Reinfection - trojan?

[cgeorge107]

Dave helped me clean up a problem in the past. I've been careful, I suspect Facebook, but can't verify this is where my problems came from. Running WinXP Media Center Edition, SP3.  I use Internet Explorer, Version 8.

My computer started re-directing to other Websites (Not safe according to WOT). I was getting popups that read that the site did not have a normal address and it had figures that looked like a strange type of hieroglyphics. It was also hanging up at Shutdown. Scans showed I was infected - Microsoft Security Suite did not detect it. I uninstalled it and installed AVG. It was detected with AVG but the files kept moving so when it went to quarantine the file was not there. Most of them were stored in the operating memory and it could not delete them. I've followed all your steps and cleaned a lot of the threats but would like to have you check my logs and see if I'm still infected.

Super Anti-Spyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2011 at 02:37 PM

Application Version : 4.48.1000

Core Rules Database Version : 7988
Trace Rules Database Version: 5800

Scan type       : Complete Scan
Total Scan Time : 02:07:42

Memory items scanned      : 464
Memory threats detected   : 0
Registry items scanned    : 7683
Registry threats detected : 0
File items scanned        : 138986
File threats detected     : 29

Adware.Tracking Cookie
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\3SYGLY5V.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\FZEDUFVN.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\SE3L64IS.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\3CSUVWNH.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected]
   C:\Documents and Settings\Compaq_Administrator\Cookies\RT5M4VZ2.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\XK8EAZ4Q.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\34IOI7K4.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\5TVQ3IQ9.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\L3811WK7.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\96281RO3.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\02Q9BPG9.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\DPYW2KAO.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\TNVAC30I.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\AA8BVYIA.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\932WUXRP.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\62RRYTJD.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@invitemedia[9].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\BUMVV78C.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][8].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\9C44GIHN.txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][10].txt

Malware Bytes Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 8249

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/26/2011 10:45:14 PM
mbam-log-2011-11-26 (22-45-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 329128
Time elapsed: 1 hour(s), 57 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\DISC\gameguide\browser\winlockdll.dll (PUP.Winlock.Disabler) -> Quarantined and deleted successfully.

DDS Log 1

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by Compaq_Administrator at 22:53:23 on 2011-11-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.348 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/ADocuments/webdocs2/Home%20Page/kickstart2/kickstart3.html
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipalbum 6 suite eval\fplaunch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MyGarminAgent] c:\program files\garmin\mygarminagent\MyGarminAgent.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D156567C-0F2D-43AE-9C35-C846D12FD0EF} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\4d5lbzec.default\
FF - prefs.js: browser.startup.homepage - file:///C:/ADocuments/webdocs2/Home%20Page/kickstart2/kickstart3.html
FF - plugin: c:\documents and settings\compaq_administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\compaq_administrator\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-12 64160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-6 366640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-6 22712]
S1 MpKsl3416d414;MpKsl3416d414;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9e3c7f58-0b24-4d8b-ad97-d4eafb913761}\mpksl3416d414.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9e3c7f58-0b24-4d8b-ad97-d4eafb913761}\MpKsl3416d414.sys [?]
S1 MpKsl9457de3d;MpKsl9457de3d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6162ee6c-4773-4a13-81e3-7d9edf067f73}\mpksl9457de3d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6162ee6c-4773-4a13-81e3-7d9edf067f73}\MpKsl9457de3d.sys [?]
S1 MpKslff1d9629;MpKslff1d9629;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fdfd706e-551c-4e04-9ff8-1fd2f4efdc8a}\mpkslff1d9629.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fdfd706e-551c-4e04-9ff8-1fd2f4efdc8a}\MpKslff1d9629.sys [?]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\system32\svchost.exe -k Sqlses [2004-8-10 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-6 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2e.tmp --> c:\windows\system32\2E.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-26 40552]
.
=============== Created Last 30 ================
.
2011-11-26 16:38:11   --------   d-----w-   c:\program files\COMODO
2011-11-26 16:35:43   --------   d-----w-   c:\documents and settings\all users\application data\Comodo
2011-11-26 16:34:53   --------   d-----w-   c:\documents and settings\all users\application data\Comodo Downloader
2011-11-25 03:17:19   --------   d--h--w-   C:\$AVG
2011-11-25 02:24:17   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\AVG2012
2011-11-25 02:22:59   --------   d--h--w-   c:\documents and settings\all users\application data\Common Files
2011-11-25 02:21:10   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-11-25 02:21:10   --------   d-----w-   c:\documents and settings\all users\application data\AVG2012
2011-11-25 02:20:10   --------   d-----w-   c:\program files\AVG
2011-11-25 02:16:06   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-11-25 02:13:16   --------   d--h--w-   c:\windows\system32\GroupPolicy
2011-11-19 21:02:04   --------   d-----w-   C:\EOS Compaq disk
.
==================== Find3M  ====================
.
2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:42   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 10:06:03   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-03 07:37:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 15:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 15:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-13 11:30:10   32592   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
1998-07-14 16:20:22   2901888   ----a-r-   c:\program files\KEYCHAMP.EXE
.
============= FINISH: 22:55:12.48 ===============

DDS Attach Log2

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2006 9:04:12 PM
System Uptime: 11/26/2011 10:46:39 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 148.319 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.006 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MP620 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP620 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG 2012
AXIS Media Control Embedded
Bejeweled 3
Bonjour
BufferChm
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
COMODO Internet Security
Compaq Connections (remove only)
Compaq Multimedia Keyboard Software
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
Cuyahoga Demo
Destinations
DeviceManagementQFolder
DVD Shrink 3.2
Easy Internet Sign-up
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Digital PhotoLab
EPSON Event Manager
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Scan
EPSON Scan Assistant
EPSON Status Monitor 2
ESET Online Scanner v3
FeedDemon
FeedStation
FlipAlbum 6 Suite Eval
FullDPAppQFolder
Garmin Communicator Plugin with myGarmin Agent
Garmin USB Drivers
GemMaster Mystic
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DigitalMedia Archive
HP Games 3.43.97
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Software Update
HP Support Overview
HpSdpAppCoreApp
InstantShareDevices
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 29
Kinko's File Prep Tool
Learn2 Player (Uninstall Only)
LightScribe  1.4.62.1
Malwarebytes' Anti-Malware version 1.51.1.1800
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Money 2005
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Publisher 2000 Resume Wizard
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Move Media Player
Mozilla Firefox (3.6.16)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
OpenOffice.org Installer 1.0
Otto
Paint Shop Pro 7 Anniversary Edition
PC-Doctor 5 for Windows
Photo Organizer
Photo Viewer 2.3
PhotoAlbum Add-In
Photodex Presenter
PhotoGallery
Picasa 3
PrintingPress
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Remove WeatherBug Installer
Savings Bond Wizard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel MSCN Audio Player
SigningAvatar Illustrated Dictionary
SkinsHP1
Snood for Windows version 3.52-W
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
SUPERAntiSpyware
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Venues(tm) X3D Viewer and Simulation Engine
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WOT for Internet Explorer
Yahoo! Mail Quick Select Tool (PhotoMail)
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 2:40:29 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
11/25/2011 8:17:19 PM, error: Service Control Manager [7023]  - The SQL Server EXPRESS service terminated with the following error:  The specified module could not be found.
11/25/2011 8:17:19 PM, error: Service Control Manager [7023]  - The Help and Support service terminated with the following error:  The specified module could not be found.
11/25/2011 1:54:41 PM, error: Service Control Manager [7023]  - The SQL Server EXPRESS service terminated with the following error:  Access is denied.
11/24/2011 8:49:17 PM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
11/23/2011 8:13:23 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  fasttx2k IntelIde ViaIde
11/23/2011 10:19:14 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
11/23/2011 10:19:14 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL. Reference error message: The operation completed successfully. .
11/23/2011 10:19:14 PM, error: SideBySide [32]  - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

While checking Control Panel for programs I did not recognize - I fould a few I don't remember installing:

Bonjour
GemMaster
Move Media Player

Would you recommend uninstalling these?  There are probably others I don't need.

Thanks for your help!  ~Cheryl
Wish I'd installed a firewall last time. I didn't, but installed Comodo this time and already it has blocked something.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

I suspect Facebook, but can't verify this is where my problems came from.

Facebook has become one of the most dangerous places to visit.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
**************************************************

Bonjour
GemMaster
Move Media Player

Bonjour is part of Quicktime. GemMaster and Move Media Player were probably installed with something else. If you don't use them, they're just taking up space.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[cgeorge107]

Dave,

I uninstalled ViewPoint and downloaded ComboFix. It's been running several hours. I temporarily disabled AVG, because that was all it allowed me to do, thinking ComboFix would finish within 15 minutes.

Well, it cleaned files, made restore point.  It found a ZeroAccess RootKit in TCP/IP and gave message it needed to re-boot, which it did. Now it's been on the same message for hours - Please wait. ComboFix is preparing to run. Not sure if this is normal, but I don't want to interrupt for fear of making things worse. Please advise. I'm going to leave it alone and just shut off monitor and check in the morning.  Oh, there was a lot of activity as if it was reading files or scanning. It's quieted down now - not much activity.  Read on another forum that it ran hours for them so I'll wait and see.

Thanks!

[SuperDave]

Four hours it too long. Shut it down and try to find the log from the previous run. You should be able to find it here: C:\combo-fix.txt

[cgeorge107]

Dave, thanks! Wanted to back up some data and photos first. The first scan did not run, no log. It was hung up for some reason. Ran again, here's the log... looks like it did a lot of cleaning.

ComboFix 11-11-27.02 - Compaq_Administrator 11/30/2011  22:43:32.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.539 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Malware Bytes\CherylCGF.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\John\WINDOWS
c:\windows\CSC\d6
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-01 to 2011-12-01  )))))))))))))))))))))))))))))))
.
.
2011-11-27 21:05 . 2011-10-07 17:47   33984   ----a-w-   c:\windows\system32\cmdcsr.dll
2011-11-26 16:38 . 2011-11-26 16:38   --------   d-----w-   c:\program files\COMODO
2011-11-26 16:35 . 2011-11-26 16:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Comodo
2011-11-26 16:34 . 2011-11-26 16:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-11-25 03:17 . 2011-11-25 03:17   --------   d-----w-   C:\$AVG
2011-11-25 02:24 . 2011-11-25 02:24   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG2012
2011-11-25 02:22 . 2011-11-25 02:22   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-11-25 02:21 . 2011-12-01 00:49   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-11-25 02:21 . 2011-11-25 02:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG2012
2011-11-25 02:20 . 2011-11-25 02:20   --------   d-----w-   c:\program files\AVG
2011-11-25 02:16 . 2011-12-01 00:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-11-25 02:13 . 2011-11-25 02:13   --------   d--h--w-   c:\windows\system32\GroupPolicy
2011-11-24 01:40 . 2011-11-24 01:40   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-19 21:02 . 2011-11-20 04:49   --------   d-----w-   C:\EOS Compaq disk
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-10 12:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-10-07 17:48 . 2011-06-30 14:38   97760   ----a-w-   c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2011-06-30 14:38   31704   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2011-06-30 14:38   492768   ----a-w-   c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-06-30 14:38   18056   ----a-w-   c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-06-30 14:37   300200   ----a-w-   c:\windows\system32\guard32.dll
2011-10-07 11:23 . 2011-10-07 11:23   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 10:06 . 2010-08-09 02:53   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2008-01-12 00:10   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-10 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-09-13 11:30   32592   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2004-08-10 12:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
1998-07-14 16:20 . 2006-02-10 04:02   2901888   ----a-r-   c:\program files\KEYCHAMP.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-08-09 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-1-11 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-11 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
backup=c:\windows\pss\EPSON Background Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-01-12 04:52   2321600   ----a-w-   c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2007-10-31 02:57   1095256   ----a-w-   c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/12/2009 5:30 PM 64160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 9:38 AM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 9:38 AM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/6/2011 12:03 AM 366640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/6/2011 12:03 AM 22712]
S1 MpKsl3416d414;MpKsl3416d414;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E3C7F58-0B24-4D8B-AD97-D4EAFB913761}\MpKsl3416d414.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E3C7F58-0B24-4D8B-AD97-D4EAFB913761}\MpKsl3416d414.sys [?]
S1 MpKsl9457de3d;MpKsl9457de3d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6162EE6C-4773-4A13-81E3-7D9EDF067F73}\MpKsl9457de3d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6162EE6C-4773-4A13-81E3-7D9EDF067F73}\MpKsl9457de3d.sys [?]
S1 MpKslff1d9629;MpKslff1d9629;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDFD706E-551C-4E04-9FF8-1FD2F4EFDC8A}\MpKslff1d9629.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDFD706E-551C-4E04-9FF8-1FD2F4EFDC8A}\MpKslff1d9629.sys [?]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [8/10/2004 7:00 AM 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1036104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2E.tmp --> c:\windows\system32\2E.tmp [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses   REG_MULTI_SZ      SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2009-12-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:45]
.
2011-12-01 c:\windows\Tasks\User_Feed_Synchronization-{C8FD4DC9-24A4-4A08-B896-E100C7282940}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/ADocuments/webdocs2/Home%20Page/kickstart2/kickstart3.html
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 22:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,3a,2f,ec,09,1b,04,46,bd,de,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,3a,2f,ec,09,1b,04,46,bd,de,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-11-30  23:02:24
ComboFix-quarantined-files.txt  2011-12-01 04:02
ComboFix2.txt  2011-02-14 03:35
.
Pre-Run: 161,133,735,936 bytes free
Post-Run: 161,574,506,496 bytes free
.
- - End Of File - - F5947F070BED4E0116C527749AE98B0F

[SuperDave]

Wanted to back up some data and photos first

Always a good idea. Be sure to scan them before putting them back on your computer.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[cgeorge107]

<<Always a good idea. Be sure to scan them before putting them back on your computer.>>

Thanks again, Dave!  I backed up mostly jpeg and .doc files to DVD - is scanning with AVG sufficient?
 
Here's my log.
 
SysProt Antirootkit Log
 
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F1B16000
Module End: F1B2E000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A68000
Module End: F7A6A000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F758087E
Driver Base: F7580000
Driver End: F758F000
Driver Name: Lbd.sys
Function Name: ZwOpenProcess
Address: EF662F3C
Driver Base: EF662000
Driver End: EF665000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwSetValueKey
Address: F7580BFE
Driver Base: F7580000
Driver End: F758F000
Driver Name: Lbd.sys
Function Name: ZwTerminateProcess
Address: EF662FE4
Driver Base: EF662000
Driver End: EF665000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwTerminateThread
Address: EF663080
Driver Base: EF662000
Driver End: EF665000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwWriteVirtualMemory
Address: EF66311C
Driver Base: EF662000
Driver End: EF665000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
 

[SuperDave]

is scanning with AVG sufficient?

I always recommend scanning them with two different AV's.
How's the computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[cgeorge107]

Computer is working better, but from the log it looks like there is still an infection. Here is my eset log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c2907bcb99ffc47978930e3b00e4d9c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-24 06:11:26
# local_time=2011-11-24 01:11:26 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 24557518 24557518 0 0
# compatibility_mode=5891 16776533 42 87 0 18039131 0 0
# compatibility_mode=8192 67108863 100 0 23189474 23189474 0 0
# scanned=147559
# found=4
# cleaned=2
# scan_time=7225
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll   Win32/Adware.Yontoo application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Yontoo Layers Client\YontooIEClient.dll   Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined)   00000000000000000000000000000000   C
C:\WINDOWS\system32\drivers\afd.sys   a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean)   00000000000000000000000000000000   I
${Memory}   multiple threats   00000000000000000000000000000000   I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c2907bcb99ffc47978930e3b00e4d9c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-06 02:08:21
# local_time=2011-12-05 09:08:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 25580879 25580879 0 0
# compatibility_mode=1024 16777191 100 0 25612 25612 0 0
# compatibility_mode=3073 16777213 80 71 619238 4200042 0 0
# compatibility_mode=8192 67108863 100 0 24212835 24212835 0 0
# scanned=125123
# found=0
# cleaned=0
# scan_time=6079

I cannot find the option to export file as explained in your directions. I did find this log in the Eset folder.

[SuperDave]

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[cgeorge107]

Thanks Dave, sorry it took a while. Here's my log.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-15 09:30:56
-----------------------------
09:30:56.859    OS Version: Windows 5.1.2600 Service Pack 3
09:30:56.859    Number of processors: 1 586 0x2F02
09:30:56.859    ComputerName: DINING-ROOM  UserName:
09:31:01.343    Initialize success
09:35:14.468    AVAST engine defs: 11121500
09:36:21.562    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:36:21.578    Disk 0 Vendor: Maxtor_6L200M0 BACE1G10 Size: 190782MB BusType: 3
09:36:21.640    Disk 0 MBR read successfully
09:36:21.640    Disk 0 MBR scan
09:36:21.671    Disk 0 unknown MBR code
09:36:21.687    Disk 0 scanning sectors +390716865
09:36:21.796    Disk 0 scanning C:\WINDOWS\system32\drivers
09:36:35.984    Service scanning
09:36:37.375    Modules scanning
09:36:43.750    Disk 0 trace - called modules:
09:36:43.781    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:36:43.781    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657fab8]
09:36:43.781    3 CLASSPNP.SYS[f7570fd7] -> nt!IofCallDriver -> \Device\00000072[0x865d3a80]
09:36:44.296    5 ACPI.sys[f7407620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865d2940]
09:36:44.906    AVAST engine scan C:\
11:12:17.265    Scan finished successfully
16:43:25.406    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\removal tool\MBR.dat"
16:43:25.406    The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\removal tool\aswMBR12-15-11.txt"

[SuperDave]

Download Bootkit Remover to your Desktop.

•You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip

•After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

•It will show a Black screen with some data on it.

•Right click on the screen and click Select All.

•Press Enter

•Open a Notepad and press CTRL V

•Post the output back here.

[cgeorge107]

Dave, esage.com doesn't have anything on its site at the moment. The Bootkit removal is not there.

[SuperDave]

Dave, esage.com doesn't have anything on its site at the moment. The Bootkit removal is not there.

Sorry about that. I'll check it out.

Download the MBR Rootkit Detector to your desktop.

* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.

[cgeorge107]

MBR Log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L200M0 rev.BACE1G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Thanks Dave!

[SuperDave]

Please run another scan with ESET and post  the log.

[cgeorge107]

So my MBR log looks clean.  You think it's clean now?

Thanks!
Cheryl

[SuperDave]

Please run another scan with ESET and post the log.

[cgeorge107]

Eset Online Scan Log

# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c2907bcb99ffc47978930e3b00e4d9c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 12:51:57
# local_time=2011-12-27 07:51:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 27478837 27478837 0 0
# compatibility_mode=1024 16777191 100 0 1923570 1923570 0 0
# compatibility_mode=3073 16777213 80 71 2517196 6098000 0 0
# compatibility_mode=8192 67108863 100 0 26110793 26110793 0 0
# scanned=125935
# found=0
# cleaned=0
# scan_time=4336

[SuperDave]

That looks good. If there are no other issues, we can do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type CherylCGF /uninstall in the runbox
* Make sure there's a space between CherylCGF and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[cgeorge107]

Dave, I forgot to check the box to scan archive files so I ran it once more and the scan found 4 threats that it cleaned. I'm not sure if it was due to that box not being checked first time, but here is my log... I won't do anything else until I hear from you.

esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c2907bcb99ffc47978930e3b00e4d9c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 03:43:26
# local_time=2011-12-27 10:43:26 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 27487328 27487328 0 0
# compatibility_mode=1024 16777191 100 0 1932061 1932061 0 0
# compatibility_mode=3073 16777213 80 71 2525687 6106491 0 0
# compatibility_mode=8192 67108863 100 0 26119284 26119284 0 0
# scanned=126060
# found=4
# cleaned=4
# scan_time=6135
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\63562ec0-72ddb669   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\1494686d-5e79ac2d   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\6cde0e2f-315653e3   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\55\5db226b7-1d40eb03   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C

[SuperDave]

Ok. Please follow the clean-up instructions I posted and we'll be done.

[cgeorge107]

I keep getting the message, "Windows cannot locate file, CherylCGF". Make sure you are typing the name in correctly (something to that effect).

I'm typing it in correctly, have tried repeatedly. Have the space right, even copied and pasted from your instructions to make sure.  Can't figure it out.

[SuperDave]

I'm typing it in correctly, have tried repeatedly. Have the space right, even copied and pasted from your instructions to make sure.  Can't figure it out.

Ok. I figured that it wouldn't work. Please do this.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

********************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.

[cgeorge107]

Completed all. Downloaded the ComboFix uninstall program and ran, popup box said "Done!".  Exe files still on desktop - is that okay?  Qoobox folder and BackEnv folders were removed by the 'uninstall program'.

I'm comfortable doing a manual removal if necessary.  Other than that, computer is running great!

Thanks for your help!

Cheryl

[SuperDave]

Completed all. Downloaded the ComboFix uninstall program and ran, popup box said "Done!".  Exe files still on desktop - is that okay?  Qoobox folder and BackEnv folders were removed by the 'uninstall program'.

I'm comfortable doing a manual removal if necessary.  Other than that, computer is running great!

Thanks for your help!

Cheryl

Hi Cheryl. You may manually remove them. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. Happy New Year