Computer Hope
Software => Computer viruses and spyware => Topic started by: indy777 on June 04, 2009, 08:22:09 PM
-
I have been going through the Virus and Spyware section Guidelines doing what I can and bypassing the rest.
I don't have Spybot so bypassed that one.
Malware removal steps: I am not able to delete from programs and features in the control pane, bypassed.
Step A: I had AVG free edition but it's not working. I downloaded Avast Home Edition to a removable USB drive as you suggested and that worked. Program is running fine.
Step 1: Bypassed
Step 2: Downloaded CCleaner Slim to the USB drive and then to the suspect computer. Then run program. Note: I used my laptop to download these programs as the suspect computer will not let me download.
Step 3: Download Superantispyware program and run scan as suggested. Log attached.
Step 4: Download Malwarebytes, did quick scan. Log attached
Step 5: I have the updated Java version.
Step 6: Download HJT, did a system scan and saved log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/04/2009 at 05:09 PM
Application Version : 4.26.1004
Core Rules Database Version : 3910
Trace Rules Database Version: 1854
Scan type : Complete Scan
Total Scan Time : 01:10:22
Memory items scanned : 289
Memory threats detected : 0
Registry items scanned : 8162
Registry threats detected : 0
File items scanned : 135778
File threats detected : 0
_________________________________
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1
6/4/2009 6:24:22 PM
mbam-log-2009-06-04 (18-24-22).txt
Scan type: Quick Scan
Objects scanned: 77430
Time elapsed: 3 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
________________________________
Logfile of sniper.exe
Scan saved at 8:36:00 PM, on 6/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
L:\sniper.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PCH Search & Win Toolbar - {4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: PCH Search & Win Toolbar - {4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238037238405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238036811723
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10360 bytes
-
I am NOT trying to bump my thread honestly, but I have some added information.
I can't run Superantispyware from windows, only from the SAFE MODE. The program stops on the 2nd item every time, which is: C:\windows\system32\ntdll.dll
The log attached to my previous message was run from the SAFE MODE.
Also I can't get the program to shut down at all even from the task manager. I have to reboot to get it to go away.
Don't know if this would make a difference or not.
Thanks
-
This does not appear to be a malware issue.
Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
-
Here is the uninstall list:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
AI RoboForm (All Users)
ArcSoft Panorama Maker 3
avast! Antivirus
AVG Free 8.5
CCleaner (remove only)
Enhanced Multimedia Keyboard Solution
Eraser 5.86
GoodSync
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HDView for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Picasso Media Center Add-In
HP Product Detection
HP Total Care Advisor
HP Update
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
Natural Color Pro
Nikon Message Center
NVIDIA Drivers
PCH Search & Win Toolbar
PCsync
PictureProject
Python 2.4.3
RealPlayer
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
The Weather Channel Desktop 6
Undelete Plus 2.98
Uniblue RegistryBooster 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Vuze
Webshots Desktop
Windows Live Sign-in Assistant
Yahoo! Toolbar for Internet Explorer
-
Multiple antivirus warning!
- avast! Antivirus
- AVG Free 8.5
Microsoft (http://www.microsoft.com/uk/athome/security/protect/antivirus.mspx), Kaspersky (http://www.kaspersky.com/faq?chapter=170704655&qid=169326413) and Symantec (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206) recommend that you do not have more than one antivirus product installed and running on your computer at the same time.
The real-time protection of two antivirus programs may conflict with each other and cause the following:
* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
You need to pick one and uninstall the other. That may be part, or all of, the problem.
I also suggest uninstalling Uniblue RegistryBooster 2.
After that restart the computer and let me know how it is now. If the problem is still there let me know what errors you get.
-
That is part of the problem, I can't uninstall anything. Either from the program unistall software that comes with the program (AVG) or from the Programs and Features in the control panel. I can't delete any programs.
-
What antivirus do you want to keep?
-
Do you have any suggestions as to which one is better
-
Avast, in my opinion, is better.
Right click HijackThis and select 'Run as Administrator' then select Do a system scan only.
Place a check mark next to the following entries: (if there)
- O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
- O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
- O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
- O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
- O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
- O20 - AppInit_DLLs: avgrsstx.dll
- O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
.
Important: Close all windows except for HijackThis and then click Fix checked. If HijackThis asks you to restart choose No.
Exit HijackThis.
----------
Open HijackThis, but instead of scanning, click on the Open the MISC tools section button at the bottom of the choices.
Copy this red text -> avg8wd
- In HijackThis select Delete an NT Service
- Paste the text into the box that opens and then click OK
- If you receive any error messages just ignore them and continue.
- Now repeat the above to delete the below Services (if you do not find them or get any errors, just continue):
.
Now exit HijackThis and reboot when it tells you it needs to.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Won't let me "Run As Administrator" The screen locks up and I have to go to task manager to shut down. This happens on anything I try to run as administrator.
-
Try restarting in safe mode and running the fix. http://www.computerhope.com/issues/chsafe.htm#03
-
I got to the part "Delete an NT service" and typed in the AVG8wd and got a message saying AVG was running and in order to delete it has to be shut down.
I can't open the interface to shut down and don't know how else to do it. I went back and did another scan and: o23-service:AVG Free8 Watch dog, which is the last item I checked before hitting Fix checked and it is still there. The others I checked are gone but not that one. I went through the procedure again thinking I might have missed checking it but same results. Still there.
-
Go to Start > Run and type Notepad.exe then click OK.
Copy and paste the following text within the code box into the new Notepad file.
@ECHO OFF
sc stop "avg8wd"
sc delete "avg8wd"
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.
Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.
----------
Now see if you can run ComboFix.
-
I cannot get the combo fix to download to desktop or to memory stick. I have been downloading to the stick and it's been working but for some reason not this time. Tried several times to save to desktop, to removeable drive. It looks like it's down loading but I don't where. I've tried it in safe mode and regular start up.
-
Try an online scanner.
This scanner works with Internet Explorer only!
Scan with the BitDefender Online Scanner (http://www.bitdefender.com/scan8/ie.html)
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.
Once BitDefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report
(http://i154.photobucket.com/albums/s258/evilfantasy69/Tutorials/bit.jpg)
This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
You will have to upload the file online. The forums will not accept HTML.
Go to File Dropper (http://www.filedropper.com/)
Click Upload
Locate the file and double click it.
Copy the link below Share This Link: and post it back here.
-
I ran the bitdefender on line scan and saved the file. Went to the file dropper site paid the monthly fee and then rebooted to get out of safe mode. The computer did not start up right. I was given the option to repair or go to a restore point. Tried the repair option but didn't work and had to restore from a previous point. So I've lost all the programs I installed and of course the files and logs. Back to square one. I am going to start in the morning, I've had enough for one day. I really appreciate all the help you have given me, just bare with me I'll get back to this point again. :(
Thanks
-
Went to the file dropper site paid the monthly fee
What? It's a free service with a paid option for more space. Anything I suggest will always be 100% free.
Did you get the file uploaded to FileDropper so I can see it? I really need to get some names and locations of the malware to know what to do next. Do you remember if anything was called Virut or Sality?
-
Maybe I read it wrong but File dropper wouldn't let me proceed with out making a payment of some kind. The cheapest option was .99 a month so I went with that. Not that much and I can drop it at any time.
I had saved the file from Bitdefender on my desk top so it was lost when I rebooted. I do remember it was a Trojan virus but don't remember the name. There was a total of two. Can I proceed to the Bitdefender on line scan again without going through all the other programs as before?
You are right, I went back and found that you can upload 2 G free, more than that cost extra. Sorry, my mistake ;D
-
Yes try BitDefender again and post the results.
-
I finally got combo fix downloaded and tried to run the program. Got a message saying "comodo antivirus and comodo defense +" is running and needs to be shut down first. I have no idea where this is at, it never showed up in uninstall manager or in programs list. Now we have to find a way to shut them down.
-
Is Comodo what you use for your antivirus or is it Avast?
Just continue on with ComboFix. It should still run.
-
I run Avast. The comodo shouldn't be there, it is from one I used and didn't like it and deleted it, I thought.
I will continue on with the Combo fix
-
ComboFix 09-06-05.09 - William Michels 06/06/2009 23:07.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00]
Running from: c:\users\William Michels\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cluster 119497.PIF
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 03:15 . 2009-06-07 03:15 -------- d-----w- c:\users\William Michels\AppData\Local\temp
2009-06-06 20:27 . 2009-06-07 03:11 -------- d---a-w- \Qoobox
2009-06-06 19:19 . 2009-06-06 19:19 -------- d-----w- c:\users\William Michels\AppData\Local\COMODO
2009-06-06 19:19 . 2009-06-06 19:19 -------- d-----w- c:\users\WILLIA~1\AppData\Local\COMODO
2009-06-06 17:16 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 15:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-06 15:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-06 15:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-06 15:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-06 15:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-06 15:40 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42 . 2009-06-07 02:59 117760 ----a-w- c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15 . 2009-06-06 02:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 02:09 . 2009-06-06 02:13 -------- d-----w- c:\program files\CCleaner
2009-06-05 22:50 . 2009-06-06 18:57 -------- d-----w- c:\windows\BDOSCAN8
2009-06-04 21:36 . 2009-06-06 15:30 680 ----a-w- c:\users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:36 . 2009-06-06 15:30 680 ----a-w- c:\users\WILLIA~1\AppData\Local\d3d9caps.dat
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-06 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-04 17:35 . 2009-06-04 17:35 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-06 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-04 17:31 . 2009-06-04 17:31 -------- d-----w- c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-04 17:31 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33 . 2009-06-03 01:33 -------- d-----w- c:\program files\Alwil Software
2009-05-31 23:31 . 2009-06-01 00:33 -------- d-----w- c:\program files\SpywareBlaster
2009-05-28 21:20 . 2009-05-30 23:58 -------- d-----w- c:\users\William Michels\AppData\Roaming\System Tweaker
2009-05-28 21:20 . 2009-05-30 23:58 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\System Tweaker
2009-05-27 19:29 . 2009-06-06 04:53 -------- d-----w- c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07 . 2009-06-07 02:49 408464 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-05-27 16:25 . 2009-05-27 19:28 28704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-27 16:25 . 2009-05-27 19:28 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-27 16:25 . 2009-05-27 19:28 130080 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-24 23:26 . 2009-06-06 04:52 -------- d-----w- c:\program files\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26 -------- d-----w- c:\users\William Michels\AppData\Roaming\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\tinySpell
2009-05-10 22:04 . 2009-05-10 22:04 10769104 ----a-w- c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 03:03 . 2008-02-15 22:37 2325553152 --sha-w- \pagefile.sys
2009-06-06 15:27 . 2008-08-15 02:27 -------- d-----w- c:\program files\Uniblue
2009-06-06 04:53 . 2009-04-22 21:51 -------- d-----w- c:\users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:53 . 2009-04-22 21:51 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\uTorrent
2009-06-06 04:52 . 2008-11-20 19:31 -------- d-----w- c:\program files\searchandwintoolbar
2009-06-06 04:52 . 2008-09-04 23:41 -------- d-----w- c:\program files\LimeWire
2009-06-06 04:52 . 2008-02-02 02:58 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-06-06 04:52 . 2008-02-02 02:47 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-06-06 04:52 . 2008-02-02 02:47 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-06 04:52 . 2009-05-07 22:21 -------- d-----w- c:\program files\TouchStoneSoftware
2009-06-02 03:10 . 2008-08-23 19:49 -------- d-----w- c:\program files\Coupons
2009-05-31 19:53 . 2008-09-05 23:38 20 ---h--w- c:\progra~2\PKP_DLec.DAT
2009-05-31 19:53 . 2008-09-05 23:28 20 ---h--w- c:\progra~2\PKP_DLds.DAT
2009-05-30 20:40 . 2008-08-14 01:53 -------- d-----w- c:\program files\google
2009-05-30 19:55 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\progra~2\comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\program files\COMODO
2009-05-29 21:48 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(61)
2009-05-29 00:05 . 2008-09-04 23:41 -------- d-----w- c:\users\William Michels\AppData\Roaming\LimeWire
2009-05-29 00:05 . 2008-09-04 23:41 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\LimeWire
2009-05-28 21:17 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(62)
2009-05-28 20:31 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(54)
2009-05-17 15:26 . 2009-04-01 16:51 68640 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-14 14:45 . 2008-02-02 02:54 -------- d-----w- c:\progra~2\Microsoft Help
2009-05-14 14:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 23:18 . 2008-08-23 18:41 -------- d-----w- c:\users\William Michels\AppData\Roaming\GoodSync
2009-05-09 23:18 . 2008-08-23 18:41 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\GoodSync
2009-05-07 22:46 . 2009-04-11 03:35 -------- d-----w- c:\users\William Michels\AppData\Roaming\Azureus
2009-05-07 22:46 . 2009-04-11 03:35 -------- d-----w- c:\users\WILLIA~1\AppData\Roaming\Azureus
2009-05-07 18:13 . 2009-05-07 18:13 -------- d-----w- c:\progra~2\Azureus
2009-04-26 15:08 . 2009-03-21 17:41 541696 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49 . 2008-12-10 05:00 350 ----a-w- c:\users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-23 23:49 . 2008-12-10 05:00 350 ----a-w- c:\users\WILLIA~1\AppData\Roaming\wklnhst.dat
2009-04-22 21:52 . 2009-04-22 21:52 -------- d-----w- c:\program files\uTorrent
2009-04-11 03:39 . 2009-04-11 03:35 -------- d-----w- c:\program files\Vuze
2009-04-02 03:56 . 2009-03-21 17:41 79872 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57 . 2009-04-01 16:57 249592 ----a-w- c:\windows\system32\cssdll32.dll
2009-03-21 17:41 . 2009-03-21 17:41 349184 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38 . 2009-04-17 00:42 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:42 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 18:51 . 2009-03-09 18:51 10134 ----a-r- c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-03-09 09:19 . 2008-12-06 16:07 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-09-04 18:15 . 2008-09-04 18:15 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592]
"tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]
c:\users\WILLIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [5/27/2009 12:25 PM 28704]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [5/27/2009 12:25 PM 130080]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 23:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe?????E??h????`??????????????????????????type????????????????????????????????????P?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-06-07 23:17
ComboFix-quarantined-files.txt 2009-06-07 03:17
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 224,851,353,600 bytes free
236 --- E O F --- 2009-06-06 04:38
-
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
cmdHlp
cmdGuard
File::
c:\windows\System32\drivers\cmdhlp.sys
c:\windows\System32\drivers\cmdguard.sys
Folder::
c:\users\William Michels\AppData\Local\COMODO
c:\users\WILLIA~1\AppData\Local\COMODO
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Now look in C:\Program Files for the Comodo folder and delete the entire folder.
Next go to this post (https://forums.comodo.com/install_setup_configuration_help/cleanup_tool_for_comodo_internet_security-t36499.0.html) and follow the instructions for running the removal tool to get rid of the rest of Comodo.
----------
Download Registry Search by Bobbi Flekman (http://www.bleepingcomputer.com/files/regsearch.php)
(see the link titled RegSearch Download Link)
- Extract the files from Regsearch.zip into a folder.
- Doubleclick regsearch.exe to start the program.
- Enter comodo in the top area of the form and then click "OK".
- Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
- Add the contents of the Notepad file to your next reply.
-
I have got to the part where I go to the post for running the removal tool for Comodo and I clicked on the link for non registered user and found the zip file, BUT it will not let me download it. I don't get the hand indicating there is anything there to download. What am I doing wrong?
-
Here ya go.
[attachment deleted by admin]
-
I still can't delete the Comodo file from Program Files
ComboFix 09-06-05.09 - William Michels 06/07/2009 12:03.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00]
Running from: c:\users\William Michels\Desktop\ComboFix.exe
Command switches used :: c:\users\William Michels\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\System32\drivers\cmdguard.sys"
"c:\windows\System32\drivers\cmdhlp.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\WILLIA~1\AppData\Local\COMODO
c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx0.tmp
c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx1.tmp
c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx0.tmp
c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx1.tmp
c:\windows\System32\drivers\cmdguard.sys
c:\windows\System32\drivers\cmdhlp.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDGUARD
-------\Legacy_CMDHLP
-------\Service_cmdGuard
-------\Service_cmdHlp
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 16:10 . 2009-06-07 16:10 -------- d-sh--w- \$RECYCLE.BIN
2009-06-07 16:10 . 2009-06-07 16:10 2011750400 --sha-w- \hiberfil.sys
2009-06-07 16:09 . 2009-06-07 16:10 -------- d-----w- c:\users\William Michels\AppData\Local\temp
2009-06-07 16:09 . 2009-06-07 16:09 -------- d-----w- C:\temp
2009-06-07 16:09 . 2009-06-07 16:09 -------- d-----w- \temp
2009-06-07 16:01 . 2009-06-07 16:10 -------- d-s---w- \ComboFix
2009-06-06 20:27 . 2009-06-07 16:03 -------- d---a-w- \Qoobox
2009-06-06 17:16 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 15:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-06 15:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-06 15:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-06 15:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-06 15:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-06 15:40 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42 . 2009-06-07 15:35 117760 ----a-w- c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15 . 2009-06-06 02:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 02:09 . 2009-06-06 02:13 -------- d-----w- c:\program files\CCleaner
2009-06-05 22:50 . 2009-06-06 18:57 -------- d-----w- c:\windows\BDOSCAN8
2009-06-04 21:36 . 2009-06-06 15:30 680 ----a-w- c:\users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-06 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-04 17:35 . 2009-06-04 17:35 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-06 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-04 17:31 . 2009-06-04 17:31 -------- d-----w- c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33 . 2009-06-03 01:33 -------- d-----w- c:\program files\Alwil Software
2009-05-31 23:31 . 2009-06-01 00:33 -------- d-----w- c:\program files\SpywareBlaster
2009-05-28 21:20 . 2009-05-30 23:58 -------- d-----w- c:\users\William Michels\AppData\Roaming\System Tweaker
2009-05-27 19:29 . 2009-06-06 04:53 -------- d-----w- c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07 . 2009-06-07 15:54 408464 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-05-27 16:25 . 2009-05-27 19:28 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-24 23:26 . 2009-06-06 04:52 -------- d-----w- c:\program files\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26 -------- d-----w- c:\users\William Michels\AppData\Roaming\tinySpell
2009-05-10 22:04 . 2009-05-10 22:04 10769104 ----a-w- c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 16:10 . 2008-02-15 22:37 2325553152 --sha-w- \pagefile.sys
2009-06-06 15:27 . 2008-08-15 02:27 -------- d-----w- c:\program files\Uniblue
2009-06-06 04:53 . 2009-04-22 21:51 -------- d-----w- c:\users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:52 . 2008-11-20 19:31 -------- d-----w- c:\program files\searchandwintoolbar
2009-06-06 04:52 . 2008-09-04 23:41 -------- d-----w- c:\program files\LimeWire
2009-06-06 04:52 . 2008-02-02 02:58 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-06-06 04:52 . 2008-02-02 02:47 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-06-06 04:52 . 2008-02-02 02:47 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-06 04:52 . 2009-05-07 22:21 -------- d-----w- c:\program files\TouchStoneSoftware
2009-06-02 03:10 . 2008-08-23 19:49 -------- d-----w- c:\program files\Coupons
2009-05-31 19:53 . 2008-09-05 23:38 20 ---h--w- c:\progra~2\PKP_DLec.DAT
2009-05-31 19:53 . 2008-09-05 23:28 20 ---h--w- c:\progra~2\PKP_DLds.DAT
2009-05-30 20:40 . 2008-08-14 01:53 -------- d-----w- c:\program files\google
2009-05-30 19:55 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\progra~2\comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\program files\COMODO
2009-05-29 21:48 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(61)
2009-05-29 00:05 . 2008-09-04 23:41 -------- d-----w- c:\users\William Michels\AppData\Roaming\LimeWire
2009-05-28 21:17 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(62)
2009-05-28 20:31 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(54)
2009-05-17 15:26 . 2009-04-01 16:51 68640 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-14 14:45 . 2008-02-02 02:54 -------- d-----w- c:\progra~2\Microsoft Help
2009-05-14 14:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 23:18 . 2008-08-23 18:41 -------- d-----w- c:\users\William Michels\AppData\Roaming\GoodSync
2009-05-07 22:46 . 2009-04-11 03:35 -------- d-----w- c:\users\William Michels\AppData\Roaming\Azureus
2009-05-07 18:13 . 2009-05-07 18:13 -------- d-----w- c:\progra~2\Azureus
2009-04-26 15:08 . 2009-03-21 17:41 541696 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49 . 2008-12-10 05:00 350 ----a-w- c:\users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-22 21:52 . 2009-04-22 21:52 -------- d-----w- c:\program files\uTorrent
2009-04-11 03:39 . 2009-04-11 03:35 -------- d-----w- c:\program files\Vuze
2009-04-02 03:56 . 2009-03-21 17:41 79872 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57 . 2009-04-01 16:57 249592 ----a-w- c:\windows\system32\cssdll32.dll
2009-03-21 17:41 . 2009-03-21 17:41 349184 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38 . 2009-04-17 00:42 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:42 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 18:51 . 2009-03-09 18:51 10134 ----a-r- c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2008-09-04 18:15 . 2008-09-04 18:15 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592]
"tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 12:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Webshots\Webshots.scr
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-07 12:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-07 16:14
ComboFix2.txt 2009-06-07 03:17
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 222,641,451,008 bytes free
246 --- E O F --- 2009-06-06 04:38
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 6/7/2009 1:45:29 PM for strings:
; 'comodo'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu]
@="Comodo Antivirus Context Menu Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1]
@="Comodo Antivirus Context Menu Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}]
@="Comodo AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32]
@="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]
@="Comodo Antivirus Shell Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]
@="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup]
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security]
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog]
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security"
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security"
; End Of The Log...
-
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
File::
C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe
Folder::
C:\Program Files\COMODO
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus"
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"=-
[-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup]
[-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security]
[-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Go to Start > Run and type Notepad.exe then click OK.
Copy and paste the following text within the code box into the new Notepad file.
@ECHO OFF
net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.
Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.
----------
Also let me know how the computer is running now.
-
Computer is running much faster, but still have a couple more issues. I haven't mentioned it but everytime I have to reboot or shut down I get a message, "Configuring updates" It will stay there for hours if I let it but I have been doing a hard shut down. I have went to Windows update and there are some updates that are trying to download, when I hit Install, the screen freezes and have to go to task manager to shut down Windows update screen. They won't install and I can't make them go away.
Also there is a program that I deleted about the time all these problems started that keeps trying to initialize but the program is not there anymore. It trys to start on every startup. As of now this is all I can find wrong. Program is called "tiny spell"
Here is the Combofix from the last run:
ComboFix 09-06-05.09 - William Michels 06/07/2009 14:54:52.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1486 [GMT -4:00]
Running from: C:\Users\William Michels\Desktop\ComboFix.exe
Command switches used :: C:\Users\William Michels\Desktop\CFScript7.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\COMODO
C:\Program Files\COMODO\COMODO Internet Security\cavscan.dll
C:\Program Files\COMODO\COMODO Internet Security\cavscan.exe
C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll
C:\Program Files\COMODO\COMODO Internet Security\cfp.chinese.chm
C:\Program Files\COMODO\COMODO Internet Security\cfp.chm
C:\Program Files\COMODO\COMODO Internet Security\cfp.dll
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.russian.chm
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.dll
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.dll
C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.dll
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpver.dat
C:\Program Files\COMODO\COMODO Internet Security\cisinfo.ini
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Antivirus Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Firewall Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Internet Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Proactive Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\crashrep.exe
C:\Program Files\COMODO\COMODO Internet Security\database\pending.hse
C:\Program Files\COMODO\COMODO Internet Security\database\pending.nme
C:\Program Files\COMODO\COMODO Internet Security\database\safe.hse
C:\Program Files\COMODO\COMODO Internet Security\database\safe.nme
C:\Program Files\COMODO\COMODO Internet Security\database\vendor.nme
C:\Program Files\COMODO\COMODO Internet Security\EULA.txt
C:\Program Files\COMODO\COMODO Internet Security\framework.dll
C:\Program Files\COMODO\COMODO Internet Security\incompatsw.ini
C:\Program Files\COMODO\COMODO Internet Security\inspect.cat
C:\Program Files\COMODO\COMODO Internet Security\inspect.inf
C:\Program Files\COMODO\COMODO Internet Security\inspect.sys
C:\Program Files\COMODO\COMODO Internet Security\LPSSetup.exe
C:\Program Files\COMODO\COMODO Internet Security\registration.txt
C:\Program Files\COMODO\COMODO Internet Security\s1.tmp
C:\Program Files\COMODO\COMODO Internet Security\s2.tmp
C:\Program Files\COMODO\COMODO Internet Security\scanners\bases.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\first.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll
C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll
C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav
C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme
C:\Program Files\COMODO\COMODO Internet Security\tlicense.txt
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.swedish.lang
.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 19:02:41 . 2009-06-07 19:02:41 0 d-sh--w- \$RECYCLE.BIN
2009-06-07 19:01:57 . 2009-06-07 19:01:57 2009694208 --sha-w- \hiberfil.sys
2009-06-07 19:00:38 . 2009-06-07 19:02:47 0 d-----w- C:\Users\William Michels\AppData\Local\temp
2009-06-07 19:00:38 . 2009-06-07 19:00:38 0 d-----w- C:\temp
2009-06-07 19:00:38 . 2009-06-07 19:00:38 0 d-----w- \temp
2009-06-07 18:53:09 . 2009-06-07 19:02:48 0 d-s---w- \ComboFix
2009-06-07 16:28:25 . 2009-06-07 16:28:25 0 d-----w- C:\Users\William Michels\AppData\Local\COMODO
2009-06-06 20:27:25 . 2009-06-07 18:54:33 0 d---a-w- \Qoobox
2009-06-06 17:16:29 . 2009-05-26 17:20:08 40160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16:28 . 2009-05-26 17:19:56 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-06-06 15:40:39 . 2009-02-05 20:07:23 114768 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2009-06-06 15:40:39 . 2009-02-05 20:07:12 20560 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40:39 . 2009-02-05 20:06:20 51376 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2009-06-06 15:40:39 . 2009-02-05 20:06:10 23152 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2009-06-06 15:40:39 . 2009-02-05 20:04:45 97480 ----a-w- C:\Windows\system32\AvastSS.scr
2009-06-06 15:40:30 . 2009-02-05 20:11:35 1256296 ----a-w- C:\Windows\system32\aswBoot.exe
2009-06-06 15:40:30 . 2009-02-05 20:06:59 51792 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42:32 . 2009-06-07 16:42:01 117760 ----a-w- C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15:51 . 2009-06-06 02:15:51 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-06 02:09:11 . 2009-06-06 02:13:12 0 d-----w- C:\Program Files\CCleaner
2009-06-05 22:50:18 . 2009-06-06 18:57:44 0 d-----w- C:\Windows\BDOSCAN8
2009-06-04 21:36:13 . 2009-06-06 15:30:58 680 ----a-w- C:\Users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:32:08 . 2009-06-04 21:32:08 0 d-----w- C:\Users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32:03 . 2009-06-06 17:18:32 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-04 21:32:03 . 2009-06-04 21:32:03 0 d-----w- C:\PROGRA~2\Malwarebytes
2009-06-04 17:35:40 . 2009-06-04 17:35:40 0 d-----w- C:\PROGRA~2\SUPERAntiSpyware.com
2009-06-04 17:31:43 . 2009-06-06 02:36:37 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-06-04 17:31:43 . 2009-06-04 17:31:43 0 d-----w- C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33:08 . 2009-06-03 01:33:08 0 d-----w- C:\Program Files\Alwil Software
2009-05-31 23:31:04 . 2009-06-01 00:33:50 0 d-----w- C:\Program Files\SpywareBlaster
2009-05-28 21:20:35 . 2009-05-30 23:58:08 0 d-----w- C:\Users\William Michels\AppData\Roaming\System Tweaker
2009-05-27 19:29:15 . 2009-06-06 04:53:30 0 d-----w- C:\Users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07:57 . 2009-06-07 15:54:17 408464 ----a-w- C:\Windows\system32\drivers\sfi.dat
2009-05-27 16:25:05 . 2009-05-27 19:28:34 168208 ----a-w- C:\Windows\system32\guard32.dll
2009-05-24 23:26:22 . 2009-06-06 04:52:27 0 d-----w- C:\Program Files\tinySpell
2009-05-24 23:26:22 . 2009-05-24 23:26:49 0 d-----w- C:\Users\William Michels\AppData\Roaming\tinySpell
2009-05-10 22:04:53 . 2009-05-10 22:04:53 10769104 ----a-w- C:\Users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 19:01:55 . 2008-02-15 22:37:35 2325553152 --sha-w- \pagefile.sys
2009-06-06 15:27:19 . 2008-08-15 02:27:49 0 d-----w- C:\Program Files\Uniblue
2009-06-06 04:53:27 . 2009-04-22 21:51:52 0 d-----w- C:\Users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:52:27 . 2008-11-20 19:31:49 0 d-----w- C:\Program Files\searchandwintoolbar
2009-06-06 04:52:26 . 2008-09-04 23:41:30 0 d-----w- C:\Program Files\LimeWire
2009-06-06 04:52:26 . 2008-02-02 02:58:22 0 d-----w- C:\Program Files\PC-Doctor 5 for Windows
2009-06-06 04:52:18 . 2008-02-02 02:47:26 0 d---a-w- C:\Program Files\Common Files\LightScribe
2009-06-06 04:52:18 . 2008-02-02 02:47:18 0 d-----w- C:\Program Files\Common Files\SureThing Shared
2009-06-06 04:52:08 . 2009-05-07 22:21:48 0 d-----w- C:\Program Files\TouchStoneSoftware
2009-06-02 03:10:55 . 2008-08-23 19:49:04 0 d-----w- C:\Program Files\Coupons
2009-05-31 19:53:05 . 2008-09-05 23:38:36 20 ---h--w- C:\PROGRA~2\PKP_DLec.DAT
2009-05-31 19:53:05 . 2008-09-05 23:28:43 20 ---h--w- C:\PROGRA~2\PKP_DLds.DAT
2009-05-30 20:40:50 . 2008-08-14 01:53:27 0 d-----w- C:\Program Files\google
2009-05-30 19:55:43 . 2008-08-31 16:58:33 0 d-----w- C:\PROGRA~2\Avg8
2009-05-29 23:42:41 . 2009-04-01 16:51:52 0 d-----w- C:\Users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42:41 . 2009-04-01 16:51:49 0 d-----w- C:\PROGRA~2\comodo
2009-05-29 21:48:33 . 2008-08-31 16:58:33 0 d-----w- C:\PROGRA~2\Avg8(61)
2009-05-29 00:05:41 . 2008-09-04 23:41:44 0 d-----w- C:\Users\William Michels\AppData\Roaming\LimeWire
2009-05-28 21:17:45 . 2008-08-31 16:58:33 0 d-----w- C:\PROGRA~2\Avg8(62)
2009-05-28 20:31:18 . 2008-08-31 16:58:33 0 d-----w- C:\PROGRA~2\Avg8(54)
2009-05-17 15:26:21 . 2009-04-01 16:51:49 68640 ----a-w- C:\Windows\system32\drivers\inspect.sys
2009-05-14 14:45:51 . 2008-02-02 02:54:31 0 d-----w- C:\PROGRA~2\Microsoft Help
2009-05-14 14:41:57 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-05-09 23:18:25 . 2008-08-23 18:41:26 0 d-----w- C:\Users\William Michels\AppData\Roaming\GoodSync
2009-05-07 22:46:37 . 2009-04-11 03:35:45 0 d-----w- C:\Users\William Michels\AppData\Roaming\Azureus
2009-05-07 18:13:57 . 2009-05-07 18:13:57 0 d-----w- C:\PROGRA~2\Azureus
2009-04-26 15:08:55 . 2009-03-21 17:41:14 541696 ----a-w- C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49:40 . 2008-12-10 05:00:34 350 ----a-w- C:\Users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-22 21:52:31 . 2009-04-22 21:52:31 0 d-----w- C:\Program Files\uTorrent
2009-04-11 03:39:41 . 2009-04-11 03:35:09 0 d-----w- C:\Program Files\Vuze
2009-04-02 03:56:11 . 2009-03-21 17:41:14 79872 ----a-w- C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57:56 . 2009-04-01 16:57:56 249592 ----a-w- C:\Windows\system32\cssdll32.dll
2009-03-21 17:41:15 . 2009-03-21 17:41:15 349184 ----a-w- C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38:46 . 2009-04-17 00:42:27 13824 ----a-w- C:\Windows\system32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-17 00:42:27 24064 ----a-w- C:\Windows\system32\amxread.dll
2008-09-04 18:15:54 . 2008-09-04 18:15:54 22 --sha-w- C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-07_16.10.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-02 03:17:43 . 2009-06-07 16:43:15 47880 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2009-06-07 16:43:16 71032 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-13 21:13:17 . 2009-06-07 15:36:16 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-13 21:13:17 . 2009-06-07 16:42:52 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-13 21:13:17 . 2009-06-07 15:36:16 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-13 21:13:17 . 2009-06-07 16:42:52 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-13 21:13:17 . 2009-06-07 15:36:16 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-13 21:13:17 . 2009-06-07 16:42:52 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-13 23:01:39 . 2009-06-07 16:43:16 9870 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4280910030-2114780719-3168784256-1000_UserData.bin
- 2006-11-02 10:33:01 . 2009-06-07 15:42:24 595446 C:\Windows\System32\perfh009.dat
+ 2006-11-02 10:33:01 . 2009-06-07 16:48:58 595446 C:\Windows\System32\perfh009.dat
- 2006-11-02 10:33:01 . 2009-06-07 15:42:24 101144 C:\Windows\System32\perfc009.dat
+ 2006-11-02 10:33:01 . 2009-06-07 16:48:58 101144 C:\Windows\System32\perfc009.dat
- 2006-11-02 10:22:39 . 2009-06-07 15:38:02 6553600 C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22:39 . 2009-06-07 16:44:42 6553600 C:\Windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 12:35:14 801904]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 05:15:24 39408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]
"SansaDispatch"="C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 03:56:11 79872]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 11:56:35 160592]
"tinySpell"="C:\Program Files\tinySpell\tinyspell.exe" [2008-03-26 18:09:38 200704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 14:05:52 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 02:49:00 13539872]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 02:49:00 92704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 11:00:48 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 09:19:17 148888]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000]
"RtHDVCpl"="RtHDVCpl.exe" - C:\WINDOWS\RtHDVCpl.exe [2008-01-15 16:26:18 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 22:27:12 73728]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 19:09:52 44168]
C:\Users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-8-22 157000]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05:34 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}C:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}C:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [6/6/2009 11:40:39 AM 114768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05:54 AM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05:52 AM 72944]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [6/6/2009 11:40:39 AM 20560]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [6/6/2009 11:40:30 AM 51792]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05:56 AM 7408]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.
-
Try reinstalling tiny spell and then uninstall it through Add or Remove Programs (programs and features)
Shut down IE.
Open it up by right clicking the IE icon and choose 'Run as Administrator' and then try the Windows Updates.
Let me know...
-
I couldn't get tiny spell download to run from the web site, tried to save to desktop and had success doing that. But I couldn't get the install to start from the desktop icon. I shut down restarted in safe mode and installed program OK from safe mode. Rebooted, tried to uninstall from programs and features, nothing happens. Same as original problem, can't install or uninstall. I tried to uninstall another program and get message,"Please wait until current program is finished uninstalling". Like it's hung up at that point.
Same with the windows update, can't do anything with that screen. I tried to change how windows installs updates from the from change settings option, nothing happens. Have to go to task manager to shut down that screen. There is an icon on the window task bar that says "Windows is downloading updates 11% complete"
That has been there since we started working on this problem. Like it's stuck also.
What next?
-
Did you start IE in Administrator mode?
Download Revo Uninstaller (http://www.revouninstaller.com/revo_uninstaller_free_download.html)
Open Revo by using the 'Run as Administrator' option.
- Go in to Revo, right click what you want to uninstall and choose Uninstall, Tiny Spell.
- Next choose Advanced Mode
- This will launch the programs built in uninstaller and go through the normal uninstall process.
- Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
- This scan can take several seconds.
- Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
- Choose Select All then click Delete
- Click Next and Revo will scan for any files or folders that were not removed.
- If any files/folders are found choose Select all > Delete
-
I take it when you say IE you mean Internet Explorer right? I started it with run as administrator.
I downloaded Revo and ran it, tiny spell is gone.
The windows update is still stuck. Do you have any suggestions.
Thanks for your patients.
-
Try this.
You may want to print this out for reference or copy it into a Notepad file then save it to your Desktop. Internet Explorer needs to be closed.
1. Close all instances of Internet Explorer.
2. Click Start then type REGSVR32 ATL.DLL in the search box and press Enter on the keyboard.
Note: There is a space between REGSVR32 and ATL.DLL
3. Do the same with each of the below. (one at a time, note the space after REGSERV32)
- REGSVR32 MSXML3.DLL
- REGSVR32 WUAPI.DLL
- REGSVR32 WUAUENG.DLL
- REGSVR32 WUAUENG1.DLL
- REGSVR32 WUPS2.DLL
- REGSVR32 WUCLTUI.DLL
- REGSVR32 WUPS.DLL
- REGSVR32 WUWEB.DLL
- REGSVR32 QMGR.DLL
- REGSVR32 QMGRPRXY.DLL
- REGSVR32 JSCRIPT.DLL
.
Restart the computer when complete.
Try running Windows Updates again.
-
Just to be sure, did you mean to type REGSVR OR REGSERV as in line #3
3. Do the same with each of the below. (one at a time, note the space after REGSERV32)
-
It's all spelled correctly.
See her for other methods. http://support.microsoft.com/kb/883821
-
Nothing I try has worked. Updates still freezes.
-
OK lets put that on hold for now and make sure that it isn't malware blocking it. We might be getting ahead of ourselves.
If you already have Malwarebytes be sure to update it before running the scan!
Download Malwarebytes' Anti-Malware (MBAM) (http://www.malwarebytes.org/mbam-download.php)
Alternate MBAM download link (http://www.besttechie.net/tools/mbam-setup.exe)
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply.
.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Download Security Check from one of the following links and save it to your Desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.zip)
Link 2 (http://screen317.changelog.fr/SecurityCheck.zip)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.[/list]
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Malwarebytes' Anti-Malware 1.37
Database version: 2246
Windows 6.0.6001 Service Pack 1
6/7/2009 10:34:26 PM
mbam-log-2009-06-07 (22-34-26).txt
Scan type: Quick Scan
Objects scanned: 80439
Time elapsed: 3 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
=====================================
Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Disabled!
avast!Antivirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Alwil Software Avast4 ashDisp.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)
Scan took 15 seconds.
`````````End of Log```````````
-
OK that looks good. I think we got rid of Comodo finally.
Let's finish up here and then I hate to send you to another forum but I'm not sure what is blocking the updates and I'm not a Vista user so you will get better help in the Windows forum. http://www.computerhope.com/forum/index.php/board,1.0.html
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa (http://prm753.bchea.org/JavaRa.zip)
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Click Additional Tasks
- Place a check next to Remove Useless JRE Files and click Go
- Exit JavaRa
- Delete the JavaRa files from the Desktop
.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
----------
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Do the rest of this when you get a chance.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.