My quest for sanity and malware removal

[Max Maximus]

http://virusscan.jotti.org/en/scanresult/58ad236b9c0d8f929c454a29657096e92ce905d3/a0dc51d7c
37a4a99cb2dff00208f6d02a6487e3f

Sorry I took so long. I just had to get away from this for a while or there was going to be blood around here...

MM

[Max Maximus]

Log file from the results of a second CF scan as follows.

ComboFix 11-07-24.01 - HP_Administrator 07/24/2011  11:42:34.2.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1982.1677 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((   Files Created from 2011-06-24 to 2011-07-24  )))))))))))))))))))))))))))))))
.
.
2011-07-20 18:37 . 2011-07-20 18:59   --------   d-----w-   c:\program files\Uninstall Gold
2011-07-19 23:44 . 2011-07-19 23:44   --------   d-----w-   C:\_OTL
2011-07-18 22:38 . 2011-07-18 22:38   --------   d-----w-   c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-07-18 22:37 . 2011-07-06 23:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 22:37 . 2011-07-18 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-18 22:37 . 2011-07-18 22:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-18 22:37 . 2011-07-06 23:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-18 21:15 . 2011-07-18 21:15   --------   d-----w-   c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-07-18 21:15 . 2011-07-18 21:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-18 21:15 . 2011-07-18 21:15   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-07-18 20:42 . 2011-07-18 20:42   --------   d-----w-   c:\program files\CCleaner
2011-07-18 17:40 . 2011-07-18 17:40   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-07-15 21:00 . 2011-07-15 21:00   --------   d-----w-   c:\program files\Microsoft Games
2011-07-15 20:55 . 2011-07-15 20:55   --------   d-----w-   C:\Softpaq
2011-07-01 20:36 . 2011-07-01 20:36   258536   ----a-w-   c:\windows\system32\AdventureTime_SS_win.scr
2011-07-01 20:36 . 2011-07-15 20:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Screentime
2011-07-01 20:36 . 2011-07-01 20:36   --------   d-----w-   c:\documents and settings\HP_Administrator\Local Settings\Application Data\Screentime
2011-06-30 02:11 . 2011-06-30 02:11   --------   d-----w-   c:\documents and settings\HP_Administrator\Application Data\Tific
2011-06-30 02:11 . 2011-06-30 02:11   --------   d-----w-   c:\documents and settings\HP_Administrator\Local Settings\Application Data\Symantec
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-06-30 01:46 . 2011-06-30 02:25   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-06-29 05:14 . 2011-07-13 17:58   --------   d--h--w-   c:\windows\$hf_mig$
2011-06-25 15:06 . 2011-06-25 15:06   --------   d-----w-   c:\program files\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 23:04 . 2003-03-19 11:14   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2011-05-29 23:04 . 2003-02-21 19:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-05-02 15:31 . 2004-08-10 12:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 12:00   151552   ----a-w-   c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-10 12:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-10 12:00   293376   ----a-w-   c:\windows\system32\winsrv(2).dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-07-20_02.38.56   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-02 16:09 . 2008-04-14 00:12   24064              c:\windows\system32\evntcmd.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-12-14 16:06   3424488   ----a-w-   c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-12-14 16:06   3424488   ----a-w-   c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-12-14 16:06   3424488   ----a-w-   c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RECGUARD"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-23 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Online Services\\MSN90\\LaunchMsn.exe"=
"c:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58702:TCP"= 58702:TCP:Pando Media Booster
"58702:UDP"= 58702:UDP:Pando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:15 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:15 PM 173104]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/5/2011 3:14 PM 810616]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:15 PM 501888]
S1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [3/20/2010 1:20 PM 54776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/12/2011 5:55 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:15 PM 116784]
S2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 9:02 AM 45896]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 6:15 PM 126392]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;"c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe" --> c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/15/2011 6:32 PM 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110716.031\IDSXpx86.sys [7/20/2011 12:10 PM 355256]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [12/23/2005 6:25 PM 468768]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\User_Feed_Synchronization-{8608F082-A3FB-40A2-906A-F2ABDC7FCE9F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#290095
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.77.134 68.87.72.134
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 11:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(692)
c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
c:\program files\SecureBackupShare\LIBEAY32.dll
.
Completion time: 2011-07-24  12:12:10 - machine was rebooted
ComboFix-quarantined-files.txt  2011-07-24 16:11
ComboFix2.txt  2011-07-20 02:51
.
Pre-Run: 171,799,588,864 bytes free
Post-Run: 171,807,383,552 bytes free
.
- - End Of File - - 13DD8DFBE44BCCA8E185C505D17B42D1

[Max Maximus]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Max Maximus]

Good morning Dave. I ran the ESET scan all night and this morning I have nothing to report. It scanned 118621 files and found 0 infected and cleaned 0 having ran for 09:39:12 so there was no list to export.

My image name "system" and user name "system" is still running at 99% and I am still running in safe mode w/networking.

Thanks again for your help.

MM

[SuperDave]

Ok. Please try this.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

[Max Maximus]

Ok, I got that and the txt file is as follows;

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0      0 K   16 K         
System   4   100.00   0 K   212 K         
 Interrupts   n/a   < 0.01   0 K   0 K   Hardware Interrupts and DPCs      
 smss.exe   592      176 K   420 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
  csrss.exe   648      1,648 K   3,712 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
  winlogon.exe   672      5,084 K   2,732 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
   services.exe   716      1,696 K   3,516 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
    svchost.exe   884      2,996 K   4,916 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
     wmiprvse.exe   584      2,376 K   4,908 K   WMI   Microsoft Corporation   C:\WINDOWS\system32\wbem\wmiprvse.exe
    svchost.exe   952      1,716 K   4,260 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k rpcss
    svchost.exe   1084      9,732 K   17,148 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe   1164      1,276 K   3,584 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe   1224      1,172 K   3,232 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
   lsass.exe   728      2,272 K   908 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
   explorer.exe   692      47,344 K   60,184 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\explorer.exe
    iexplore.exe   1332      26,344 K   1,716 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\internet explorer\iexplore.exe"
    procexp.exe   524      8,468 K   14,388 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Documents and Settings\HP_Administrator\Desktop\ProcessExplorer\procexp.exe"
   taskmgr.exe   2000      1,424 K   1,748 K   Windows TaskManager   Microsoft Corporation   taskmgr.exe
ctfmon.exe   324      912 K   3,552 K   CTF Loader   Microsoft Corporation   ctfmon.exe

  I also tried to create a mini dump file for the "system" item but got an error message that there was not enough memory to complete the operation.

[Max Maximus]

That's pretty jumbled up and I now see you said attach, so if you prefer, here is an attachment.

[regaining space - attachment deleted by admin]

[Max Maximus]

Dave, that process explorer is pretty cool (like performance monitor in win 7) so I was looking around and I opened the properties of the system, and there are 3 things hogging the cpu and they are the usb's. And also btw, they don't work either! I tried to print some of your instructions here but it wouldn't work but I just figured it was because I was in safe mode or something and didn't think much about it. But now I tried to stick a flash drive in and I get nothing. So, as Ackroyd said to Tommy Boy, "you've pinpointed the smell kid now the key is washing it off"

[SuperDave]

Can you get into Device Manager and see if there are any yellow warnings there? Right-click My Computer, select Properties, select Hardware and open Device Manager.

[Max Maximus]

Thanks again Dave, and in fact I do have 2. They are located in the Non Plug and Play Drivers section and one is the catchme and general tab says the device is not present or does not have all its drivers installed. (code 24) On the driver tab it lists the service and display names as "catchme" and says that the device's status is started, and that the startup type is "demand".

The second one is SYMTDI and it's mfg is unknown and it also says that the device is not present, is not working properly or does not have all its drivers installed. The device usage says :use this device (enable) In the driver tab, the service name is SYMTDI and the display name is Symantec Network Dispatch Driver and the status is stopped. The startup type is :system".

What say ye I should do now my good  wizard? I have a feeling we're getting really close to solving this!

MM

[SuperDave]

I can help you very much in that dept. We can do some cleanup and you should start a new thread in the appropriate forum to get help with those error warnings.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*************************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[Max Maximus]

Thanks again SuperDave. Unfortunately I cannot inspect the system software because in my early attempts to find out what was causing this, I deleted Java and now I cannot get it to re-install. It keeps telling me that the system administrator has set policies that prevent the installation. I am the administrator and am logged on as such, but this was a used PC and I believe someone else before me had an Administrator account and some of those old policies are likely still in effect somehow. I have been tot he security menu's and have gone throught the policies, and it gives me various warnings like the policies are not set and no policy profile exists. I have also adjusted some settings in an attempt to get Java to load, but it continues to fail.

How critical is this last step. Everything else is done. I am heading over to another topic to see if I can get the other problem fixed up so I will still be here. Thanks again for all your help. I relly do appreciate it.

MM

[SuperDave]

How critical is this last step. Everything else is done.

It's not critical. Some people don't use Java at all.
I will lock this thread. If you need it re-opened, please send me a pm.