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
DDS::
Trusted Zone: avg.com\guru
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: microsoft.com\www
Folder::
c:\windows\BBSTORE
DirLook::
c:\windows\SxsCaPendDel
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
What is this? c:\program files\WON
-
First of all, I did not know ERROR FIX was on my computer. Perhaps it came in at the same time as SPEEDY PC came in . I did not install either and suspected SPEEDY PC as a virus and is why I first contacted Computer Hope.
Neither ERROR FIX nor WILD TANGENT are listed in Control Panel>Add/Remove Program... So can I just delete them? I never trusted Wild Tangent and had always uninstalled it. Thought I had uninstalled it because it wasn't in Add/Remove Program.
The only registry cleaner I installed is CCleaner.
As soon as I find out from you if I can just delete these 2 programs I will complete the rest of your instructions. Thank you, Jean
-
Just go ahead and run the ComboFix script and I'll get them uninstall later. I'm curious to see if ComboFix will run the script.
-
I ran ComboFix as per your instructions. Here is the log file:
ComboFix 10-05-04.03 - E. Jean Ruport 05/05/2010 20:53:38.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.225 [GMT -5:00]
Running from: c:\documents and settings\E. Jean Ruport\Desktop\commy.exe
Command switches used :: c:\documents and settings\E. Jean Ruport\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BBSTORE
c:\windows\BBSTORE\SCOPEUSR\SOFTWARE\Genealog\EREG.INI
c:\windows\BBSTORE\SCOPEUSR\SOFTWARE\Genealog\FamiTrMa\FaTrMa11\11\EREG.INI
c:\windows\BBSTORE\SCOPEUSR\SOFTWARE\Genealog\FamiTrMa\FaTrMa11\EREG.INI
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-05 00:29 . 2010-05-05 00:36 -------- d-----w- C:\commy
2010-05-03 18:24 . 2010-05-03 18:24 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-05-03 17:44 . 2010-05-03 17:44 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Smith Micro
2010-05-02 23:00 . 2010-05-02 23:00 0 ----a-w- c:\documents and settings\E. Jean Ruport\settings.dat
2010-05-02 03:17 . 2003-05-14 12:45 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2010-05-02 03:17 . 2003-05-14 12:14 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2010-05-02 03:17 . 2003-05-14 12:14 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2010-05-02 03:17 . 2003-05-14 12:45 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2010-05-02 03:17 . 2003-05-14 12:23 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2010-05-02 03:17 . 2003-05-14 12:21 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2010-05-02 03:17 . 2003-05-14 12:19 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-05-02 03:17 . 2003-05-14 12:19 51056 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-04-27 13:28 . 2003-05-14 12:24 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2010-04-27 13:28 . 2003-05-14 12:17 21488 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-04-27 13:12 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-27 13:12 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-27 03:55 . 2010-04-27 04:46 241952 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-27 03:55 . 2010-04-27 04:46 24608 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-27 02:38 . 2010-04-27 02:38 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Downloaded Installations
2010-04-26 21:48 . 2010-04-26 21:48 -------- d-----w- c:\program files\Trend Micro
2010-04-26 21:12 . 2010-04-26 21:12 -------- d-----w- c:\program files\CCleaner
2010-04-26 20:29 . 2010-04-26 23:28 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\OnlineArmor
2010-04-26 20:29 . 2010-04-26 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-04-26 20:29 . 2010-04-20 09:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-26 20:29 . 2010-04-20 09:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-26 20:29 . 2010-04-20 09:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-26 20:29 . 2010-04-26 20:29 -------- d-----w- c:\program files\Tall Emu
2010-04-26 13:46 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-26 13:46 . 2010-04-26 13:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-26 13:42 . 2010-04-26 13:42 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-26 11:55 . 2010-04-26 11:55 503808 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\msvcp71.dll
2010-04-26 11:55 . 2010-04-26 11:55 499712 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\jmc.dll
2010-04-26 11:55 . 2010-04-26 11:55 348160 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\msvcr71.dll
2010-04-26 11:54 . 2010-04-26 11:54 61440 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24184443-n\decora-sse.dll
2010-04-26 11:54 . 2010-04-26 11:54 12800 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24184443-n\decora-d3d.dll
2010-04-26 11:54 . 2010-04-26 11:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 10:56 . 2004-08-10 07:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-04-26 10:56 . 2004-08-10 07:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-04-25 19:20 . 2010-04-25 19:20 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\AVG9
2010-04-25 18:41 . 2010-04-25 18:51 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Error Fix
2010-04-25 18:40 . 2010-04-25 19:10 -------- d-----w- c:\program files\Error Fix
2010-04-25 17:03 . 2010-04-25 17:06 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 16:35 . 2010-04-25 16:35 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Malwarebytes
2010-04-25 16:35 . 2010-04-25 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-25 14:45 . 2010-04-26 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-25 14:00 . 2010-04-25 14:00 -------- d-----w- c:\windows\Sun
2010-04-20 22:38 . 2010-04-20 21:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-20 21:05 . 2010-04-20 21:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 21:05 . 2010-04-20 21:05 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-20 21:04 . 2010-04-20 21:04 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-20 21:04 . 2010-05-03 18:29 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-20 21:03 . 2010-04-20 21:04 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-20 21:03 . 2010-05-03 18:29 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-20 21:03 . 2010-05-03 18:29 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-20 21:03 . 2010-05-03 18:29 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-20 21:03 . 2010-05-03 18:28 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-20 21:03 . 2010-04-20 21:03 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-20 21:02 . 2010-05-03 18:28 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-20 21:02 . 2010-05-03 18:28 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-20 21:02 . 2010-05-03 18:28 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-20 21:01 . 2010-04-20 21:02 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-20 21:01 . 2010-04-20 21:01 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-20 21:00 . 2010-05-03 18:26 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-20 21:00 . 2010-05-03 18:26 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-20 21:00 . 2010-05-03 18:26 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-20 20:58 . 2010-05-03 18:26 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-20 20:54 . 2010-05-03 18:26 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-20 20:54 . 2010-05-03 18:24 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-20 20:53 . 2010-05-03 18:24 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-20 20:52 . 2010-05-03 18:24 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-20 20:51 . 2010-05-03 18:24 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-20 20:51 . 2010-05-03 18:24 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-20 20:37 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-20 20:31 . 2010-04-20 20:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-20 20:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-20 20:30 . 2010-04-20 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-20 20:30 . 2010-04-20 20:31 -------- d-----w- c:\program files\Lavasoft
2010-04-20 19:16 . 2010-04-20 19:16 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Verizon Wireless
2010-04-20 19:12 . 2010-04-20 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-04-20 19:12 . 2010-04-20 19:12 -------- d-----w- c:\program files\Verizon Wireless
2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- c:\program files\Novatel Wireless
2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- c:\windows\Downloaded Installations
2010-04-20 19:09 . 2010-04-20 19:09 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\InstallShield
2010-04-15 03:10 . 2010-04-15 03:10 -------- d-----w- C:\$AVG
2010-04-14 23:53 . 2010-02-23 19:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-04-14 22:25 . 2010-04-14 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 22:25 . 2010-04-14 22:25 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 22:25 . 2010-04-14 22:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 22:25 . 2010-05-03 13:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-14 22:25 . 2010-04-14 22:25 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-14 22:25 . 2010-04-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-14 22:17 . 2010-04-14 22:17 -------- d-----w- c:\program files\AVG
2010-04-14 22:17 . 2010-05-03 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-14 18:47 . 2010-04-14 18:47 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Identities
2010-04-14 18:32 . 2010-04-26 13:57 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Adobe
2010-04-14 18:32 . 2010-04-14 18:32 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\AdobeUM
2010-04-14 13:26 . 2010-04-26 00:52 -------- d-----w- c:\program files\GameHouse
2010-04-13 22:45 . 2010-04-25 02:27 -------- d-----w- c:\program files\Sierra On-Line
2010-04-13 22:45 . 2010-04-13 22:45 -------- d-----w- c:\program files\WON
2010-04-13 18:31 . 2010-04-20 20:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-13 18:19 . 2010-04-26 13:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 18:02 . 2010-04-13 18:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit
2010-04-13 18:00 . 2010-04-13 18:00 -------- d-----w- c:\program files\Common Files\supportsoft
2010-04-13 17:52 . 2007-06-28 19:09 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2010-04-13 17:52 . 2007-07-30 19:44 3518464 ----a-w- c:\windows\system32\cdintf300.dll
2010-04-13 17:37 . 2010-04-13 17:41 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-13 17:37 . 2010-04-13 17:37 -------- d-----w- c:\program files\Intuit
2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2010-04-13 17:32 . 2010-04-13 17:32 -------- d-----w- c:\program files\MSXML 4.0
2010-04-13 17:08 . 2003-06-18 22:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-13 17:08 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-13 17:07 . 2010-04-13 17:07 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-13 17:07 . 2010-04-13 17:07 -------- d-----w- c:\windows\SHELLNEW
2010-04-13 17:05 . 2010-04-13 17:05 -------- d-----w- c:\program files\Microsoft.NET
2010-04-13 17:00 . 2010-04-13 17:00 -------- d-----r- C:\MSOCache
2010-04-13 16:48 . 2008-04-14 05:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-13 16:48 . 2008-05-29 20:53 103680 ----a-r- c:\windows\system32\drivers\cm_ser32.sys
2010-04-13 16:48 . 2008-05-29 20:53 103680 ----a-r- c:\windows\system32\drivers\cm_ser.sys
2010-04-13 16:48 . 2008-05-29 20:53 112640 ----a-r- c:\windows\system32\drivers\cm_net32.sys
2010-04-13 16:48 . 2008-05-29 20:53 112640 ----a-r- c:\windows\system32\drivers\cm_net.sys
2010-04-13 16:48 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-13 16:48 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-13 16:44 . 2010-04-13 16:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2010-04-13 16:44 . 2005-03-15 16:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2010-04-13 16:44 . 2010-04-13 16:44 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Sierra Wireless
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 03:55 . 2010-04-27 03:55 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-27 03:55 . 2010-04-27 03:55 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-26 21:39 . 2006-04-14 03:51 -------- d-----w- c:\program files\Java
2010-04-14 13:19 . 2006-04-14 04:11 -------- d-----w- c:\program files\RGB
2010-04-13 18:36 . 2006-04-14 04:29 -------- d-----w- c:\program files\WildTangent
2010-04-13 18:33 . 2006-04-14 04:53 69640 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 18:18 . 2006-04-14 04:41 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-04-13 18:18 . 2006-04-14 04:41 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-13 18:02 . 2006-04-14 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-04-13 17:18 . 2006-04-14 03:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 15:44 . 2005-08-17 17:20 94363 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 14:11 . 2006-04-14 03:48 -------- d-----w- c:\program files\HPQ
2010-04-13 14:09 . 2010-04-13 14:07 137 ----a-w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\fusioncache.dat
2010-04-13 13:29 . 2006-04-14 02:40 -------- d-----w- c:\program files\Windows Plus
2010-04-13 13:26 . 2006-04-14 04:25 -------- d-----w- c:\program files\Synaptics
2010-04-13 13:26 . 2006-04-14 04:23 -------- d-----w- c:\program files\Sonic
2010-04-13 13:25 . 2006-04-14 04:41 -------- d-----w- c:\program files\Quickensetup
2010-04-13 13:23 . 2006-04-14 04:39 -------- d-----w- c:\program files\Netscape
2010-04-13 13:23 . 2006-04-14 04:40 -------- d-----w- c:\program files\muvee Technologies
2010-04-13 13:23 . 2006-04-14 04:40 -------- d-----w- c:\program files\music_now
2010-04-13 13:23 . 2006-04-14 04:16 -------- d-----w- c:\program files\MSN Encarta Plus
2010-04-13 13:23 . 2006-04-14 04:22 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-04-13 13:22 . 2006-04-14 02:40 -------- d-----w- c:\program files\microsoft frontpage
2010-04-13 13:22 . 2006-04-14 04:32 -------- d-----w- c:\program files\HP Rhapsody
2010-04-13 13:22 . 2006-04-14 04:00 -------- d-----w- c:\program files\HP
2010-04-13 13:21 . 2006-04-14 04:06 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-13 13:21 . 2006-04-14 04:39 -------- d-----w- c:\program files\Google
2010-04-13 13:21 . 2006-04-14 02:43 -------- d-----w- c:\program files\CONEXANT
2010-04-13 13:21 . 2006-04-14 04:24 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-04-13 13:20 . 2006-04-14 04:23 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-13 13:20 . 2006-04-14 04:01 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-13 13:20 . 2006-04-14 04:40 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-13 13:20 . 2006-04-14 04:44 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-13 13:20 . 2006-04-14 03:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-13 13:20 . 2006-04-14 03:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-13 13:20 . 2006-04-14 04:00 -------- d-----w- c:\program files\Common Files\HP
2010-04-13 13:20 . 2006-04-14 04:00 -------- d-----w- c:\program files\AMD
2010-04-13 13:20 . 2006-04-14 03:48 -------- d-----w- c:\program files\ATI Technologies
2010-04-13 13:15 . 2006-04-14 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-04-13 13:15 . 2006-04-14 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-13 13:15 . 2006-04-14 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-04-13 13:14 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-04-13 13:14 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-04-13 13:14 . 2006-04-14 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-13 13:14 . 2010-04-13 14:07 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Intuit
2006-08-29 10:04 . 2010-04-13 13:46 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-04-14 10:41 . 2004-08-10 15:00 224214 --sha-r- c:\windows\system32\mbnxtssb.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SxsCaPendDel ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 12:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-11-11 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-08-01 21:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-07-25 14:14 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-12-13 21:45 507904 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-19 20:50 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\ToolBox\\AutoStart Manager\\AutoStart Manager.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\Photoshop Elements 5.0.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1518:TCP"= 1518:TCP:*:Disabled:fjakhjoy
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/20/2010 3:37 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/14/2010 5:25 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/14/2010 5:25 PM 242696]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/26/2010 3:29 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/26/2010 3:29 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/26/2010 3:29 PM 29560]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/14/2010 5:19 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/14/2010 5:19 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1285864]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/26/2010 3:29 PM 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/26/2010 3:29 PM 3364856]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S2 gpvcprl;ygjezyo;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 10:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/14/2010 5:25 PM 369920]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 1:06 PM 280576]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 1:06 PM 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [4/13/2010 11:48 AM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [4/13/2010 11:48 AM 103680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gpvcprl
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" "c:\all jeans files\Saved email from Outlook Express\Inbox.dbx"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 21:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpvcprl]
"ServiceDll"="c:\windows\system32\mbnxtssb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3948)
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tall Emu\Online Armor\OAhlp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-05 21:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-06 02:08
ComboFix2.txt 2010-05-05 00:36
Pre-Run: 43,168,882,688 bytes free
Post-Run: 43,139,354,624 bytes free
- - End Of File - - 0F213EA80674391F098CF2CE01C59048
Also checked on C:\Program Files\WON. Here are the properties for WON\Face Maker
WON\Face Maker
size. 0 bytes
size on disk. 0 bytes
Contains 0 Files. 0 Folders
Created- Tues. April 13-2010 5:45:13 PM
I have no idea where it came from...
Thanks, Jean
-
Jean, your AVG Anti-Virus is out-of-date. Please update it ASAP.
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
DeQuarantine::
c:\windows\BBSTORE
DirLook::
c:\windows\BBSTORE
Folder::
c:\program files\Error Fix
c:\program files\WildTangent
c:\program files\WON
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
Do you know anything about SxsCaPendDel? It's in C\Windows. If you can find it, please open the folder and give me the name of the exe file. The same thing for c:\windows\BBSTORE. I put it in the script to restore this folder.
-
Jean, your AVG Anti-Virus is out-of-date. Please update it ASAP.
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
Do you know anything about SxsCaPendDel? It's in C\Windows. If you can find it, please open the folder and give me the name of the exe file. The same thing for c:\windows\BBSTORE. I put it in the script to restore this folder.
First of all, I did not try to update AVG last night but I have tried every day since the 20th of April and updates could not be completed. I tried to connect to AVG.com but got the message "Internet Explorer cannot display this web page." I will try again tonight to update my anti Virus.
I have not run ComboFix yet as I just got home.
But checked out your questions concerning C:\Windows\
SxsCaPendDel and it is an empty folder created 4/25//2010 at 12:03:37 PM.
Also checked out C:\Windows\BBSTORE, I upgraded a genealogy program called Family Tree Maker v3 to Famiy Tree Maker v11 and I did it online. I have examined the file in my computer and it looks like what I use. It may just be the remnants of the download but can be deleted as I have the program CD so it can be installed again.
Will do the ComboFix after we have had dinner and send you the log. Also try to update AVG.
Thank you, Jean
-
I would suggest that you go to this site (http://www.microsoft.com/security_essentials/) download and install MicroSoft Security Essentials. Once installed, uninstall AVG. Every moment you spend on-line with an out-of-date AV is risky.
-
I still CANNOT connect to Microsoft per your shortcut. I know it is risky but I HAVE TRIED to update my anti-virus program.
This is the log file from ComboFix:
ComboFix 10-05-04.03 - E. Jean Ruport 05/06/2010 19:00:59.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.189 [GMT -5:00]
Running from: c:\documents and settings\E. Jean Ruport\Desktop\commy.exe
Command switches used :: c:\documents and settings\E. Jean Ruport\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Error Fix
c:\program files\Error Fix\PW\general.html
c:\program files\Error Fix\PW\optimizations.html
c:\program files\Error Fix\PW\privacy.html
c:\program files\Error Fix\PW\scheduler.html
c:\program files\Error Fix\PW\startup.html
c:\program files\Error Fix\PW\wizard.css
c:\program files\WildTangent
c:\program files\WildTangent\Apps\DRM0302.dll
c:\program files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\def.dat
c:\program files\WildTangent\Apps\icon.ico
c:\program files\WON
.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-06 23:48 . 2010-05-06 23:48 -------- d-----w- C:\commy10625c
2010-05-05 00:29 . 2010-05-05 00:36 -------- d-----w- C:\commy
2010-05-03 18:24 . 2010-05-03 18:24 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-05-03 17:44 . 2010-05-03 17:44 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Smith Micro
2010-05-02 23:00 . 2010-05-02 23:00 0 ----a-w- c:\documents and settings\E. Jean Ruport\settings.dat
2010-05-02 03:17 . 2003-05-14 12:45 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2010-05-02 03:17 . 2003-05-14 12:14 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2010-05-02 03:17 . 2003-05-14 12:14 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2010-05-02 03:17 . 2003-05-14 12:45 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2010-05-02 03:17 . 2003-05-14 12:23 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2010-05-02 03:17 . 2003-05-14 12:21 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2010-05-02 03:17 . 2003-05-14 12:19 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-05-02 03:17 . 2003-05-14 12:19 51056 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-04-27 13:28 . 2003-05-14 12:24 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2010-04-27 13:28 . 2003-05-14 12:17 21488 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-04-27 13:12 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-27 13:12 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-27 03:55 . 2010-04-27 04:46 241952 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-27 03:55 . 2010-04-27 04:46 24608 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-27 02:38 . 2010-04-27 02:38 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Downloaded Installations
2010-04-26 21:48 . 2010-04-26 21:48 -------- d-----w- c:\program files\Trend Micro
2010-04-26 21:12 . 2010-04-26 21:12 -------- d-----w- c:\program files\CCleaner
2010-04-26 20:29 . 2010-04-26 23:28 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\OnlineArmor
2010-04-26 20:29 . 2010-04-26 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-04-26 20:29 . 2010-04-20 09:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-26 20:29 . 2010-04-20 09:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-26 20:29 . 2010-04-20 09:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-26 20:29 . 2010-04-26 20:29 -------- d-----w- c:\program files\Tall Emu
2010-04-26 13:46 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-26 13:46 . 2010-04-26 13:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-26 13:42 . 2010-04-26 13:42 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-26 11:55 . 2010-04-26 11:55 503808 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\msvcp71.dll
2010-04-26 11:55 . 2010-04-26 11:55 499712 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\jmc.dll
2010-04-26 11:55 . 2010-04-26 11:55 348160 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55f5625f-n\msvcr71.dll
2010-04-26 11:54 . 2010-04-26 11:54 61440 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24184443-n\decora-sse.dll
2010-04-26 11:54 . 2010-04-26 11:54 12800 ----a-w- c:\documents and settings\E. Jean Ruport\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24184443-n\decora-d3d.dll
2010-04-26 11:54 . 2010-04-26 11:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 10:56 . 2004-08-10 07:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-04-26 10:56 . 2004-08-10 07:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-04-25 19:20 . 2010-04-25 19:20 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\AVG9
2010-04-25 18:41 . 2010-04-25 18:51 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Error Fix
2010-04-25 17:03 . 2010-04-25 17:06 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 16:35 . 2010-04-25 16:35 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Malwarebytes
2010-04-25 16:35 . 2010-04-25 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-25 14:45 . 2010-04-26 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-25 14:00 . 2010-04-25 14:00 -------- d-----w- c:\windows\Sun
2010-04-20 22:38 . 2010-04-20 21:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-20 21:05 . 2010-04-20 21:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 21:05 . 2010-04-20 21:05 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-20 21:04 . 2010-04-20 21:04 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-20 21:04 . 2010-05-03 18:29 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-20 21:03 . 2010-04-20 21:04 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-20 21:03 . 2010-05-03 18:29 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-20 21:03 . 2010-05-03 18:29 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-20 21:03 . 2010-05-03 18:29 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-20 21:03 . 2010-05-03 18:28 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-20 21:03 . 2010-04-20 21:03 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-20 21:02 . 2010-05-03 18:28 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-20 21:02 . 2010-05-03 18:28 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-20 21:02 . 2010-05-03 18:28 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-20 21:01 . 2010-04-20 21:02 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-20 21:01 . 2010-04-20 21:01 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-20 21:00 . 2010-05-03 18:26 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-20 21:00 . 2010-05-03 18:26 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-20 21:00 . 2010-05-03 18:26 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-20 20:58 . 2010-05-03 18:26 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-20 20:54 . 2010-05-03 18:26 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-20 20:54 . 2010-05-03 18:24 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-20 20:53 . 2010-05-03 18:24 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-20 20:52 . 2010-05-03 18:24 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-20 20:51 . 2010-05-03 18:24 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-20 20:51 . 2010-05-03 18:24 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-20 20:37 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-20 20:31 . 2010-04-20 20:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-20 20:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-20 20:30 . 2010-04-20 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-20 20:30 . 2010-04-20 20:31 -------- d-----w- c:\program files\Lavasoft
2010-04-20 19:16 . 2010-04-20 19:16 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Verizon Wireless
2010-04-20 19:12 . 2010-04-20 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-04-20 19:12 . 2010-04-20 19:12 -------- d-----w- c:\program files\Verizon Wireless
2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- c:\program files\Novatel Wireless
2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- c:\windows\Downloaded Installations
2010-04-20 19:09 . 2010-04-20 19:09 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\InstallShield
2010-04-15 03:10 . 2010-04-15 03:10 -------- d-----w- C:\$AVG
2010-04-14 23:53 . 2010-02-23 19:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-04-14 22:25 . 2010-04-14 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 22:25 . 2010-04-14 22:25 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 22:25 . 2010-04-14 22:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 22:25 . 2010-05-03 13:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-14 22:25 . 2010-04-14 22:25 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-14 22:25 . 2010-04-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-14 22:17 . 2010-04-14 22:17 -------- d-----w- c:\program files\AVG
2010-04-14 22:17 . 2010-05-03 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-14 18:47 . 2010-04-14 18:47 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Identities
2010-04-14 18:32 . 2010-04-26 13:57 -------- d-----w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\Adobe
2010-04-14 18:32 . 2010-04-14 18:32 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\AdobeUM
2010-04-14 13:26 . 2010-04-26 00:52 -------- d-----w- c:\program files\GameHouse
2010-04-13 22:45 . 2010-04-25 02:27 -------- d-----w- c:\program files\Sierra On-Line
2010-04-13 18:31 . 2010-04-20 20:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-13 18:19 . 2010-04-26 13:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 18:02 . 2010-04-13 18:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit
2010-04-13 18:00 . 2010-04-13 18:00 -------- d-----w- c:\program files\Common Files\supportsoft
2010-04-13 17:52 . 2007-06-28 19:09 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2010-04-13 17:52 . 2007-07-30 19:44 3518464 ----a-w- c:\windows\system32\cdintf300.dll
2010-04-13 17:37 . 2010-04-13 17:41 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-13 17:37 . 2010-04-13 17:37 -------- d-----w- c:\program files\Intuit
2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2010-04-13 17:32 . 2010-04-13 17:32 -------- d-----w- c:\program files\MSXML 4.0
2010-04-13 17:08 . 2003-06-18 22:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-13 17:08 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-13 17:07 . 2010-04-13 17:07 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-13 17:07 . 2010-04-13 17:07 -------- d-----w- c:\windows\SHELLNEW
2010-04-13 17:05 . 2010-04-13 17:05 -------- d-----w- c:\program files\Microsoft.NET
2010-04-13 17:00 . 2010-04-13 17:00 -------- d-----r- C:\MSOCache
2010-04-13 16:48 . 2008-04-14 05:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-13 16:48 . 2008-05-29 20:53 103680 ----a-r- c:\windows\system32\drivers\cm_ser32.sys
2010-04-13 16:48 . 2008-05-29 20:53 103680 ----a-r- c:\windows\system32\drivers\cm_ser.sys
2010-04-13 16:48 . 2008-05-29 20:53 112640 ----a-r- c:\windows\system32\drivers\cm_net32.sys
2010-04-13 16:48 . 2008-05-29 20:53 112640 ----a-r- c:\windows\system32\drivers\cm_net.sys
2010-04-13 16:48 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-13 16:48 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-13 16:44 . 2010-04-13 16:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2010-04-13 16:44 . 2005-03-15 16:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2010-04-13 16:44 . 2010-04-13 16:44 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Sierra Wireless
2010-04-13 16:44 . 2009-10-30 21:52 28288 ----a-w- c:\windows\system32\drivers\swmsflt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 03:55 . 2010-04-27 03:55 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-27 03:55 . 2010-04-27 03:55 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-26 21:39 . 2006-04-14 03:51 -------- d-----w- c:\program files\Java
2010-04-14 13:19 . 2006-04-14 04:11 -------- d-----w- c:\program files\RGB
2010-04-13 18:33 . 2006-04-14 04:53 69640 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 18:18 . 2006-04-14 04:41 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-04-13 18:18 . 2006-04-14 04:41 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-13 18:02 . 2006-04-14 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-04-13 17:18 . 2006-04-14 03:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 15:44 . 2005-08-17 17:20 94363 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 14:11 . 2006-04-14 03:48 -------- d-----w- c:\program files\HPQ
2010-04-13 14:09 . 2010-04-13 14:07 137 ----a-w- c:\documents and settings\E. Jean Ruport\Local Settings\Application Data\fusioncache.dat
2010-04-13 13:29 . 2006-04-14 02:40 -------- d-----w- c:\program files\Windows Plus
2010-04-13 13:26 . 2006-04-14 04:25 -------- d-----w- c:\program files\Synaptics
2010-04-13 13:26 . 2006-04-14 04:23 -------- d-----w- c:\program files\Sonic
2010-04-13 13:25 . 2006-04-14 04:41 -------- d-----w- c:\program files\Quickensetup
2010-04-13 13:23 . 2006-04-14 04:39 -------- d-----w- c:\program files\Netscape
2010-04-13 13:23 . 2006-04-14 04:40 -------- d-----w- c:\program files\muvee Technologies
2010-04-13 13:23 . 2006-04-14 04:40 -------- d-----w- c:\program files\music_now
2010-04-13 13:23 . 2006-04-14 04:16 -------- d-----w- c:\program files\MSN Encarta Plus
2010-04-13 13:23 . 2006-04-14 04:22 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-04-13 13:22 . 2006-04-14 02:40 -------- d-----w- c:\program files\microsoft frontpage
2010-04-13 13:22 . 2006-04-14 04:32 -------- d-----w- c:\program files\HP Rhapsody
2010-04-13 13:22 . 2006-04-14 04:00 -------- d-----w- c:\program files\HP
2010-04-13 13:21 . 2006-04-14 04:06 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-13 13:21 . 2006-04-14 04:39 -------- d-----w- c:\program files\Google
2010-04-13 13:21 . 2006-04-14 02:43 -------- d-----w- c:\program files\CONEXANT
2010-04-13 13:21 . 2006-04-14 04:24 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-04-13 13:20 . 2006-04-14 04:23 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-13 13:20 . 2006-04-14 04:01 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-13 13:20 . 2006-04-14 04:40 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-13 13:20 . 2006-04-14 04:44 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-13 13:20 . 2006-04-14 03:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-13 13:20 . 2006-04-14 03:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-13 13:20 . 2006-04-14 04:00 -------- d-----w- c:\program files\Common Files\HP
2010-04-13 13:20 . 2006-04-14 04:00 -------- d-----w- c:\program files\AMD
2010-04-13 13:20 . 2006-04-14 03:48 -------- d-----w- c:\program files\ATI Technologies
2010-04-13 13:15 . 2006-04-14 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-04-13 13:15 . 2006-04-14 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-13 13:15 . 2006-04-14 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-04-13 13:14 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-04-13 13:14 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-04-13 13:14 . 2006-04-14 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-13 13:14 . 2010-04-13 14:07 -------- d-----w- c:\documents and settings\E. Jean Ruport\Application Data\Intuit
2006-08-29 10:04 . 2010-04-13 13:46 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-04-14 10:41 . 2004-08-10 15:00 224214 --sha-r- c:\windows\system32\mbnxtssb.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\BBSTORE ----
((((((((((((((((((((((((((((( SnapShot@2010-05-05_00.34.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-07 00:07 . 2010-05-07 00:07 16384 c:\windows\temp\Perflib_Perfdata_7c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 22:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 12:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-11-11 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-08-01 21:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-07-25 14:14 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-12-13 21:45 507904 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-19 20:50 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\ToolBox\\AutoStart Manager\\AutoStart Manager.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\Photoshop Elements 5.0.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1518:TCP"= 1518:TCP:*:Disabled:fjakhjoy
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/20/2010 3:37 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/14/2010 5:25 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/14/2010 5:25 PM 242696]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/26/2010 3:29 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/26/2010 3:29 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/26/2010 3:29 PM 29560]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/14/2010 5:19 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/14/2010 5:19 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1285864]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/26/2010 3:29 PM 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/26/2010 3:29 PM 3364856]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S2 gpvcprl;ygjezyo;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 10:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/14/2010 5:25 PM 369920]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 1:06 PM 280576]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 1:06 PM 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [4/13/2010 11:48 AM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [4/13/2010 11:48 AM 103680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gpvcprl
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" "c:\all jeans files\Saved email from Outlook Express\Inbox.dbx"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 19:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpvcprl]
"ServiceDll"="c:\windows\system32\mbnxtssb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3652)
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Tall Emu\Online Armor\OAhlp.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-06 19:16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 00:15
ComboFix2.txt 2010-05-06 02:08
ComboFix3.txt 2010-05-05 00:36
Pre-Run: 43,118,047,232 bytes free
Post-Run: 43,088,031,744 bytes free
- - End Of File - - 350B5C71723B4640D09033A567AA9FF9I would suggest that you go to this site (http://www.microsoft.com/security_essentials/) download and install MicroSoft Security Essentials. Once installed, uninstall AVG. Every moment you spend on-line with an out-of-date AV is risky.
-
I still CANNOT connect to Microsoft per your shortcut. I know it is risky but I HAVE TRIED to update my anti-virus program.
I'm sorry. I can just imagine how frustrating that can be. Do you get any error besides "page cannot be displayed" ?
Let's see if we can run these.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post
====================================
I'd like us to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I had kept SUPERAntiSpyware.exe in my own file, so U re-installed it. While trying to download updates, it is not happening yet. so went to your post to update from there by could not find a link. Sorry I am such a nuisance. If you can post it please, will you do it?
Also, if you want to scan my computer you can do so but do you want me to do the SUPERAntiSpyware scan first? (If I can get updates first)
I just remember something else about the "Internet Explorer cannot display the webpage". When that shows up there is an option to check connection to Internet. And even though I have the internet open and Computer Hope web page up, when I have it check the connection it says I am NOT connected..... Does that jog any memories for you??
I'm sorry. I can just imagine how frustrating that can be. Do you get any error besides "page cannot be displayed" ?
Let's see if we can run these.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post
====================================
I'd like us to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
so went to your post to update from there by could not find a link. Sorry I am such a nuisance. If you can post it please, will you do it?
There is no link for updates of SAS. You just have to click on the update button and hope for the best.
When that shows up there is an option to check connection to Internet. And even though I have the internet open and Computer Hope web page up, when I have it check the connection it says I am NOT connected..... Does that jog any memories for you??
You should only get that when you're unable to connect to a link. It's a diagnostic tool to check if your computer is receiving a signal from your modem or router. If you're getting the Computer Hope page, it is connecting. I have to figure out why it's only connecting to certain sites.I'm consulting with my mentor to see if he knows what's happening here.
Please run SAS without the updates and then run the ESET scan if possible.
-
There is no link for updates of SAS. You just have to click on the update button and hope for the best.
You should only get that when you're unable to connect to a link. It's a diagnostic tool to check if your computer is receiving a signal from your modem or router. If you're getting the Computer Hope page, it is connecting. I have to figure out why it's only connecting to certain sites.I'm consulting with my mentor to see if he knows what's happening here.
Please run SAS without the updates and then run the ESET scan if possible.
Super Dave you have been most patient with my computer problem, and of course with my frustration.
I decided that I could either fix it myself or do a destructive recovery on my computer.
My computer originally came with SP1, so I decided to uninstall SP3. As soon as I did that I was able to get my updates. I re-installed SP3- Then installed Framework 2-3. Then proceeded to install AVG again and got the updates to that also.
Then I decided to get the rest of the Windows Updates and allowed Windows to tell me which ones to get. Bad mistake!!! AVG caught a "Trojan horse Agent2.ASCL" in Windows\system32\mbnxtssb.dll for Microsofts' MRT.exe....
Hurrah for Microsoft.. Now if I can just get some help from them without paying their $45.00 fee.
Anyway Thank you so much for all your help Jean
-
Jean, I would dump AVG and download MicroSoft Security Essentials (http://http://www.microsoft.com/security_essentials/) to your computer. I've been using this on my computers for some time with no problems. Of course, you should install MSE first then uninstall AVG. There is also another tool already installed on your computer to run scans. It's call MRT. We don't use it much on-line because it doesn't produce a log but I use it on my computers all the time. The warning from AVG is probably a false-positive.
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Please let me know how you end up with this?
-
Jean, I would dump AVG and download MicroSoft Security Essentials (http://http://www.microsoft.com/security_essentials/) to your computer. I've been using this on my computers for some time with no problems. Of course, you should install MSE first then uninstall AVG. There is also another tool already installed on your computer to run scans. It's call MRT. We don't use it much on-line because it doesn't produce a log but I use it on my computers all the time. The warning from AVG is probably a false-positive.
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Please let me know how you end up with this?
Hi Dave, Things are on the way up now. I installed Ad-Aware v9, and had it run a scan and it found the parent "Agent", plus 2 other files that it considered a 10 in the threat range and I was advised to start my machine to completely remove them.
I got the virus into my machine while downloading Windows Update. I was so frantic to get Windows Update as I wanted to run MSRT and knew it was updated every month. I was suspicious of it when it came in as MRT. But after Ad-Aware completed it's scan, I did run MRT and it showed NO Suspicious files found. So I am assuming I am okay for now.
I have been running AVG and AD-Aware for about 2 years and this is my first major problem.. Most of our kids have had major viruses and I have been able to clean them up but this one stumped me.
I am so gratefull for your help but I think I will stick with AVG and Ad-Aware for now plus Spybot S&D, Malwarebytes, MSRT, and SUPERAntiSpyware as extra tools. I do need to look for a different Firewall though as I had been using Windows Firewall. Then on recommendations from the people at Computer Hope I downloaded Online Armor. I did not like that program. I will continue to use Windows Firewall until I find a different one.
I am not completely convinced that Microsoft Security Essentials is what I want to use. I am not sure they have a strong enough program. but thanks for the suggestion. I may keep it in my arsenal as I know not one program can get all viruses. It's just us against the bugs.
Thank you again for all your help. Jean
-
Jean, MSE is an AV program so you should have only on AV program running on your computer at any time. It has a 98% efficiency rating and is not a resource hog like other AV programs.
======================================
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
======================================
Download OTC by OldTimer (http://oldtimer.geekstogo.com/OTC.exe) and save it to your desktop.
1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.
================================================
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
=======================================
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
======================================
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Dave, I think I will stick with what I now have set up on my computer.
I do Not have full time connection to the internet. Most days I am only online for 45 to 90 seconds. And I do not see that changing.
I have already uninstalled all "Commy" programs and removed all files....
I have IE set up to not save files in history and delete temp files After 24 hours....
I run disk cleanup on a weekly basis, and do a search for *.tmp files regularly and delete them.
I do a complete scan of my computer files by AVG Anti Virus once a week.... and when I have made a lot of changes to my programs, I run RegScrub. So I think I have most things covered.
I will investigate Firewall programs, but for now I will keep Windows Firewall activated.
so thank you any way. I am going to disconnect from this thread after this response to you.
Thanks again, Jean
-
You might want to reconsider using RegScrub after reading this:
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)