IE7 will not connect to Windows Update

[ejeanruport]

I have Verizon Wireless Internet using a USB Modem, using "VZAccess Manager" as the connection program.

I have a HP Pavillion dv8000 Laptop running Windows XP Pro, x86  Service Pack 3, I am using Internet Explorer 7 as a web browser.

April 14, 2010, AVG found a "PUP Adware Generic2.ABZP", also found evidence of the same virus on the 21st of April in different places. On April 25, 2010 AVG found "Trojan Horse Dropper Generic2.CKX". All were fixed and placed in AVG Virus Vault.

I use AVG anti-virus, Ad-Aware and have used SpyBot S&D, and Malwarebytes to check for viruses. I have disabled Restore to eliminate saving and re-infecting the computer.

These are the Log files I created using Virus & Spy Removal Guide:

I uninstalled SpyBot S&D and TeaTimer-

I am running AVG Anti Virus and Ad-Aware- I disabled Ad-Aware

I am using Online Armor as a Firewall-

I found nothing unusual in the Control Panel, I recognized most everything as having been there since I started.

I ran CCleaner but AVG shows it has tracking cookie Overture attached to it.

I do not have SUPERAntiSpyWare and could not download it from the Internet-

This is the log from mbam-
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4043

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/27/2010 6:00:27 PM
mbam-log-2010-04-27 (18-00-27).txt

Scan type: Quick scan
Objects scanned: 112349
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

My Java Version 6 Update 20

HiJack This Log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:52 PM, on 4/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" "C:\All Jeans Files\Saved email from Outlook Express\Inbox.dbx"
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C479BC32-6C3E-46DA-A943-A40BBC69B386}: NameServer = 75.116.63.154 75.116.127.154
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7672 bytes

Thank You,    Jean

[email protected]

[ejeanruport]

These are 2 posts that I put in the wrong forum hopefully someone sees them soon as this is multiplying.  Thanks Jean

Topic Starter
Rookie

Posts: 17

Thanked: 0
OS: Unknown
Experience: Familiar


   Re: IE7 will not display Windows Update
« Reply #15 on: Today at 05:35:57 AM »   

--------------------------------------------------------------------------------
While checking Online Armors list of "allowed" Programs, I came across "Speedy PC". It was not something I recognized as having installed on my laptop so checked for more info from Online Armor. This is the information they showed:

About Au_.exe
Size 375,487 byte(s)
Status  Unknown 
Vendor SpeedyPC Software  (Unknown)
Product SpeedyPC 
Sighting 14-Apr-10  26-Apr-10
Actions Allowed by 33% user(s)


Au_.exe Description:
SpeedyPC Installer


Also known as:
uninst.exe


What does Au_.exe do?
Cache
Installer - Installs software on your computer.
Process - a process that runs on your computer
ProcessStart
ProcessSuspend
RemoteDataModification
StartWithParams


Au_.exe Version info
Au_.exe describes itself as follows. Note that this information can easy be faked

Product Name SpeedyPC
Product Version 3.0.1.0
File Version 3.0.1.0
Copyright Copyright © 2010 SpeedyPC Software
Description SpeedyPC Installer


OA Version(s):
4.0.0.35
4.0.0.44


Locations:
Au_.exe is found in location(s)

%ProfilesDirectory%\%UserName%\AppData\Local\Temp\~nsu.tmp\
%ProgramFiles%\SpeedyPC\

 


Countries
Au_.exe has been sighted in the following countries

Italy 14-Apr-10  14-Apr-10 
United Kingdom 20-Apr-10  20-Apr-10 
United States 20-Apr-10  26-Apr-10 

I find it ironic that the first sightings correspond to the first date AVG found a virus in my computer.
Tracked it down and it is located at "C\Documents and Settings\E. Jean Ruport\Local Settings\Temp\~nsu.tmp\Bu .exe"

The first time I checked with Online Armor, I am sure the exe was "Au .exe."

  Also, The infection on April 24 that AVG found was "Trojan HorseDropper.Generic2.CKX" in "C:\Documents and settings\E. Jean Ruport\Desktop\a  .exe"

I find this SUSPICIOUS!

It is not listed in my Program Files....

I checked it with AVG and MBAM but it showed clean in both.

As I am not able to get to Anti Virus sites on Internet Explorer could you please investigate this for me.
As for me I am going to Isolate this program as much as possible until I hear from you.

Thank you so Much for all your help and time.

 
 
 Report abuse | 75.253.228.77 
 
 
 
ejeanruport
Topic Starter
Rookie

Posts: 17

Thanked: 0
OS: Unknown
Experience: Familiar


   Re: IE7 will not display Windows Update
« Reply #16 on: Today at 06:29:33 AM »   

--------------------------------------------------------------------------------
7:30 AM Tried to get AVG updated and updates failed so I Just Checked Online Armor again and it now has "Cu .exe" so this file is multiplying. The program is called Speedy PC. I  have blocked them through Online Armor. Don't know what else to do. 
 
 
 

[SuperDave]

Hello and welcome to

Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C479BC32-6C3E-46DA-A943-A40BBC69B386}: NameServer = 75.116.63.154 75.116.127.154
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
====================================
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[ejeanruport]

thank you SuperDave for your offer to help. I have downloaded MessengerDisable.exe. It opened as soon as I unzipped it. I choose uninstall Windows Mwssenger and it checked a box to do the same for Outlook Express (uninstall from Outlook Express).. Program finished and said Windows Messenger had been uninstalled. I Exited the program but the only file I find on my desktop is the zip file. did I do it wrong? Jean

[ejeanruport]

thank you SuperDave for your offer to help. I have downloaded MessengerDisable.exe. It opened as soon as I unzipped it. I choose uninstall Windows Messenger and it checked a box to do the same for Outlook Express (uninstall from Outlook Express).. Program finished and said Windows Messenger had been uninstalled. I Exited the program but the only file I find on my desktop is the zip file. did I do it wrong? Jean

I also was able to download SUPERAntiSpyware (before I got your email) through CNET as SuperAntiSpyware was one of the programs I could not get before I sent the first set of Virus & spyware removal log files that included MBAM and Hijack This. I ran that program and consequently The HJT file is different than the first one I ran. I am so sorry.... I screwed up.
 Also I do keep my IE start page to BLANK as it suits the way I surf the net. That seems to be a worry for everyone including the Online Armor firewall.
Next question; Should I resubmit a new HJT log?  Jean

[SuperDave]

Jean, I would like you to please send me another HJT log and then download and run ComboFix.

[ejeanruport]

I have completed all the steps in your list including installing MS Windows Recovery Console. I ran HJT, did a system scan only, and clicked on R0, 017, 018, & 020. Then closed all windows except for HJT and clicked on Fix Checked.
I then downloaded Combo Fix and ran that. It needed the hp recovery CD which hp will not issue, so I did not have. It did create a log file and here it is:

ComboFix 10-05-01.04 - E. Jean Ruport 05/01/2010  20:26:09.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.285 [GMT -5:00]
Running from: C:\Documents and Settings\E. Jean Ruport\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WindowsUpdate
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


(((((((((((((((((((((((((   Files Created from 2010-04-02 to 2010-05-02  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 22:35:28 . 2010-05-01 22:35:28   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-01 22:34:20 . 2010-05-01 22:34:20   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\SUPERAntiSpyware.com
2010-05-01 10:11:52 . 2010-05-01 02:43:20   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-27 04:46:35 . 2010-04-27 03:55:46   241952   --sha-w-   C:\WINDOWS\system32\drivers\fidbox.dat
2010-04-27 04:46:34 . 2010-04-27 03:55:46   24608   --sha-w-   C:\WINDOWS\system32\drivers\fidbox2.dat
2010-04-27 03:55:48 . 2010-04-27 03:55:46   32   --sha-w-   C:\WINDOWS\system32\drivers\fidbox2.idx
2010-04-27 03:55:48 . 2010-04-27 03:55:46   32   --sha-w-   C:\WINDOWS\system32\drivers\fidbox.idx
2010-04-26 23:28:26 . 2010-04-26 20:29:55   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\OnlineArmor
2010-04-26 20:49:22 . 2010-04-26 20:29:55   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-04-26 14:05:59 . 2010-04-25 14:45:33   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\NOS
2010-04-26 11:53:49 . 2010-04-26 11:54:09   411368   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2010-04-25 19:20:17 . 2010-04-25 19:20:17   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\AVG9
2010-04-25 18:51:00 . 2010-04-25 18:41:22   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\Error Fix
2010-04-25 16:35:26 . 2010-04-25 16:35:26   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\Malwarebytes
2010-04-25 16:35:10 . 2010-04-25 16:35:10   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-20 21:05:07 . 2010-04-20 21:05:10   95024   ----a-w-   C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-04-20 21:03:55 . 2010-04-20 22:38:21   15880   ----a-w-   C:\WINDOWS\system32\lsdelete.exe
2010-04-20 20:37:30 . 2010-04-20 20:30:24   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-20 20:31:19 . 2010-04-20 20:31:15   --------   dc-h--w-   C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-20 19:24:01 . 2010-04-20 19:12:51   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Verizon Wireless
2010-04-20 19:16:02 . 2010-04-20 19:16:02   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\Verizon Wireless
2010-04-20 19:09:20 . 2010-04-20 19:09:20   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\InstallShield
2010-04-20 09:13:30 . 2010-04-26 20:29:30   24440   ----a-w-   C:\WINDOWS\system32\drivers\OAmon.sys
2010-04-20 09:13:14 . 2010-04-26 20:29:30   29560   ----a-w-   C:\WINDOWS\system32\drivers\OAnet.sys
2010-04-20 09:13:10 . 2010-04-26 20:29:30   228216   ----a-w-   C:\WINDOWS\system32\drivers\OADriver.sys
2010-04-14 23:53:08 . 2010-04-14 22:25:34   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-04-14 22:25:44 . 2010-04-14 22:25:42   12464   ----a-w-   C:\WINDOWS\system32\avgrsstx.dll
2010-04-14 22:25:42 . 2010-04-14 22:25:40   242696   ----a-w-   C:\WINDOWS\system32\drivers\avgtdix.sys
2010-04-14 22:25:39 . 2010-04-14 22:25:39   216200   ----a-w-   C:\WINDOWS\system32\drivers\avgldx86.sys
2010-04-14 22:25:38 . 2010-04-14 22:25:37   29512   ----a-w-   C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-04-14 22:17:32 . 2010-04-14 22:17:12   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\avg9
2010-04-14 18:32:08 . 2010-04-14 18:32:08   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\AdobeUM
2010-04-13 18:33:10 . 2006-04-14 04:53:24   69640   ----a-w-   C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 18:18:58 . 2006-04-14 04:41:00   109568   ------w-   C:\WINDOWS\system32\pxinsi64.exe
2010-04-13 18:18:58 . 2006-04-14 04:41:00   108544   ------w-   C:\WINDOWS\system32\pxcpyi64.exe
2010-04-13 18:02:38 . 2006-04-14 04:41:31   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Intuit
2010-04-13 17:34:02 . 2010-04-13 17:34:02   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\COMMON FILES
2010-04-13 16:44:46 . 2010-04-13 16:44:46   --------   d-----w-   C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2010-04-13 16:44:30 . 2010-04-13 16:44:30   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\Sierra Wireless
2010-04-13 15:44:56 . 2005-08-17 17:20:54   94363   ----a-w-   C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2010-04-13 14:09:24 . 2010-04-13 14:07:17   137   ----a-w-   C:\Documents and Settings\E. Jean Ruport\Local Settings\Application Data\fusioncache.dat
2010-04-13 13:15:03 . 2006-04-14 04:40:39   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\muvee Technologies
2010-04-13 13:15:03 . 2006-04-14 04:01:15   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Sonic
2010-04-13 13:15:03 . 2006-04-14 02:40:00   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SBSI
2010-04-13 13:14:58 . 2006-04-14 04:44:12   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\HP
2010-04-13 13:14:58 . 2006-04-14 04:44:11   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\CyberLink
2010-04-13 13:14:58 . 2006-04-14 04:24:56   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\InstallShield
2010-04-13 13:14:55 . 2010-04-13 14:07:15   --------   d-----w-   C:\Documents and Settings\E. Jean Ruport\Application Data\Intuit
2010-03-30 05:46:30 . 2010-04-26 16:00:31   38224   ----a-w-   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 . 2010-04-26 16:00:28   20824   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2010-02-04 15:53:02 . 2010-04-20 20:37:22   64288   ----a-w-   C:\WINDOWS\system32\drivers\Lbd.sys
2006-08-29 10:04:48 . 2010-04-13 13:46:03   22   --sha-w-   C:\WINDOWS\SMINST\HPCD.SYS
2008-04-14 10:41:58 . 2004-08-10 15:00:00   224214   --sha-r-   C:\WINDOWS\system32\mbnxtssb.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 14:14:02 188416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 22:25:44   12464   ----a-w-   C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42:18   15360   ----a-w-   C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56:34   64512   ----a-w-   C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23:50   1187840   ----a-w-   C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"C:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware\\ToolBox\\AutoStart Manager\\AutoStart Manager.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\Photoshop Elements 5.0.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1518:TCP"= 1518:TCP:*:Disabled:fjakhjoy
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [4/20/2010 3:37:22 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [4/14/2010 5:25:39 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [4/14/2010 5:25:40 PM 242696]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [4/26/2010 3:29:30 PM 228216]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [4/26/2010 3:29:30 PM 24440]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [4/26/2010 3:29:30 PM 29560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30:10 PM 61440]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [4/14/2010 5:19:07 PM 916760]
R2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [4/14/2010 5:19:02 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52:57 AM 1265264]
R2 OAcat;Online Armor Helper Service;C:\Program Files\Tall Emu\Online Armor\oacat.exe [4/26/2010 3:29:29 PM 1284600]
R2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [4/26/2010 3:29:29 PM 3364856]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\drivers\HSFHWATI.sys [8/22/2005 4:06:00 AM 231424]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\drivers\nwusbser2.sys [5/9/2008 11:08:40 AM 174336]
S2 gpvcprl;ygjezyo;C:\WINDOWS\system32\svchost.exe -k netsvcs [8/10/2004 10:00:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/14/2010 5:25:33 PM 369920]
S3 bcm;WiMAX Network Adapter;C:\WINDOWS\system32\drivers\drxvi314.sys [9/3/2009 1:06:24 PM 280576]
S3 bcmbusctr;WiMAX Bus Driver;C:\WINDOWS\system32\drivers\BcmBusCtr.sys [9/3/2009 1:06:24 PM 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;C:\WINDOWS\system32\drivers\cm_net.sys [4/13/2010 11:48:39 AM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\WINDOWS\system32\drivers\cm_ser.sys [4/13/2010 11:48:46 AM 103680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;C:\WINDOWS\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23:56 PM 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03:36 PM 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
gpvcprl
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" "C:\All Jeans Files\Saved email from Outlook Express\Inbox.dbx"
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.windowsupdate
TCP: {C479BC32-6C3E-46DA-A943-A40BBC69B386} = 75.116.63.154 75.116.127.154
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

After it finished I waited 20 minutes for the laptop to restart but all it gave me was the desktop, no taskbar, no start, no links, so I shut it down with the switch and restarted after 30 seconds..
Then I went online and posted this reply. I have done nothing else.. except read your reply online.  I am sorry I didn't wait longer before I completed your instructions.
I will now wait for further instructions.
I am very sorry. jean

[ejeanruport]

Jean, I would like you to please send me another HJT log and then download and run ComboFix.

Here is the HJT log "after" I ran ComboFix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:17 PM, on 5/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" "C:\All Jeans Files\Saved email from Outlook

Express\Inbox.dbx"
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C479BC32-6C3E-46DA-A943-A40BBC69B386}: NameServer = 75.116.63.154 75.116.127.154
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0

\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7226 bytes

[SuperDave]

I am very sorry. jean

It's was not a big deal. Please re-enable your System Restore. An infected Restore point is better than no Restore Point.

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\system32\mbnxtssb.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

============================
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.windowsupdate


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

How is your computer running now?

[ejeanruport]

I have a problem.. My computer will NOT let me connect to any site that has an anti-virus address. It tells me IE cannot display this page. So is there an alternative site for Jotti's malware scan?

[SuperDave]

If you can't download this program on your computer please download it on another computer and burn it to a CD-RW or a DVD-RW and transfer it to your computer.

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
• When done, click on Save Report
  
• Save it to the Desktop.
• Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

[ejeanruport]

I was able to connect to RootRepeal, ran the program and saved the report. Did not find any email addresses.
RootRepeal report:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/02 18:01
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE8B9000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B99000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE95B000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xEF11E000   Size: 139264   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\e. jean ruport\application data\verizon wireless\vzaccess manager\diagnostics.txt
Status: Size mismatch (API: 446339, Raw: 446274)

SSDT
-------------------
#: 017   Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f13e0

#: 019   Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1c10

#: 031   Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef300

#: 037   Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fedd0

#: 041   Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf867787e

#: 046   Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eee40

#: 047   Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebb80

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebf90

#: 050   Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb440

#: 053   Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed480

#: 057   Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee0f0

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eec50

#: 097   Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0a00

#: 116   Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ff450

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ecf80

#: 125   Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb860

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed980

#: 137   Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1860

#: 145   Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0f80

#: 180   Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1db0

#: 199   Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eff00

#: 200   Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0500

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fe960

#: 206   Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee8a0

#: 210   Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef6f0

#: 213   Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eded0

#: 240   Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee290

#: 247   Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf8677bfe

#: 249   Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f08e0

#: 253   Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eea80

#: 254   Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee690

#: 255   Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee4a0

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed1e0

#: 258   Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0edcc0

#: 262   Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0d10

#: 277   Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1a30

Hidden Services
-------------------
Service Name: gpvcprl
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Shadow SSDT
-------------------
#: 013   Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9bd0

#: 233   Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9f20

#: 307   Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6990

#: 310   Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8790

#: 319   Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e82c0

#: 324   Function Name: NtUserCallTwoParam
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9400

#: 383   Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7440

#: 389   Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8b40

#: 401   Function Name: NtUserGetDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e97f0

#: 414   Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7310

#: 416   Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e71e0

#: 439   Function Name: NtUserGetWindowDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9a20

#: 460   Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7570

#: 465   Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8f20

#: 475   Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7a50

#: 476   Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7f00

#: 491   Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e67a0

#: 502   Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8540

#: 509   Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8930

#: 529   Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8ce0

#: 546   Function Name: NtUserSetWindowPos
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e92b0

#: 548   Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6250

#: 549   Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e5df0

#: 552   Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e64f0

#: 555   Function Name: NtUserShowWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e91c0

==EOF==

[ejeanruport]

I was able to connect to RootRepeal, ran the program and saved the report. Did not find any email addresses.
RootRepeal report:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/02 18:01
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE8B9000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B99000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE95B000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xEF11E000   Size: 139264   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\e. jean ruport\application data\verizon wireless\vzaccess manager\diagnostics.txt
Status: Size mismatch (API: 446339, Raw: 446274)

SSDT
-------------------
#: 017   Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f13e0

#: 019   Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1c10

#: 031   Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef300

#: 037   Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fedd0

#: 041   Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf867787e

#: 046   Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eee40

#: 047   Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebb80

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ebf90

#: 050   Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb440

#: 053   Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed480

#: 057   Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee0f0

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eec50

#: 097   Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0a00

#: 116   Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ff450

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ecf80

#: 125   Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eb860

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed980

#: 137   Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1860

#: 145   Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0f80

#: 180   Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1db0

#: 199   Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eff00

#: 200   Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0500

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0fe960

#: 206   Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee8a0

#: 210   Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ef6f0

#: 213   Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eded0

#: 240   Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee290

#: 247   Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf8677bfe

#: 249   Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f08e0

#: 253   Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0eea80

#: 254   Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee690

#: 255   Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ee4a0

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0ed1e0

#: 258   Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0edcc0

#: 262   Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f0d10

#: 277   Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0f1a30

Hidden Services
-------------------
Service Name: gpvcprl
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Shadow SSDT
-------------------
#: 013   Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9bd0

#: 233   Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9f20

#: 307   Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6990

#: 310   Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8790

#: 319   Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e82c0

#: 324   Function Name: NtUserCallTwoParam
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9400

#: 383   Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7440

#: 389   Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8b40

#: 401   Function Name: NtUserGetDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e97f0

#: 414   Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7310

#: 416   Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e71e0

#: 439   Function Name: NtUserGetWindowDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e9a20

#: 460   Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7570

#: 465   Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8f20

#: 475   Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7a50

#: 476   Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e7f00

#: 491   Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e67a0

#: 502   Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8540

#: 509   Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8930

#: 529   Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e8ce0

#: 546   Function Name: NtUserSetWindowPos
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e92b0

#: 548   Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e6250

#: 549   Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e5df0

#: 552   Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e64f0

#: 555   Function Name: NtUserShowWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xef0e91c0

==EOF==

I ran the rest of your instructions. ComboFix did restart the computer, then it opened my Desktop but there was nothing on it, not the Taskbar, links or anything. I waited for 75 minutes and then rebooted it with the on/off button. Did a search for Combofix.txt and this is what I found:
ComboFix Log file:
ComboFix 10-05-01.04 - E. Jean Ruport 05/03/2010   8:32:44.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.186 [GMT -5:00]
Running from: C:\Documents and Settings\E. Jean Ruport\Desktop\commy.exe
Command switches used :: C:\Documents and Settings\E. Jean Ruport\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}


Is this what you expected to see?
 I  tried to get updates to AVG but got the same message "Internet Explorer cannot display the webpage." and gave me info to correct it which I have tried several times.
Don't know what to do next.  Jean

[SuperDave]

Did you run the ComboFix script as described in Reply #8? If not, please try to run it.

[ejeanruport]

Did you run the ComboFix script as described in Reply #8? If not, please try to run it.

I did run the ComboFix script as you instructed in Reply #8 and added the only log file I could find and these were the results copied from my post to you on May 3, 2010, 9:16:02 AM;

"I ran the rest of your instructions. ComboFix did restart the computer, then it opened my Desktop but there was nothing on it, not the Taskbar, links or anything. I waited for 75 minutes and then rebooted it with the on/off button. Did a search for Combofix.txt and this is what I found:
ComboFix Log file:
ComboFix 10-05-01.04 - E. Jean Ruport 05/03/2010   8:32:44.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.186 [GMT -5:00]
Running from: C:\Documents and Settings\E. Jean Ruport\Desktop\commy.exe
Command switches used :: C:\Documents and Settings\E. Jean Ruport\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}


Is this what you expected to see?
 I  tried to get updates to AVG but got the same message "Internet Explorer cannot display the webpage." and gave me info to correct it which I have tried several times.
Don't know what to do next.  Jean"