Folder/Window spam at Startup

[keyweez360]

Ok so according to that start-up tool (enabled where "check" noted):

WMPNSCFG (check)
ctfmon.exe (check)
Windows Media Connect 2 (check)
AVG8_TRAY (check)
QuickTime Task (check)
SsAAD.exe
QuickTime Task (again, no check)
iTunesHelper
SoundMan
ccApp
Symantec NetDriver Monitor
WinampAgent
Lexmark X83 Button Manager
Lexmark X83 Button Monitor
PrinTray
Windows Defender
Remote Control
SunJavaUpdateSched

[evilfantasy]

Those are all legitimate.

Lets look closer at whats going on. This isn't malware I'm pretty sure but some of the tools we use may shed some light.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

[keyweez360]

log and info are attached

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

I think this is where to look for them.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Start Menu

C:\Documents and Settings\Owner.ANTHONY
Application Data
Cookies
Desktop
Favorites
Local Settings
LuResult.txt
My Documents
NetHood
ntuser.dat
ntuser.dat.LOG
ntuser.ini
PrintHood
Recent
SendTo
Start Menu
Templates
UserData
WINDOWS

[keyweez360]

Wait what?

[evilfantasy]

The files are in the middle of the registry dump. They are loading from the registry for some reason.

I see you ran ComboFix, can you post that log also please. It is in C:\ComboFix.txt

[keyweez360]

Ok I'm gonna have to run it again -- didn't let it finish the first time. Will reply back (with log) when its done.

[evilfantasy]

OK. Did you uninstall Norton?

[evilfantasy]

After ComboFix is done.

Go to Add or Remove Programs and uninstall LiveUpdate 2.6 (Symantec Corporation)

----------

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
  
• Place a check next to Remove Useless JRE Files and click Go
  
• Exit JavaRa
  
• Delete the JavaRa files from the Desktop

.
Run CCleaner.

[keyweez360]

Ran ComboFix and uninstalled LiveUpdate and everything else Norton AntiVirus related. the ComboFix log is attached.

[recovering disk space -- attachment deleted by admin]

[keyweez360]

Ran JavaRa. log attached.

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

I am nervous about deleting those files. Not sure what the consequences might be.

Do you have a flash drive or CD to put all of your important files on to like pictures or documents you don't want to loose?

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\WINDOWS\SYSTEM32\tmp.reg
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[keyweez360]

Let me back up some stuff I have as you said, then i'll follow your other steps. Will post back with the log.

[evilfantasy]

You don't need to backup yet. I think you need to create another user account and put your important files on it then delete this one. Or we can delete the files that are starting up and see what happens. In case of disaster you will have a good account already set up to use.

[keyweez360]

Ok did what you said. log file attached

[recovering disk space -- attachment deleted by admin]