Spybot & AVG8.5 wont scan,cant save HJT,ERUNT,Malwarebytes

[IndiGenus]

Hi Dorothy,

I'm afraid I am going to need to send you to your friends again to make another download. AVG has a removal tool and I'd like to try that. Get it from the following link:

http://www.avg.com/us-en/download-tools

First one on the list should be for you.

AVG Remover(32bit)
(avgremover.exe)

Try that and see if we can't get AVG out of there.

There is also another tool called Revo uninstaller. You may want to go ahead and download that too while you're there. I would try that next.

http://www.revouninstaller.com/revo_..._download.html

Question.....are you using IE to download? Do you have Firefox? Or another browser you could try?

[northernunicorn]

Hi IndiGenus

Hi Dorothy,
I'm afraid I am going to need to send you to your friends again to make another download. AVG has a removal tool and I'd like to try that...
Try that and see if we can't get AVG out of there.

Since I had the Free version of AVG8.5 I went to that site to get the removal tool.
I followed the sticky instructions at the AVG Free Forums-a sticky titled AVG8x Uninstall/Re-Install Instructions.

http://www.avg.com/filedir/util/supp...remover_en.exe

and saved it to my CD. Then I copied it to my desktop and ran it.

I had previously clicked on the link to download the latest installation file and saved it to my CD as well.
The latest version is for AVG Free 9.

The instructions advise to disable protection software.
In post#18 re ComboFix instructions, you had provided a link How to disable Security programs so that came in handy
I hadn't been doing that before...never thought of it.
I also unchecked UAC-User Account Controlas well

Since AVG9 Free , went on so well, I got a brainstorm to try to reinstall Spybot-Search and Destroy 1.6.2 version that was giving me that "you dont have the correct permissions message".

I found in Program Files the Spybot app, copy/pasted it to my desktop and reinstalled Spybot.
I followed the install instruction wizard,and was able to do all the steps asked, including update & immunize

After reactivating protection and Security programs, including UAC, and several restarts as instructed, I tried the true test of downloading & saving to my desktop.
I went back thru our posts and chose link for TFC.

*****It worked At last
Hope it's ok I gave you a big long story I feel so good I had to share it.
You were right...corrupted install of AVG.

I still have to do full AVG and Spybot scans but I've set them to do over night.

Please let me know what clean-up things I have to do and what app's I need to keep and what ones I can dispose.


****For all your patience & help from Dorothy

[northernunicorn]

Hi IndiGenus

Sorry...forgot to answer your question re: Browser

I'm using Internet Explorer8.

My son & I occasionally use Yahoo when checking e-mail. Mostly, though, we use Internet Explorer
We dont have ICQ. Firefox was removed I think

Thanks again from Dorothy

[IndiGenus]

Hi Dorothy,

Sorry for the delay. I'm glad things are running better. I think one more scan is in order to make sure we're all clean.

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Click on the Accept button and install any components it needs.
• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

In your next reply post:
Kaspersky log
New DDS log taken after the above scan has run

[northernunicorn]

Hi IndiGenus:

Hi Dorothy,
Sorry for the delay. I'm glad things are running better. I think one more scan is in order to make sure we're all clean.
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.
Please do a scan with Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

I was unable to do this scan.
A message came up saying the scan version was being updated & improved.

At the other link, data seemed to down load, but then an error message came up telling me to go to the Kaspersky Lab site and I saw the above message again. :(

What's your suggestion?

I did a scan with Spybot and with AVG9 Free

Spybotreported no spyware.Congratulations
Love that cute message

AVG reported a virus re: exeHelper.com

That was a tool you had asked me to use & it's still on my desktop.
I was waiting for you to tell me when to delete it.

Here is the report file

Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Virus found Downloader.Banload;"C:\Users\JeffandMom\Desktop\exeHelper stuff\exeHelper.com";"Infected";"27/10/2009, 1:27:32 PM";"file";"C:\Windows\System32\svchost.exe"
Virus found Downloader.Banload;"C:\Users\JeffandMom\Desktop\exeHelper stuff\exeHelper.com";"Infected";"25/10/2009, 2:32:27 AM";"file";"C:\Windows\System32\svchost.exe"

The item was moved to AVG Virus vault Sept.27/09
path to file:

C:\Users\JeffandMom\Desktop\exeHelper stuff\exeHelper.com

My Computer is running fine.
Please let me know what you'd like me to do next.

from Dorothy

[IndiGenus]

It's normal for many of the AntiVirus scanners to detect our tools as bad, just by their nature. Let's see if we can get another online scanner to work.

Eset Online Scanner
Run with Internet Explorer

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button, or click the notification bar at the top of the window and choose to install.
• Click Start. The scanner engine will initialize and update.
• Do Not place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes click the Details tab.
• Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

[northernunicorn]

Hi IndiGenus

Wasnt sure if you still wanted to see a DDS log but here is.

from Dorothy

DDS Log


DDS (Ver_09-10-13.01) - NTFSx86
Run by JeffandMom at 19:27:36.96 on 28/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.113 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JeffandMom\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1.2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1.2\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll,avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-24 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-24 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-24 285392]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy162\SDWinSec.exe [2009-2-13 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-27 21504]

=============== Created Last 30 ================

2009-10-27 23:36 <DIR> --d----- c:\program files\Windows Portable Devices
2009-10-27 23:36 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 21:57 92,672 a------- c:\windows\system32\UIAnimation.dll
2009-10-27 21:57 3,023,360 a------- c:\windows\system32\UIRibbon.dll
2009-10-27 21:57 1,164,800 a------- c:\windows\system32\UIRibbonRes.dll
2009-10-27 21:55 81,920 a------- c:\windows\system32\wpdbusenum.dll
2009-10-27 21:53 4,096 a------- c:\windows\system32\oleaccrc.dll
2009-10-27 21:53 555,520 a------- c:\windows\system32\UIAutomationCore.dll
2009-10-27 21:53 234,496 a------- c:\windows\system32\oleacc.dll
2009-10-27 21:46 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-27 21:46 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-24 22:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy1.6.2
2009-10-24 19:11 <DIR> --d-h--- C:\$AVG
2009-10-24 19:11 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-10-24 19:11 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 19:10 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 19:10 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-24 19:09 <DIR> --d----- c:\program files\AVG
2009-10-24 19:09 <DIR> --d----- c:\programdata\avg9
2009-10-24 19:09 <DIR> --d----- c:\progra~2\avg9
2009-10-24 17:55 <DIR> --d----- C:\AVGTemp
2009-10-24 16:52 <DIR> --d----- c:\users\jeffan~1\appdata\roaming\Malwarebytes
2009-10-24 16:52 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 16:52 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-24 16:52 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-24 16:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 16:52 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-23 13:44 <DIR> --ds---- C:\ComboFix
2009-10-19 13:13 236,544 a------- c:\windows\PEV.exe
2009-10-19 13:13 161,792 a------- c:\windows\SWREG.exe
2009-10-19 13:13 98,816 a------- c:\windows\sed.exe
2009-10-14 23:59 <DIR> --d----- c:\program files\ESET
2009-10-13 23:33 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 23:33 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-13 23:33 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-13 23:30 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 14:35 <DIR> --d----- c:\users\jeffan~1\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-03 01:51 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-27 23:36 665,600 a------- c:\windows\inf\drvindex.dat
2009-10-27 23:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-27 23:36 86,016 a------- c:\windows\inf\infstor.dat
2009-10-27 23:36 51,200 a------- c:\windows\inf\infpub.dat
2009-09-30 21:02 2,537,472 a------- c:\windows\system32\wpdshext.dll
2009-09-30 21:02 30,208 a------- c:\windows\system32\WPDShextAutoplay.exe
2009-09-30 21:02 334,848 a------- c:\windows\system32\PortableDeviceApi.dll
2009-09-30 21:02 87,552 a------- c:\windows\system32\WPDShServiceObj.dll
2009-09-30 21:02 31,232 a------- c:\windows\system32\BthMtpContextHandler.dll
2009-09-30 21:01 546,816 a------- c:\windows\system32\wpd_ci.dll
2009-09-30 21:01 160,256 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-09-30 21:01 350,208 a------- c:\windows\system32\WPDSp.dll
2009-09-30 21:01 196,608 a------- c:\windows\system32\PortableDeviceWMDRM.dll
2009-09-30 21:01 100,864 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-30 21:01 60,928 a------- c:\windows\system32\PortableDeviceConnectApi.dll
2009-09-24 22:10 974,848 a------- c:\windows\system32\WindowsCodecs.dll
2009-09-24 22:07 189,440 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-09-24 22:04 321,024 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-24 21:49 1,554,432 a------- c:\windows\system32\xpsservices.dll
2009-09-24 21:48 351,232 a------- c:\windows\system32\XpsPrint.dll
2009-09-24 21:38 847,360 a------- c:\windows\system32\OpcServices.dll
2009-09-24 21:36 280,064 a------- c:\windows\system32\XpsGdiConverter.dll
2009-09-24 21:35 135,680 a------- c:\windows\system32\XpsRasterService.dll
2009-09-24 21:33 195,584 a------- c:\windows\system32\dxdiagn.dll
2009-09-24 21:33 829,440 a------- c:\windows\system32\d3d10warp.dll
2009-09-24 21:33 369,664 a------- c:\windows\system32\WMPhoto.dll
2009-09-24 21:32 252,928 a------- c:\windows\system32\dxdiag.exe
2009-09-24 21:31 519,680 a------- c:\windows\system32\d3d11.dll
2009-09-24 21:31 486,912 a------- c:\windows\system32\d3d10level9.dll
2009-09-24 21:31 161,280 a------- c:\windows\system32\d3d10_1.dll
2009-09-24 21:31 218,112 a------- c:\windows\system32\d3d10_1core.dll
2009-09-24 21:31 1,030,144 a------- c:\windows\system32\d3d10.dll
2009-09-24 21:31 828,928 a------- c:\windows\system32\d2d1.dll
2009-09-24 21:30 481,792 a------- c:\windows\system32\dxgi.dll
2009-09-24 21:30 190,464 a------- c:\windows\system32\d3d10core.dll
2009-09-24 21:27 634,880 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-24 21:27 1,064,448 a------- c:\windows\system32\DWrite.dll
2009-09-24 21:27 793,088 a------- c:\windows\system32\FntCache.dll
2009-09-24 21:27 37,888 a------- c:\windows\system32\cdd.dll
2009-09-24 18:54 258,048 a------- c:\windows\system32\winspool.drv
2009-09-24 18:54 667,648 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 18:54 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 08:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2008-09-28 02:27 174 a--sh--- c:\program files\desktop.ini
2007-09-24 21:32 774,144 a------- c:\program files\RngInterstitial.dll
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:28:16.64 ===============

[IndiGenus]

DDS looks okay. See if you can get the ESET scanner to work and post that log.

[northernunicorn]

Hi IndiGenus

The ESET Scan found no threats.
Here is the log:

Thanks from Dorothy

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=f2c3d8d207ce1f488380feae0d436d8a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-29 12:47:31
# local_time=2009-10-28 08:47:31 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5889 61 66 100 560489327118192
# scanned=116062
# found=0
# cleaned=0
# scan_time=3068

[IndiGenus]

Hi Dorothy,

I think we're all done. Just need to clean up and advise some updates and protection.

You can remove the following programs we used:

Win32Diag.exe
RootRepeal
DDS
exeHelper

Uninstall Combofix

• Click START then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

The above procedure will:

• Delete the following: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u16-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586-p.exe and select "Run as an Administrator.")

~~~~~~~~~~~~~~~~~~~~~~~~

In addition to updating and using what you currently have you may want to consider the following:

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install Winpatrol -
Use Winpatrol to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here

Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Keep your applications up to date -
Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.

I'll leave the thread open a few days in case you have questions or issues.

Regards,
Dave