Author Topic: System restore software (Read 59726 times)

bluesstrummer24 · « **on:** April 03, 2009, 12:20:56 PM »

MY system restore doesn't work, and I've tried all the suggestions given here, to no avail. I was wondering if there was any software available that does the same function as the Windows system restore utility.

evilfantasy · « **Reply #1 on:** April 03, 2009, 02:41:35 PM »

Download systemrestore.reg to your Desktop right click the file and select merge.

Accept any warnings.

bluesstrummer24 · « **Reply #2 on:** April 05, 2009, 05:20:26 PM »

Ok Evil. I've done what you've suggested. Now What?

evilfantasy · « **Reply #3 on:** April 05, 2009, 05:21:05 PM »

Restsrt the computer and see if it is working.

bluesstrummer24 · « **Reply #4 on:** April 06, 2009, 08:22:30 AM »

WoooHooooo Evil!!!! You da man!!!!!
The system restore works, but only in the safe mode. But that's good enough for me.
I've been trying to fix this for months. I can't thank you enough Evil.
Thanks so much!!!

evilfantasy · « **Reply #5 on:** April 06, 2009, 08:27:01 AM »

It should work in any mode. Malware will sometimes do this.

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

bluesstrummer24 · « **Reply #6 on:** April 06, 2009, 09:16:05 AM »

SCANNING NOW

bluesstrummer24 · « **Reply #7 on:** April 06, 2009, 09:21:13 AM »

Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/6/2009 8:20:10 AM
mbam-log-2009-04-06 (08-20-10).txt

Scan type: Quick Scan
Objects scanned: 77971
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

evilfantasy · « **Reply #8 on:** April 06, 2009, 02:04:04 PM »

Download from DDS by sUBs and save it to your Desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or forewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs:

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

bluesstrummer24 · « **Reply #9 on:** April 06, 2009, 06:49:31 PM »

DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 17:43:32.71 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.147 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Billeo\billeo.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\internet explorer\iexplore.exe
C:\PROGRA~1\Inbox\Toolbar\CToolbar.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\progra~1\inbox\ssaver\CSSaver.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\inbox\toolbar\ctbr.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: &Inbox.com Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\inbox\toolbar\ctbr.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU"
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
IE: Inbox Search - tbr:iemenu
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\progra~1\inbox\ssaver\CSSaver.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238784487514&h=bb82124d3f2ddc8cd687fe79e8c3bd84/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\inbox\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-26 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-26 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-30 353672]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-26 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 mrtRate;mrtRate;

S2 ucyvusjw;ucyvusjw;\??\c:\windows\system32\drivers\ucyvusjw.sys --> c:\windows\system32\drivers\ucyvusjw.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-3-30 464264]

=============== Created Last 30 ================

2009-04-05 16:48   <DIR>   --d-----   c:\program files\Citrix
2009-04-05 15:56   <DIR>   --d-----   c:\program files\CCleaner
2009-04-03 09:32   <DIR>   --d-----   c:\program files\Belarc
2009-04-02 13:54   <DIR>   --d-----   c:\program files\Trend Micro
2009-04-02 13:06   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-04-02 13:06   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-04-02 13:06   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 13:05   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-04-02 13:05   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-02 12:01   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-02 12:01   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-04-02 12:01   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-04-02 11:57   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-03-30 18:43   1,221,512   a-------   c:\windows\system32\zpeng25.dll
2009-03-30 18:43   <DIR>   --d-----   c:\windows\system32\ZoneLabs
2009-03-30 18:43   <DIR>   --d-----   c:\program files\Zone Labs
2009-03-30 18:43   350,192   a-------   c:\windows\system32\vsconfig.xml
2009-03-30 18:36   0   a-------   C:\XESD.tmp
2009-03-30 18:36   0   a-------   C:\XESB.tmp
2009-03-30 10:21   <DIR>   --d-----   c:\program files\AskBarDis
2009-03-17 02:30   <DIR>   --d-----   c:\program files\Jetico
2009-03-16 18:42   524,288   a-------   c:\windows\opuc.dll
2009-03-15 14:40   <DIR>   --d-----   c:\windows\system32\IOSUBSYS

==================== Find3M ====================

2009-03-30 18:44   4,212   a---h---   c:\windows\system32\zllictbl.dat
2009-03-24 09:39   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
2009-03-13 08:05   325,640   a-------   c:\windows\system32\drivers\avgldx86.sys
2009-03-13 08:05   10,520   a-------   c:\windows\system32\avgrsstx.dll
2009-03-09 05:19   410,984   a-------   c:\windows\system32\deploytk.dll
2009-03-03 00:03   208,896   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-03-03 00:03   45,056   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-03-03 00:03   341,048   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-03-03 00:03   44,032   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-03-03 00:03   163,840   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-03-03 00:03   61,440   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-03-03 00:03   40,960   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-03-03 00:03   32,768   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-03-03 00:03   32,768   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-02-26 09:16   12,552   --------   c:\windows\system32\drivers\avgrkx86.sys
2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
2009-02-09 04:13   1,846,784   --------   c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35   3,594,752   --------   c:\windows\system32\dllcache\mshtml.dll
2007-01-31 21:24   22   -c-sh---   c:\windows\sminst\HPCD.sys

============= FINISH: 17:44:21.96 ===============

bluesstrummer24 · « **Reply #10 on:** April 06, 2009, 06:51:52 PM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2007 10:20:37 PM
System Uptime: 4/6/2009 11:15:16 AM (6 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 206.563 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.557 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is FIXED (FAT32) - 112 GiB total, 111.694 GiB free.
L: is Removable
M: is FIXED (NTFS) - 466 GiB total, 431.699 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

==== System Restore Points ===================

RP13: 4/6/2009 6:48:11 AM - System Checkpoint
RP14: 4/6/2009 6:49:15 AM - folder
RP15: 4/6/2009 6:57:29 AM - Restore Operation
RP16: 4/6/2009 7:07:36 AM - no folder
RP17: 4/6/2009 7:11:36 AM - Restore Operation
RP18: 4/6/2009 8:02:05 AM - clean
RP19: 4/6/2009 8:44:14 AM - CLEANEST

==== Installed Programs ======================

Adaptec UDF Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AnswerWorks 4.0 Runtime - English
AT&T Yahoo! Applications
AT&T Yahoo! DSL Activation
AVG 8.5
Browser Mouse
CCleaner (remove only)
CCScore
CDDRV_Installer
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
EPSON Printer Software
EPSON Scan
erLT
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Free Password Manager Plus
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Product Detection
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
Inbox.com 3D Marine & Tropical Aquarium Screensaver
Inbox.com Toolbar
Java(TM) 6 Update 13
Java(TM) 6 Update 7
kgcbase
kgcmove
kgcvday
KhalInstallWrapper
Kodak EasyShare software
LightScribe 1.4.105.1
LimeWire 4.16.6
Logitech Communications Manager
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
netbrdg
NVIDIA Drivers
OfotoXMI
Paltalk Messenger Interop
PaltalkScene
PC-Doctor 5 for Windows
Picasa 2
QuickBooks Pro 2008
Quicken 2007
Realtek High Definition Audio Driver
Registry Cleaner 4.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
staticcr
Super GameHouse Solitaire Vol. 1
SUPERAntiSpyware Free Edition
tooltips
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
VC 9.0 Runtime
Viewpoint Media Player
VPRINTOL
WD Diagnostics
WebFldrs XP
WexTech AnswerWorks
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

==== Event Viewer Messages From Past Week ========

3/30/2009 10:24:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 szkg
3/30/2009 10:24:27 AM, error: Service Control Manager [7000] - The ucyvusjw service failed to start due to the following error: The system cannot find the file specified.
3/30/2009 10:24:27 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
3/30/2009 11:01:31 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/2/2009 1:52:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/2/2009 1:52:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde szkg ViaIde
4/5/2009 4:25:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/5/2009 4:31:55 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/6/2009 6:56:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2009 6:56:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL szkg Tcpip vsdatant
4/6/2009 6:57:26 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

==== End Of File ===========================

bluesstrummer24 · « **Reply #11 on:** April 06, 2009, 06:56:22 PM »

I really apreciate all this help Evil. You da man!!!!

evilfantasy · « **Reply #12 on:** April 06, 2009, 07:26:23 PM »

Quote from: bluesstrummer24 on April 06, 2009, 06:56:22 PM

I really apreciate all this help Evil. You da man!!!!

Your welcome!

I have found a few things that need to be fixed but first...

Go to Add or Remove Programs and uninstall:

- Java(TM) 6 Update 7
- Registry Cleaner 4.0 <- This is a malicious program. See here: http://www.mywot.com/en/scorecard/sammsoft.com
- Viewpoint Media Player
.
----------

Do you use the Inbox.com Toolbar and the Inbox.com 3D Marine & Tropical Aquarium Screensaver?

This toolbar is not malicious but is powered by Crawler so I need to know if you installed it on purpose or not before we continue.

bluesstrummer24 · « **Reply #13 on:** April 07, 2009, 11:49:15 AM »

i installed it on purpose but not a problem if you think i should uninstall it. uninstalling registry cleaner

bluesstrummer24 · « **Reply #14 on:** April 07, 2009, 11:57:23 AM »

I've uninstalled the java update and registry cleaner. not sure why you posted the wot link

evilfantasy · « **Reply #15 on:** April 07, 2009, 12:00:26 PM »

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
ucyvusjw
ASKService

File::
c:\program files\askbardis\bar\bin\AskService.exe
C:\XESD.tmp
C:\XESB.tmp

DDS::
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

bluesstrummer24 · « **Reply #16 on:** April 07, 2009, 12:06:05 PM »

I installed the crawler product for it's screen saver, because at the time, I had not only lost use of the system restore, I had also lost the windows screen saver utility
The windows screensaver is back and functional. so I can uninstall the crawler if you like.
I'm no expert by far, but i have noticed a lot of errors in the event viewer. I don't know if that has anything to do with our problem.

evilfantasy · « **Reply #17 on:** April 07, 2009, 01:30:27 PM »

Crawler is not dangerous so it's up to you.

bluesstrummer24 · « **Reply #18 on:** April 07, 2009, 10:36:02 PM »

I hope i did that right. Pretty scarry stuff

bluesstrummer24 · « **Reply #19 on:** April 07, 2009, 10:37:12 PM »

ComboFix 09-04-04.01 - HP_Administrator 2009-04-07 21:17:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.484 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\askbardis\bar\bin\AskService.exe
C:\XESB.tmp
C:\XESD.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\askbardis\bar\bin\askBar1.dll
c:\program files\askbardis\bar\bin\AskService.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\messenger\msmsgs.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\Uninstall Fun Web Products.dll
c:\windows\opuc.dll
c:\windows\patch.exe
c:\windows\system32\Cache
C:\XESB.tmp
C:\XESD.tmp
D:\Autorun.inf
K:\Autorun.inf
L:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKSERVICE
-------\Legacy_UCYVUSJW
-------\Service_ASKService
-------\Service_ucyvusjw

((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 21:14 . 2006-03-03 00:42   73,728   --a------   C:\pv.exe
2009-04-07 10:03 . 2009-03-07 21:23   30,136   --a------   c:\windows\system32\drivers\rspSanity32.sys
2009-04-05 16:48 . 2009-04-05 16:48   <DIR>   d--------   c:\program files\Citrix
2009-04-05 15:56 . 2009-04-05 15:56   <DIR>   d--------   c:\program files\CCleaner
2009-04-03 09:32 . 2009-04-03 09:32   <DIR>   d--------   c:\program files\Belarc
2009-04-02 13:54 . 2009-04-02 13:54   <DIR>   d--------   c:\program files\Trend Micro
2009-04-02 13:06 . 2009-04-02 13:06   <DIR>   d--------   c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-02 13:06 . 2009-03-26 16:49   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 13:06 . 2009-03-26 16:49   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-04-02 13:05 . 2009-04-02 13:06   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-04-02 13:05 . 2009-04-02 13:05   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 12:01 . 2009-04-02 12:01   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-04-02 12:01 . 2009-04-02 12:01   <DIR>   d--------   c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-04-02 12:01 . 2009-04-02 12:01   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-02 11:57 . 2009-04-02 11:57   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-03-30 18:43 . 2009-03-30 18:44   <DIR>   d--------   c:\windows\system32\ZoneLabs
2009-03-30 18:43 . 2009-03-30 18:43   <DIR>   d--------   c:\program files\Zone Labs
2009-03-30 18:43 . 2009-02-16 00:10   1,221,512   --a------   c:\windows\system32\zpeng25.dll
2009-03-30 18:43 . 2009-04-07 21:22   350,192   --a------   c:\windows\system32\vsconfig.xml
2009-03-30 10:21 . 2009-03-30 18:44   <DIR>   d--------   c:\program files\AskBarDis
2009-03-17 02:30 . 2009-03-17 02:30   <DIR>   d--------   c:\program files\Jetico
2009-03-15 14:40 . 2009-03-15 14:40   <DIR>   d--------   c:\windows\system32\IOSUBSYS
2009-03-11 11:04 . 2009-03-11 11:04   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-08 19:19 . 2009-03-08 19:19   <DIR>   d--------   c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 04:23   ---------   d-----w   c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-04-07 18:16   ---------   d-----w   c:\program files\Inbox
2009-04-06 22:14   ---------   d-----w   c:\program files\Billeo
2009-04-03 18:50   ---------   d-----w   c:\program files\Java
2009-04-03 17:40   ---------   d-----w   c:\documents and settings\HP_Administrator\Application Data\OfficeUpdate12
2009-03-24 16:39   108,552   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-03-15 21:39   ---------   d-----w   c:\program files\Google
2009-03-13 15:05   325,640   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-03-08 20:24   ---------   d-----w   c:\program files\QuickTime
2009-03-06 09:23   ---------   d-----w   c:\program files\iTunes
2009-03-03 07:46   ---------   d-----w   c:\program files\Reference Assemblies
2009-03-03 07:46   ---------   d-----w   c:\program files\MSBuild
2009-03-02 17:12   ---------   d-----w   c:\documents and settings\All Users\Application Data\Cached Installations
2009-02-27 19:38   ---------   d-----w   c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 10:00   ---------   d-----w   c:\program files\Paltalk Messenger
2009-02-26 16:16   12,552   ------w   c:\windows\system32\drivers\avgrkx86.sys
2009-02-26 16:16   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-02-23 19:10   ---------   d-----w   c:\documents and settings\All Users\Application Data\DriverCure
2009-02-23 17:42   ---------   d-----w   c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-02-23 17:34   ---------   d-----w   c:\documents and settings\HP_Administrator\Application Data\DriverCure
2009-02-23 17:32   ---------   d-----w   c:\documents and settings\All Users\Application Data\ParetoLogic
2009-02-19 18:55   ---------   d-----w   c:\program files\ACW
2009-02-18 20:37   ---------   d-----w   c:\program files\reg cure
2009-02-10 00:10   ---------   d-----w   c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-02-09 21:29   ---------   d-----w   c:\program files\LimeWire
2007-02-01 04:24   22   -csh--w   c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-12-14 91440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Shortcut to SetPoint.exe.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-14 805392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - c:\program files\Billeo\billeo.exe [2007-08-31 1176840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 08:05 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Shortcut to SetPoint.exe.lnk]
backup=c:\windows\pss\Shortcut to SetPoint.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\m3SrchMn
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSASCui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwsoemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdateManager]
-r------- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E_FATIACA]
--------- 2005-02-07 20:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
-----c--- 2007-01-17 00:59 958464 c:\program files\Browser Mouse\MOffice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--------- 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWuSchd2]
--------- 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
-----c--- 2004-07-27 23:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
-----c--- 2004-07-27 23:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--------- 2007-01-12 03:12 244512 c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOffice]
-----c--- 2007-01-17 00:59 958464 c:\program files\Browser Mouse\MOffice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--------- 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
--------- 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2007-01-23 23:47 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
-----c--- 2004-12-14 02:23 663552 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remind_XP]
-----c--- 2004-12-14 02:23 663552 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-09 05:19 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-r------- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
-----c--- 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YahooMessenger]
-----c--- 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--------- 2005-05-03 11:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
-----c--- 2005-08-02 23:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDial]
-----c--- 2005-08-02 23:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ARPWRMSG]
-----c--- 2005-08-02 23:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KHALMNPR]
--------- 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--------- 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"WZCSVC"=2 (0x2)
"mnmsrvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"wuauserv"=2 (0x2)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-26 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-26 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-26 298264]
S2 mrtRate;mrtRate;

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\jusched.job
- c:\program files\Java\jre1.6.0_07\bin\jusched.exe []

2009-04-02 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

2009-04-07 c:\windows\Tasks\RegCure Program Check.job
- c:\documents and settings\HP_Administrator\Desktop\SYSTEM RESTORE\RegCure\RegCure.exe []

2009-03-06 c:\windows\Tasks\RegCure.job
- c:\documents and settings\HP_Administrator\Desktop\SYSTEM RESTORE\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar1.dll
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-bagent - \bagent.exe
MSConfigStartUp-DMAScheduler - c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PicasaMediaDetector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-QuickenScheduledUpdates - \bagent.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\progra~1\inbox\ssaver\CSSaver.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 21:23:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1934033104-4032786001-1496021485-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
c:\windows\system\hpsysdrv.exe
c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\windows\system32\ZoneLabs\updclient.exe
.
**************************************************************************
.
Completion time: 2009-04-07 21:27:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 04:27:17

Pre-Run: 221,289,791,488 bytes free
Post-Run: 221,174,652,928 bytes free

315 --- E O F --- 2009-03-05 14:52:04

bluesstrummer24 · « **Reply #20 on:** April 08, 2009, 02:59:37 AM »

Still cannot restore system

bluesstrummer24 · « **Reply #21 on:** April 08, 2009, 12:04:09 PM »

Hi Evil!! You see anything of interest in the Combofix log?
I can't thank you enough, for all this help!!

bluesstrummer24 · « **Reply #22 on:** April 08, 2009, 12:06:18 PM »

By the way Evil, great website!

evilfantasy · « **Reply #23 on:** April 08, 2009, 01:21:48 PM »

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services
mrtRate

:files
c:\windows\Tasks\ParetoLogic Registration.job
c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll
c:\windows\Tasks\RegCure Program Check.job
c:\documents and settings\HP_Administrator\Desktop\SYSTEM RESTORE\RegCure\RegCure.exe
c:\windows\Tasks\RegCure.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

bluesstrummer24 · « **Reply #24 on:** April 08, 2009, 01:45:49 PM »

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver mrtRate deleted successfully.
========== FILES ==========
c:\windows\Tasks\ParetoLogic Registration.job moved successfully.
File/Folder c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll not found.
c:\windows\Tasks\RegCure Program Check.job moved successfully.
File/Folder c:\documents and settings\HP_Administrator\Desktop\SYSTEM RESTORE\RegCure\RegCure.exe not found.
c:\windows\Tasks\RegCure.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF6A73.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF6B6B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF8773.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF878A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF9BCA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF9BE1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFB94F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFB968.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\;ord=821180493[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\ads[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\evilfantasy_wordpress_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\popup3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\rating_nine_os_x_browsers1[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\topic,80551.15[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\view_play_list[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\web-safety[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\wwf_merijn_org[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\kioskHandler[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\popup2[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\popuptest_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\results[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\showMessage[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\3-cleaner-settings[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\;ord=821164198[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\ads[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\india[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\installers-hall-of-shame[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\rotate2[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\browse[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\HistoryFrame_13.3.0215.0327[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\index[4].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\kioskHandler[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\searchMetric[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\st[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\topic,80551.msg533440[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\2618af90-2e02-48c3-bca6-58244d990f8c.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\bbe8eaf8-7e0a-49a4-ab30-48b6397cbd8b.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_74.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05470.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_123352

Files moved on Reboot...
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF6A73.tmp moved successfully.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF6B6B.tmp moved successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF8773.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF878A.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF9BCA.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF9BE1.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFB94F.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFB968.tmp not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\;ord=821180493[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\ads[2].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\ads[3].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\evilfantasy_wordpress_com[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\InboxLight[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\popup3[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\rating_nine_os_x_browsers1[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\topic,80551.15[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\view_play_list[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\web-safety[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZBOFN8GW\wwf_merijn_org[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\01[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\ads[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\iframe3[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\kioskHandler[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\popup2[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\popuptest_com[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\results[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN6WRL8T\showMessage[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\3-cleaner-settings[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\;ord=821164198[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\ads[2].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\ads[3].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\india[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\installers-hall-of-shame[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5Q7RJB8\rotate2[2].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\browse[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\HistoryFrame_13.3.0215.0327[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\InboxLight[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\index[4].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\kioskHandler[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\searchMetric[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\st[1] moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\st[2] moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\08H1BPTH\topic,80551.msg533440[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\WINDOWS\temp\2618af90-2e02-48c3-bca6-58244d990f8c.tmp moved successfully.
C:\WINDOWS\temp\bbe8eaf8-7e0a-49a4-ab30-48b6397cbd8b.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_74.dat not found!
File C:\WINDOWS\temp\ZLT05470.TMP not found!

evilfantasy · « **Reply #25 on:** April 08, 2009, 02:06:06 PM »

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

1. Double click OTMoveIt3.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

When finished exit out of OTMoveIt3

.
----------

Restart the computer.

Is System Restore working normally now?

bluesstrummer24 · « **Reply #26 on:** April 08, 2009, 03:20:29 PM »

It still, will not successfully restore the system, unless while in the safe mode.
i wonder if maybe there is an application running that prevents i from restoring. and that aplication is not running, when in the safe mode??

evilfantasy · « **Reply #27 on:** April 08, 2009, 03:30:29 PM »

Try this again now that we have cleaned up everything else.

Download systemrestore.reg to your Desktop right click the file and select merge.

Accept any warnings.

bluesstrummer24 · « **Reply #28 on:** April 08, 2009, 07:09:17 PM »

Still the same. GRRRR

evilfantasy · « **Reply #29 on:** April 08, 2009, 07:12:12 PM »

I'm sort of at a loss then.

Try going to Start > Run then type in sfc /scannow and click OK

Note the space between sfc and /scannow

bluesstrummer24 · « **Reply #30 on:** April 09, 2009, 04:24:35 PM »

Well Evil (Kevin) You've done way more for me, than i could have ever expected, and I can't thank you enough!
The main thing is, I feel much better now, knowing i do have a sytem restore just in case.
i downloaded a back up program (Idlebackup), I saw on you blog, and will do a complete back up also. (although I'm not sure I know how to do that) HEHEHEHE!
i HAVE A PET CARE BUSINESS AND i'D OFFER YOU A FREE DOG WALK, BUT WE DON"T COVER OAKLAHOMA. LOL

Thanks again Kevin

bluesstrummer24 · « **Reply #31 on:** April 10, 2009, 10:23:40 AM »

I TRIED TO RUN THE sfc /scannow , AND GOT THIS ERROR MESSAGE.

FILES REQUIRED FOR WINDOWS TO RUN PROPERLY, MUST BE COPIED TO THE DLL CACHE. INSERT WINDOWS XP SERVICE PACK 3 CD.

I DON'T HAVE THIS CD. I UPDATED THE SERVICE PACK 3

evilfantasy · « **Reply #32 on:** April 10, 2009, 12:15:50 PM »

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 3, Fix Windows Update.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

.
Is the problem fixed?

bluesstrummer24 · « **Reply #33 on:** April 10, 2009, 01:27:34 PM »

does this normally take a long time? its been running for a hlf hour.

evilfantasy · « **Reply #34 on:** April 10, 2009, 01:29:06 PM »

It shouldn't take too long.

I want to check for malware again just to be sure.

Update Malwarebytes' Anti-Malware and run a Full scan

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform full scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

bluesstrummer24 · « **Reply #35 on:** April 10, 2009, 01:31:38 PM »

should i do this while the fix is running. by the way, i got 3 errors so far

evilfantasy · « **Reply #36 on:** April 10, 2009, 01:34:08 PM »

No not while it is running. Can you tell me what stage it is stuck on? 1, 2, 3, 4 or 5?

bluesstrummer24 · « **Reply #37 on:** April 10, 2009, 01:36:05 PM »

uhoh too late both running

evilfantasy · « **Reply #38 on:** April 10, 2009, 01:37:57 PM »

That's OK. They shouldn't interfere with each other.

What stage is Dial-a-fix on?

bluesstrummer24 · « **Reply #39 on:** April 10, 2009, 01:39:52 PM »

stopped the maleay scan. the fixall program has been in the stop services of section 4 SSS/HTTPS FOREVER

evilfantasy · « **Reply #40 on:** April 10, 2009, 01:41:24 PM »

OK you can stop Dial-a-fix. Then uncheck section 4 and run it again. It should only take a few minutes at most to complete. let me know any errors.

bluesstrummer24 · « **Reply #41 on:** April 10, 2009, 01:42:02 PM »

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
[email protected] and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 7.0.5730.11
MPC: 76487-OEM
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ (~2200MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 8/2/2006
Memory (approx): 958MB
Uptime: 4 hour(s)
Current directory: C:\Documents and Settings\HP_Administrator\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---

4/10/2009 12:17:28 PM -- Dial-a-fix : [v0.60.0.24] -- started
12:17:28 PM | Policy scan started
12:17:28 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
12:17:57 PM | Deleting C:\Documents and Settings\HP_Administrator\Local Settings\temp...
12:17:57 PM | C:\Documents and Settings\HP_Administrator\Local Settings\temp could not be completely emptied, please reboot and try again
12:17:57 PM | Deleting C:\WINDOWS\temp...
12:17:57 PM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
12:17:57 PM | Deleting C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp...
12:17:58 PM | C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
12:17:59 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
12:18:08 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
12:18:08 PM | Registered: C:\WINDOWS\system32\msxml.dll
12:18:08 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
12:18:08 PM | Registered: C:\WINDOWS\system32\msxml2.dll
12:19:50 PM | Error during unregistration of C:\WINDOWS\system32\msxml3.dll - version: . The error returned is: Unspecified error
(-2147467259)
12:21:23 PM | Error during registration of C:\WINDOWS\system32\msxml3.dll - version: . The error returned is: Access is denied.
(-2147024891)
12:21:23 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
12:21:23 PM | Registered: C:\WINDOWS\system32\msxml4.dll
12:21:23 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
12:21:23 PM | Registered: C:\WINDOWS\system32\qmgr.dll
12:21:24 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
12:21:24 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
12:21:24 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
12:21:24 PM | Registered: C:\WINDOWS\system32\muweb.dll
12:21:24 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:21:24 PM | Registered: C:\WINDOWS\system32\winhttp.dll
12:23:02 PM | Error during registration of C:\WINDOWS\system32\wuapi.dll - version: 7.2.6001.788. The error returned is: Access is denied.
(-2147024891)
12:23:03 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
12:23:04 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
12:23:04 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\wucltui.dll
12:23:04 PM | Unregistered: C:\WINDOWS\system32\wups.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\wups.dll
12:23:04 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\wups2.dll
12:23:04 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\wuweb.dll
12:23:04 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---

evilfantasy · « **Reply #42 on:** April 10, 2009, 01:43:38 PM »

OK run it again without option 4 checked.

bluesstrummer24 · « **Reply #43 on:** April 10, 2009, 01:46:09 PM »

i rerean it again without sec. 4. here is the log. it did finish
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
[email protected] and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 7.0.5730.11
MPC: 76487-OEM
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ (~2200MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 8/2/2006
Memory (approx): 958MB
Uptime: 4 hour(s)
Current directory: C:\Documents and Settings\HP_Administrator\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---

4/10/2009 12:43:05 PM -- Dial-a-fix : [v0.60.0.24] -- started
12:43:05 PM | Policy scan started
12:43:05 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
12:43:29 PM | Deleting C:\Documents and Settings\HP_Administrator\Local Settings\temp...
12:43:29 PM | C:\Documents and Settings\HP_Administrator\Local Settings\temp could not be completely emptied, please reboot and try again
12:43:29 PM | Deleting C:\WINDOWS\temp...
12:43:29 PM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
12:43:29 PM | Deleting C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp...
12:43:29 PM | C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
12:43:30 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
12:43:39 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
12:43:39 PM | Registered: C:\WINDOWS\system32\msxml.dll
12:43:39 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
12:43:40 PM | Registered: C:\WINDOWS\system32\msxml2.dll
12:43:44 PM | Error during unregistration of C:\WINDOWS\system32\msxml3.dll - version: . The error returned is: Unspecified error
(-2147467259)
12:43:46 PM | Error during registration of C:\WINDOWS\system32\msxml3.dll - version: . The error returned is: Access is denied.
(-2147024891)
12:43:46 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
12:43:46 PM | Registered: C:\WINDOWS\system32\msxml4.dll
12:43:47 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
12:43:47 PM | Registered: C:\WINDOWS\system32\qmgr.dll
12:43:47 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
12:43:47 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
12:43:47 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
12:43:47 PM | Registered: C:\WINDOWS\system32\muweb.dll
12:43:47 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:43:47 PM | Registered: C:\WINDOWS\system32\winhttp.dll
12:43:49 PM | Error during registration of C:\WINDOWS\system32\wuapi.dll - version: 7.2.6001.788. The error returned is: Access is denied.
(-2147024891)
12:43:49 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
12:43:50 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
12:43:50 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\wucltui.dll
12:43:50 PM | Unregistered: C:\WINDOWS\system32\wups.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\wups.dll
12:43:50 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\wups2.dll
12:43:50 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\wuweb.dll
12:43:50 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- Registration: ActiveX controls/codecs ---
12:43:54 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
12:43:54 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
12:43:54 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
12:43:55 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
12:43:55 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
12:43:55 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
12:43:55 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
12:43:55 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
12:43:56 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
12:43:56 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
12:43:56 PM | Registered: C:\WINDOWS\system32\tdc.ocx
12:43:57 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
12:43:58 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
12:43:58 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
12:43:58 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
12:43:58 PM | Registered: C:\WINDOWS\system32\quartz.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\danim.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\dmscript.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
12:43:59 PM | Registered: C:\WINDOWS\system32\atl.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\corpol.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\jscript.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\dispex.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\scrrun.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\scrobj.dll
12:43:59 PM | Registered: C:\WINDOWS\system32\vbscript.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
12:44:00 PM | Registered: C:\WINDOWS\system32\activeds.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\audiodev.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\browsewm.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\cabview.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\cdfview.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\comcat.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\cscui.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\credui.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\datime.dll
12:44:00 PM | Registered: C:\WINDOWS\system32\devmgr.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dmloader.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dmocx.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dmview.ocx
12:44:01 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
12:44:01 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dsquery.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
12:44:01 PM | Registered: C:\WINDOWS\system32\els.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\es.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\fontext.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\hlink.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\iepeers.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\ils.dll
12:44:02 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
12:44:03 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
12:44:03 PM | Registered: C:\WINDOWS\system32\laprxy.dll
12:44:03 PM | Registered: C:\WINDOWS\system32\lmrt.dll
12:44:03 PM | Registered: C:\WINDOWS\system32\mlang.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\mscoree.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\msr2c.dll
12:44:04 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\mydocs.dll
12:44:04 PM | Registered: C:\WINDOWS\system32\mstime.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
12:44:05 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\netman.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\netshell.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
12:44:05 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
12:44:05 PM | DllInstalled: C:\WINDOWS\system32\occache.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\occache.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\ole32.dll
12:44:05 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\oleacc.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\olepro32.dll
12:44:06 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\photowiz.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\remotepg.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\rshx32.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\sendmail.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
12:44:06 PM | Registered: C:\WINDOWS\system32\shell32.dll
12:44:10 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
12:44:11 PM | Registered: C:\WINDOWS\system32\shmedia.dll
12:44:11 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
12:44:11 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
12:44:11 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
12:44:11 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
12:44:11 PM | Registered: C:\WINDOWS\system32\srclient.dll
12:44:11 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
12:44:11 PM | Registered: C:\WINDOWS\system32\stobject.dll
12:44:11 PM | Registered: C:\WINDOWS\system32\twext.dll
12:44:12 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
12:44:12 PM | Registered: C:\WINDOWS\system32\urlmon.dll
12:44:12 PM | Registered: C:\WINDOWS\system32\userenv.dll
12:44:12 PM | Registered: C:\WINDOWS\system32\winhttp.dll
12:44:13 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
12:44:13 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
12:44:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
12:44:14 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
12:44:15 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
12:44:15 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
12:44:15 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

bluesstrummer24 · « **Reply #44 on:** April 10, 2009, 01:47:48 PM »

now running malware scan

bluesstrummer24 · « **Reply #45 on:** April 10, 2009, 01:51:02 PM »

should i reboot before i do the malware scan?

evilfantasy · « **Reply #46 on:** April 10, 2009, 01:56:16 PM »

OK waiting on the MBAM scan.

bluesstrummer24 · « **Reply #47 on:** April 10, 2009, 02:41:14 PM »

malware scan still scaning

bluesstrummer24 · « **Reply #48 on:** April 10, 2009, 02:43:55 PM »

I'm afraid that whenever i restart. It's not going to restart. Lol

bluesstrummer24 · « **Reply #49 on:** April 10, 2009, 02:49:12 PM »

Malwarebytes' Anti-Malware 1.36
Database version: 1962
Windows 5.1.2600 Service Pack 3

4/10/2009 1:48:09 PM
mbam-log-2009-04-10 (13-48-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148991
Time elapsed: 34 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

evilfantasy · « **Reply #50 on:** April 10, 2009, 02:50:09 PM »

Download DDS by sUBs and save it to your Desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or forewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs:

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

bluesstrummer24 · « **Reply #51 on:** April 10, 2009, 02:59:26 PM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2007 10:20:37 PM
System Uptime: 4/10/2009 8:09:20 AM (5 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 206.475 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.557 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is FIXED (FAT32) - 112 GiB total, 111.694 GiB free.
L: is Removable
M: is FIXED (NTFS) - 466 GiB total, 417.383 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

==== System Restore Points ===================

RP18: 4/8/2009 4:30:21 PM - System Checkpoint
RP19: 4/8/2009 4:31:26 PM - fold
RP20: 4/8/2009 4:38:50 PM - Restore Operation
RP21: 4/8/2009 4:44:36 PM - cleanest
RP22: 4/9/2009 5:48:09 PM - AFTER NEW BACKUP PROGRAM
RP23: 4/9/2009 5:57:09 PM - Removed Citrix XenApp Web Plugin
RP24: 4/9/2009 8:17:35 PM - Installed Citrix XenApp Web Plugin

==== Installed Programs ======================

Adaptec UDF Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AnswerWorks 4.0 Runtime - English
AT&T Yahoo! Applications
AT&T Yahoo! DSL Activation
AVG 8.5
Browser Mouse
CCleaner (remove only)
CCScore
CDDRV_Installer
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
EPSON Printer Software
EPSON Scan
erLT
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Free Password Manager Plus
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Product Detection
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
Idlebackup 1.16
Instant Housecall - Specialist Sign-in
Java(TM) 6 Update 13
kgcbase
kgcmove
kgcvday
KhalInstallWrapper
Kodak EasyShare software
LightScribe 1.4.105.1
LimeWire 4.16.6
Logitech Communications Manager
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
netbrdg
NVIDIA Drivers
OfotoXMI
Paltalk Messenger Interop
PaltalkScene
PC-Doctor 5 for Windows
Picasa 2
QuickBooks Pro 2008
Quicken 2007
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
staticcr
Super GameHouse Solitaire Vol. 1
SUPERAntiSpyware Free Edition
tooltips
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
VC 9.0 Runtime
Viewpoint Media Player
VPRINTOL
WD Diagnostics
WebFldrs XP
WexTech AnswerWorks
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

==== Event Viewer Messages From Past Week ========

4/5/2009 7:34:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 szkg
4/5/2009 7:33:53 AM, error: Service Control Manager [7000] - The ucyvusjw service failed to start due to the following error: The system cannot find the file specified.
4/5/2009 7:33:53 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
4/3/2009 10:32:17 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2009 4:25:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/5/2009 4:31:55 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/6/2009 6:56:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2009 6:56:49 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2009 6:56:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL szkg Tcpip vsdatant
4/6/2009 6:57:26 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
4/7/2009 10:13:50 AM, error: System Error [1003] - Error code 100000be, parameter1 f39bef08, parameter2 11a81121, parameter3 f2378708, parameter4 0000000b.
4/7/2009 9:17:38 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:39 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/7/2009 9:17:39 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/7/2009 9:17:42 PM, error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:42 PM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:42 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:44 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:44 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
4/7/2009 9:17:44 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:44 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s).
4/7/2009 9:17:47 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/7/2009 9:17:47 PM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/7/2009 9:17:47 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/9/2009 9:00:19 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0018F394550F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/10/2009 9:17:56 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
4/10/2009 9:20:25 AM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
4/10/2009 9:20:26 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is HP_Administrator.

==== End Of File ===========================

bluesstrummer24 · « **Reply #52 on:** April 10, 2009, 03:00:52 PM »

DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 13:58:04.43 on Fri 04/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.386 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\rsmsink.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
c:\program files\billeo\billeo.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU"
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: cgini.com\citrix
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-26 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-26 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-30 353672]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-26 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-10 12:09   <DIR>   --d-h---   c:\program files\WindowsUpdate
2009-04-10 09:18   66,048   ac------   c:\windows\system32\dllcache\OLD26.tmp
2009-04-10 09:18   2,189,184   ac------   c:\windows\system32\dllcache\OLD22.tmp
2009-04-09 20:17   <DIR>   --d-----   c:\program files\Citrix
2009-04-09 17:49   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Instant Housecall
2009-04-09 14:57   <DIR>   --d-----   c:\program files\Idlebackup
2009-04-08 10:14   104   a-------   c:\windows\Internet Explorer.lnk
2009-04-07 10:03   30,136   a-------   c:\windows\system32\drivers\rspSanity32.sys
2009-04-05 15:56   <DIR>   --d-----   c:\program files\CCleaner
2009-04-03 09:32   <DIR>   --d-----   c:\program files\Belarc
2009-04-02 13:54   <DIR>   --d-----   c:\program files\Trend Micro
2009-04-02 13:06   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-04-02 13:06   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-04-02 13:06   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 13:05   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-04-02 13:05   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-02 12:01   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-02 12:01   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-04-02 12:01   <DIR>   --d-----   c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-04-02 11:57   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-03-30 18:43   1,221,512   a-------   c:\windows\system32\zpeng25.dll
2009-03-30 18:43   <DIR>   --d-----   c:\windows\system32\ZoneLabs
2009-03-30 18:43   <DIR>   --d-----   c:\program files\Zone Labs
2009-03-30 18:43   350,192   a-------   c:\windows\system32\vsconfig.xml
2009-03-30 10:21   <DIR>   --d-----   c:\program files\AskBarDis
2009-03-17 02:30   <DIR>   --d-----   c:\program files\Jetico
2009-03-15 14:40   <DIR>   --d-----   c:\windows\system32\IOSUBSYS

==================== Find3M ====================

2009-03-30 18:44   4,212   a---h---   c:\windows\system32\zllictbl.dat
2009-03-24 09:39   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
2009-03-13 08:05   325,640   a-------   c:\windows\system32\drivers\avgldx86.sys
2009-03-13 08:05   10,520   a-------   c:\windows\system32\avgrsstx.dll
2009-03-09 05:19   410,984   a-------   c:\windows\system32\deploytk.dll
2009-03-03 00:03   208,896   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2009-03-03 00:03   45,056   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-03-03 00:03   341,048   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-03-03 00:03   44,032   -c------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-03-03 00:03   163,840   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-03-03 00:03   61,440   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-03-03 00:03   40,960   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-03-03 00:03   32,768   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-03-03 00:03   32,768   --------   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-02-26 09:16   12,552   --------   c:\windows\system32\drivers\avgrkx86.sys
2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
2009-02-09 04:13   1,846,784   --------   c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35   3,594,752   --------   c:\windows\system32\dllcache\mshtml.dll
2007-01-31 21:24   22   -c-sh---   c:\windows\sminst\HPCD.sys

============= FINISH: 13:58:24.49 ===============

evilfantasy · « **Reply #53 on:** April 10, 2009, 03:05:00 PM »

Can you get to Windows Updates run them? www.windowsupdate.microsoft.com.com (you need to use IE)

bluesstrummer24 · « **Reply #54 on:** April 10, 2009, 03:08:17 PM »

install any windows updates?

bluesstrummer24 · « **Reply #55 on:** April 10, 2009, 03:11:37 PM »

no critical updates. just some software & hardware updates. Should i install these?

evilfantasy · « **Reply #56 on:** April 10, 2009, 03:12:01 PM »

Yes and then try to set a restore point to see if it is working now.

bluesstrummer24 · « **Reply #57 on:** April 10, 2009, 03:22:20 PM »

updates done. asking me to reboot. should i?

bluesstrummer24 · « **Reply #58 on:** April 10, 2009, 03:31:51 PM »

ok, i updated and rebooted and my screen is really messed up. i think one of the updates was a video driver update ndiv? grr

evilfantasy · « **Reply #59 on:** April 10, 2009, 03:36:17 PM »

Can you do a system restore?

bluesstrummer24 · « **Reply #60 on:** April 10, 2009, 04:04:22 PM »

no i can't. i did see a messege saying do you want windows to fix display settings. i clicked yes, but nothing happened. i'm going to try a safe mode restore.

bluesstrummer24 · « **Reply #61 on:** April 11, 2009, 01:49:26 PM »

hi evil I had to download a new driver to get my display back. System restore in the safe mode still works, so i better quit while i'm ahead.

evilfantasy · « **Reply #62 on:** April 11, 2009, 01:55:30 PM »

OK while you are at a point that is working lets try to finish this up now.

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

bluesstrummer24 · « **Reply #63 on:** April 11, 2009, 08:48:59 PM »

OK, all the above done except the update scanner wouldnt download said my java wasn't current. but i checked and it is.
again, Thanks so much Evil.
i believe my system restore was infected from a virus i got downloading a song on limewire. i stopped cleaned quarenteened and deleted the virus, but I think the damage was done.

Computer Hope Forum

News:

Author Topic: System restore software (Read 59726 times)

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

bluesstrummer24

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24

bluesstrummer24

evilfantasy

bluesstrummer24