PDA

View Full Version : Computer extra slow, can't update virus protection. Please help!



dvdsforme
2010-06-22, 22:24
DDS (Ver_10-03-17.01) - NTFSx86
Run by Test at 12:17:51.32 on Tue 06/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.435 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\P1370Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Test.OFFICEDELL\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.rr.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:1055
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ehabkbdjtu] c:\documents and settings\test.officedell\local settings\application data\yuxakpwh\dybrbqi.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [P1370Mon.exe] c:\windows\P1370Mon.exe
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ehabkbdjtu] c:\documents and settings\test.officedell\local settings\application data\yuxakpwh\dybrbqi.exe
StartupFolder: c:\docume~1\test~1.off\startm~1\programs\startup\backup.lnk - c:\documents and settings\test.officedell\my documents\Backup.bat
StartupFolder: c:\docume~1\test~1.off\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ameritrade.com
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155578698359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186502796875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\test~1.off\applic~1\mozilla\firefox\profiles\sxj2yv7u.default\
FF - prefs.js: browser.search.selectedengine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\test.officedell\application data\mozilla\firefox\profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [2007-6-5 25344]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-20 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-20 56816]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-16 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-16 36608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-13 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-22 30192]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2009-4-26 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2009-4-26 4992]
S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2009-4-26 6272]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2009-4-26 297792]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-4 1174664]

=============== Created Last 30 ================

2010-06-22 18:30:16 0 d-----w- c:\program files\My.Freeze.com NetAssistant
2010-06-22 18:30:15 0 d-----w- c:\docume~1\test~1.off\applic~1\ErrorSmart
2010-06-22 17:03:56 0 dc-h--w- c:\windows\ie8
2010-06-08 19:15:15 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-05-06 10:41:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-06 10:41:50 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-09 20:48:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2010-04-03 23:11:34 249856 ------w- c:\windows\Setup1.exe
2010-04-03 23:11:33 73216 ----a-w- c:\windows\ST6UNST.EXE
2007-07-10 03:21:08 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-07-10 03:11:02 56 --sh--r- c:\windows\system32\539204235B.sys
2008-09-23 23:11:01 88 --sh--r- c:\windows\system32\5B23049253.sys
2008-09-23 23:11:04 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-12 02:16:57 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-07-03 18:58:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070320080704\index.dat
2009-07-20 19:02:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-20 19:02:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-20 19:02:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 12:18:49.85 ===============
5200

ken545
2010-06-27, 12:40
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Sorry for the delay but the forums get busy most times. You do have some malware activity going on.


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

dvdsforme
2010-06-28, 00:07
Thank you so much for responding, here is the log. PLease let me know what to do next.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4247

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/27/2010 2:07:12 PM
mbam-log-2010-06-27 (14-07-12).txt

Scan type: Quick scan
Objects scanned: 155344
Time elapsed: 9 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware337 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Test.OFFICEDELL\Application Data\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Test.OFFICEDELL\Application Data\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Test.OFFICEDELL\Application Data\ErrorSmart\Log\2007 Dec 28 - 01_22_53 PM_171.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Test.OFFICEDELL\Application Data\ErrorSmart\Log\2007 Dec 28 - 01_22_58 PM_015.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

ken545
2010-06-28, 01:44
Hi,

ErrorSmart <-- This was the main culprit, but there could be more

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

dvdsforme
2010-06-28, 03:16
I disabled all Anti Virus programs and tried to disable all firewalls, but both Windows and Combfix is tellling me I am running McAfee VirusScan. I don't even see McAfee on my computer. Went to the control panel under "Add and remove programs" and couldn't find McAfee there either. Should I proceed with Combofix anyway?

ken545
2010-06-28, 04:11
You may have that installed at one time but I dont see it installed now so go ahead and run Combofix

dvdsforme
2010-06-28, 04:55
HELP! I just ran combofix and around stage 50 the computer froze and I now have a blue screen with the following error message;

A problem has been detected and Windows has been shut down to prevent damage
to your computer.

BAD_POOL_CALLER

If this is the first time you've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure that any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use Safe Mode to remove or disable components restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical information;

*** STOP; 0x000000c2 (0x00000007,0x000000CD4,0x00030003,0x86037140)

What do I do now? Leaving it frozen until I hear from you.

ken545
2010-06-28, 11:23
Hi,

That could be a memory error or a possibly some sort of hardware failure, it can be caused by many things.


Press the power button and hold it in for 5 seconds or more until the computer shuts down , wait a few minutes for all the programs in memory to flush all out and then restart the computer normally and see what happens.


If it wont start than boot to Last Known Good Configuration

To Access Last Known Good

Go to Start> Shut off your Computer> Restart
Or if the computer is off press the power button
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

dvdsforme
2010-06-28, 19:57
Combofix got threw all the stages, went to fix the problems and I got the same Blue error screen.

Do I run Combofix in Safe Mode?

ken545
2010-06-28, 20:18
Hi,

C:\ComboFix.txt <--First go here and see if it created a report , if so post it please , if not than run CF in Safemode


I would also like you to post at our sister site for the error your getting, this is a windows forum, like Safer its free but you will need to register, when you do link me to the thread so I can follow along and offer my thoughts to it.
http://forums.whatthetech.com/Microsoft_Windows_f119.html

dvdsforme
2010-06-28, 20:50
http://forums.whatthetech.com/Blue_Screen_Error_Message_t112873.html

dvdsforme
2010-06-28, 21:01
I ran combofix in safe mode and then again, after a reboot in regular mode. The run in regular mode went all the way to writing combofix.txt and then showed the blue error screen. There was a log so I'm pasting both.

First the log from the safe mode

ComboFix 10-06-27.06 - Test 06/28/2010 9:57.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.743 [GMT -7:00]
Running from: c:\documents and settings\Test.OFFICEDELL\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Zumie
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-22 19:15 . 2010-06-22 19:16 -------- d-----w- c:\program files\ERUNT
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- C:\wtwebdriver
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- C:\wtupdater
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- C:\WireControl
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- C:\4.1.1
2010-06-22 18:30 . 2004-05-24 20:37 159744 ----a-w- C:\rdriver.dll
2010-06-22 18:30 . 2004-05-24 20:37 167936 ----a-w- C:\jdriver.dll
2010-06-22 18:30 . 2010-06-22 19:11 -------- d-----w- c:\windows\wt
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- C:\webd
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- C:\DRM
2010-06-22 18:30 . 2005-06-13 20:10 71 ----a-w- C:\wt3d.dll
2010-06-22 18:30 . 2004-02-16 17:47 53248 ----a-w- C:\wtvh.dll
2010-06-22 18:30 . 2010-06-22 18:30 -------- d-----w- c:\program files\My.Freeze.com NetAssistant
2010-06-22 17:03 . 2010-06-22 17:06 -------- dc-h--w- c:\windows\ie8
2010-06-18 14:00 . 2010-06-18 14:00 862872 ------w- c:\documents and settings\Test.OFFICEDELL\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-06-17 03:23 . 2010-04-08 09:50 43008 ----a-w- c:\documents and settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-06-17 03:23 . 2010-04-08 09:50 1496064 ----a-w- c:\documents and settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-06-17 03:23 . 2010-04-08 09:50 338944 ----a-w- c:\documents and settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-06-17 03:23 . 2010-04-08 09:50 346112 ----a-w- c:\documents and settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-15 05:35 . 2010-06-16 23:03 -------- d-----w- c:\documents and settings\Test.OFFICEDELL\Local Settings\Application Data\yuxakpwh
2010-06-08 19:15 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 22:17 . 2010-06-05 13:00 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 16:36 . 2009-12-23 19:25 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-06-28 00:12 . 2007-07-22 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-27 20:54 . 2009-12-11 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 01:44 . 2006-08-14 19:30 -------- d-----w- c:\program files\Blue Cross Agent Assistant
2010-06-22 18:17 . 2007-06-05 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 17:24 . 2007-06-05 19:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 14:01 . 2009-01-26 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-18 14:01 . 2006-08-16 15:57 -------- d-----w- c:\program files\Yahoo!
2010-06-11 17:28 . 2006-08-14 18:40 -------- d-----w- c:\program files\ACT
2010-06-09 14:55 . 2006-08-01 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-09 14:43 . 2007-08-07 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-16 17:47 . 2010-05-16 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-05-16 17:47 . 2010-05-16 17:47 -------- d-----w- c:\documents and settings\Test.OFFICEDELL\Application Data\PC Suite
2010-05-16 17:45 . 2010-05-16 17:42 -------- d-----w- c:\program files\Samsung
2010-05-16 17:45 . 2010-05-16 17:43 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-16 17:45 . 2010-05-16 17:45 -------- d-----w- c:\program files\DIFX
2010-05-16 17:44 . 2010-05-16 17:44 -------- d-----w- c:\documents and settings\Test.OFFICEDELL\Application Data\Samsung
2010-05-16 17:43 . 2010-05-16 17:43 -------- d-----w- c:\program files\MarkAny
2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-12-11 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-11 19:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-03 23:11 . 2010-04-03 23:11 249856 ------w- c:\windows\Setup1.exe
2010-04-03 23:11 . 2010-04-03 23:11 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-31 07:16 . 2010-03-31 07:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 07:10 . 2010-03-31 07:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2007-07-10 03:21 . 2007-07-10 03:21 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-12-13 22:25 . 2009-12-13 22:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-10 03:11 . 2006-10-17 03:06 56 --sh--r- c:\windows\system32\539204235B.sys
2008-09-23 23:11 . 2006-10-25 03:48 88 --sh--r- c:\windows\system32\5B23049253.sys
2008-09-23 23:11 . 2006-10-17 03:06 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-11 21:45 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-05-21 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-02-22 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"P1370Mon.exe"="c:\windows\P1370Mon.exe" [2006-06-20 36864]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-11 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-13 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-28 198160]

c:\documents and settings\Test.OFFICEDELL\Start Menu\Programs\Startup\
BACKUP.lnk - c:\documents and settings\Test.OFFICEDELL\My Documents\Backup.bat [2007-6-29 943]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=c:\windows\pss\SideACT!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 22:18 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-13 22:25 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 15:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 22:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 07:21 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-04 22:17 491520 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 04:34 49152 ----a-w- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 01:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 09:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 18:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-22 21:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-28 06:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"gusvc"=2 (0x2)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ACT\\ActUpdt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:V NC

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [6/5/2007 12:06 PM 25344]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/20/2009 9:54 AM 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [5/16/2010 10:44 AM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2009 2:41 PM 133104]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [5/16/2010 10:44 AM 36608]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/22/2007 2:32 PM 30192]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [4/26/2009 2:38 PM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [4/26/2009 2:38 PM 4992]
S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [4/26/2009 2:38 PM 6272]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [4/26/2009 2:38 PM 297792]
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-22 20:08]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 21:41]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 21:41]

2010-06-27 c:\windows\Tasks\SHUTDOWN.job
- c:\windows\System32\shutdown.exe [2004-08-10 12:42]

2010-06-14 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-28 21:48]

2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{2F5AC97E-73BD-4C93-88A7-7BE1883162B2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:1055
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: ameritrade.com
FF - ProfilePath - c:\documents and settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\
FF - prefs.js: browser.search.selectedengine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-ehabkbdjtu - c:\documents and settings\test.officedell\local settings\application data\yuxakpwh\dybrbqi.exe
HKLM-Run-ehabkbdjtu - c:\documents and settings\test.officedell\local settings\application data\yuxakpwh\dybrbqi.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Iomega Automatic Backup Pro - c:\program files\Iomega\Automatic Backup Pro\LiveSystem.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-06-28 10:07:44
ComboFix-quarantined-files.txt 2010-06-28 17:07

Pre-Run: 32,113,549,312 bytes free
Post-Run: 32,149,794,816 bytes free

- - End Of File - - 1E1E4F950DB2BB4CD237078F4B20923F

dvdsforme
2010-06-28, 21:03
And now the log from normal mode just before the blue error message. PLease let me know what to do next.

ComboFix 10-06-27.06 - Test 06/28/2010 10:33:30.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.523 [GMT -7:00]
Running from: C:\Documents and Settings\Test.OFFICEDELL\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-22 19:15:50 . 2010-06-22 19:16:25 -------- d-----w- C:\Program Files\ERUNT
2010-06-22 18:30:18 . 2010-06-22 18:30:18 -------- d-----w- C:\wtwebdriver
2010-06-22 18:30:18 . 2010-06-22 18:30:18 -------- d-----w- C:\wtupdater
2010-06-22 18:30:18 . 2010-06-22 18:30:18 -------- d-----w- C:\WireControl
2010-06-22 18:30:18 . 2010-06-22 18:30:18 -------- d-----w- C:\4.1.1
2010-06-22 18:30:18 . 2004-05-24 20:37:18 159744 ----a-w- C:\rdriver.dll
2010-06-22 18:30:18 . 2004-05-24 20:37:16 167936 ----a-w- C:\jdriver.dll
2010-06-22 18:30:17 . 2010-06-22 19:11:53 -------- d-----w- C:\WINDOWS\wt
2010-06-22 18:30:17 . 2010-06-22 18:30:17 -------- d-----w- C:\webd
2010-06-22 18:30:17 . 2010-06-22 18:30:17 -------- d-----w- C:\DRM
2010-06-22 18:30:17 . 2005-06-13 20:10:20 71 ----a-w- C:\wt3d.dll
2010-06-22 18:30:17 . 2004-02-16 17:47:10 53248 ----a-w- C:\wtvh.dll
2010-06-22 18:30:16 . 2010-06-22 18:30:16 -------- d-----w- C:\Program Files\My.Freeze.com NetAssistant
2010-06-22 17:03:56 . 2010-06-22 17:06:34 -------- dc-h--w- C:\WINDOWS\ie8
2010-06-18 14:00:55 . 2010-06-18 14:00:55 862872 ------w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-06-17 03:23:48 . 2010-04-08 09:50:30 43008 ----a-w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-06-17 03:23:47 . 2010-04-08 09:50:48 1496064 ----a-w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-06-17 03:23:47 . 2010-04-08 09:50:28 338944 ----a-w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-06-17 03:23:47 . 2010-04-08 09:50:08 346112 ----a-w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-15 05:35:08 . 2010-06-16 23:03:56 -------- d-----w- C:\Documents and Settings\Test.OFFICEDELL\Local Settings\Application Data\yuxakpwh
2010-06-08 19:15:15 . 2010-05-06 10:41:48 743424 ------w- C:\WINDOWS\system32\dllcache\iedvtool.dll
2010-05-30 22:17:25 . 2010-06-05 13:00:32 -------- d-----w- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 17:27:37 . 2009-12-23 19:25:18 720 ----a-w- C:\Documents and Settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-06-28 00:12:13 . 2007-07-22 21:32:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-06-27 20:54:33 . 2009-12-11 19:07:01 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-25 01:44:43 . 2006-08-14 19:30:48 -------- d-----w- C:\Program Files\Blue Cross Agent Assistant
2010-06-22 18:17:38 . 2007-06-05 19:24:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 17:24:03 . 2007-06-05 19:24:35 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-06-18 14:01:18 . 2009-01-26 18:24:26 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-06-18 14:01:18 . 2006-08-16 15:57:37 -------- d-----w- C:\Program Files\Yahoo!
2010-06-11 17:28:01 . 2006-08-14 18:40:33 -------- d-----w- C:\Program Files\ACT
2010-06-09 14:55:31 . 2006-08-01 22:22:31 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-06-09 14:43:22 . 2007-08-07 18:10:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-16 17:47:57 . 2010-05-16 17:47:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Suite
2010-05-16 17:47:56 . 2010-05-16 17:47:56 -------- d-----w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\PC Suite
2010-05-16 17:45:52 . 2010-05-16 17:42:33 -------- d-----w- C:\Program Files\Samsung
2010-05-16 17:45:38 . 2010-05-16 17:43:32 -------- d-----w- C:\Program Files\PC Connectivity Solution
2010-05-16 17:45:04 . 2010-05-16 17:45:03 -------- d-----w- C:\Program Files\DIFX
2010-05-16 17:44:42 . 2010-05-16 17:44:42 -------- d-----w- C:\Documents and Settings\Test.OFFICEDELL\Application Data\Samsung
2010-05-16 17:43:38 . 2010-05-16 17:43:38 -------- d-----w- C:\Program Files\MarkAny
2010-05-06 10:41:53 . 2004-08-10 17:51:29 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-05-02 05:22:50 . 2004-08-10 17:51:28 1851264 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-04-29 22:39:38 . 2009-12-11 19:07:04 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39:26 . 2009-12-11 19:07:01 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-20 05:30:08 . 2004-08-10 17:50:54 285696 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-04-09 20:48:18 . 2010-04-09 20:48:18 3600384 ----a-w- C:\WINDOWS\system32\GPhotos.scr
2010-04-03 23:11:34 . 2010-04-03 23:11:34 249856 ------w- C:\WINDOWS\Setup1.exe
2010-04-03 23:11:33 . 2010-04-03 23:11:33 73216 ----a-w- C:\WINDOWS\ST6UNST.EXE
2010-03-31 07:16:34 . 2010-03-31 07:16:34 99176 ----a-w- C:\WINDOWS\system32\PresentationHostProxy.dll
2010-03-31 07:10:40 . 2010-03-31 07:10:40 295264 ----a-w- C:\WINDOWS\system32\PresentationHost.exe
2007-07-10 03:21:08 . 2007-07-10 03:21:22 774144 ----a-w- C:\Program Files\RngInterstitial.dll
2009-12-13 22:25:59 . 2009-12-13 22:26:03 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-10 03:11:02 . 2006-10-17 03:06:49 56 --sh--r- C:\WINDOWS\system32\539204235B.sys
2008-09-23 23:11:01 . 2006-10-25 03:48:59 88 --sh--r- C:\WINDOWS\system32\5B23049253.sys
2008-09-23 23:11:04 . 2006-10-17 03:06:49 4184 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-28_17.04.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-28 17:27:41 . 2010-06-28 17:27:41 16384 C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-11 21:45:21 2349080 ----a-w- C:\Program Files\IObitCom\tbIOb1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "C:\Program Files\IObitCom\tbIOb1.dll" [2010-02-11 21:45:21 2349080]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 08:42:23 495616]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 21:24:28 95536]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 21:54:52 2343120]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 21:32:10 68856]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-05-21 00:48:44 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-02-22 21:24:26 54576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 18:50:30 413696]
"P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe" [2006-06-20 08:00:00 36864]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 08:11:00 24576]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 20:08:47 209153]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-11 22:57:30 122880]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-13 22:25:59 30192]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 18:19:26 207360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-01-28 06:18:33 198160]

C:\Documents and Settings\Test.OFFICEDELL\Start Menu\Programs\Startup\
BACKUP.lnk - C:\Documents and Settings\Test.OFFICEDELL\My Documents\Backup.bat [2007-6-29 943]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=C:\WINDOWS\pss\SideACT!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46:24 57344 ----a-w- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 22:18:30 94208 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42:18 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09:36 460784 ----a-w- C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 08:12:00 94208 ----a-w- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-13 22:25:59 30192 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 15:38:42 241664 ----a-w- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 22:41:44 49152 ----a-w- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 07:21:22 176128 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-04 22:17:06 491520 ----a-w- C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 04:34:44 49152 ----a-w- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 01:46:34 77824 ----a-w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 01:50:30 114688 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 01:49:46 94208 ----a-w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44:02 249856 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44:02 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 09:00:00 98304 ----a-r- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 18:50:30 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-22 21:32:10 68856 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-28 06:18:33 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"gusvc"=2 (0x2)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ACT\\ActUpdt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:*:Disabled:V NC

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\drivers\IABFilt.sys [6/5/2007 12:06:30 PM 25344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [7/20/2009 9:54:17 AM 108289]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [5/16/2010 10:44:58 AM 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [5/16/2010 10:44:58 AM 36608]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [8/13/2009 2:41:24 PM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [7/22/2007 2:32:35 PM 30192]
S3 P1370Aud;Creative WebCam Audio Control;C:\WINDOWS\system32\drivers\P1370Aud.sys [4/26/2009 2:38:45 PM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;C:\WINDOWS\system32\drivers\P1370Aul.sys [4/26/2009 2:38:45 PM 4992]
S3 P1370Vfx;P1370Vfx;C:\WINDOWS\system32\drivers\P1370Vfx.sys [4/26/2009 2:38:46 PM 6272]
S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\drivers\P1370Vid.sys [4/26/2009 2:38:45 PM 297792]
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-22 21:32:08 . 2009-03-22 20:08:29]

2010-06-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-13 21:41:24 . 2009-08-13 21:41:22]

2010-06-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-13 21:41:24 . 2009-08-13 21:41:22]

2010-06-27 C:\WINDOWS\Tasks\SHUTDOWN.job
- C:\Windows\System32\shutdown.exe [2004-08-10 17:51:22 . 2008-04-14 12:42:36]

2010-06-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F5AC97E-73BD-4C93-88A7-7BE1883162B2}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 19:58:32 . 2009-03-08 11:31:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:1055
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: ameritrade.com
FF - ProfilePath - C:\Documents and Settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\
FF - prefs.js: browser.search.selectedengine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://rr.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: C:\Documents and Settings\Test.OFFICEDELL\Application Data\Mozilla\Firefox\Profiles\sxj2yv7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 10:39:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...





And that's the complete log. nothing after scanning hidden processes. Please let me know what to do now. Thanks.

ken545
2010-06-28, 23:40
I see some files on your system that are legit but may be related to your error, I am linked over at WTT, your in good hands with Doug.

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

C:\Documents and Settings\Test.OFFICEDELL\Local Settings\Application Data\yuxakpwh <--Delete this folder





Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

C:\WINDOWS\system32\539204235B.sys
C:\WINDOWS\system32\5B23049253.sys

If the site is busy you can try this one

http://virusscan.jotti.org/en

dvdsforme
2010-06-29, 02:02
First check, second to follow.

File 539204235B.sys received on 2010.06.28 22:58:52 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 58 and 83 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.06.28 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.28 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.29 -
Avast 4.8.1351.0 2010.06.28 -
Avast5 5.0.332.0 2010.06.28 -
AVG 9.0.0.836 2010.06.28 -
BitDefender 7.2 2010.06.29 -
CAT-QuickHeal 10.00 2010.06.28 -
ClamAV 0.96.0.3-git 2010.06.28 -
Comodo 5247 2010.06.28 -
DrWeb 5.0.2.03300 2010.06.29 -
eSafe 7.0.17.0 2010.06.28 -
eTrust-Vet 36.1.7671 2010.06.28 -
F-Prot 4.6.1.107 2010.06.29 -
F-Secure 9.0.15370.0 2010.06.28 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.28 -
Ikarus T3.1.1.84.0 2010.06.28 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.28 -
McAfee 5.400.0.1158 2010.06.29 -
McAfee-GW-Edition 2010.1 2010.06.28 -
Microsoft 1.5902 2010.06.28 -
NOD32 5235 2010.06.28 -
Norman 6.05.10 2010.06.28 -
nProtect 2010-06-28.01 2010.06.28 -
Panda 10.0.2.7 2010.06.28 -
PCTools 7.0.3.5 2010.06.28 -
Prevx 3.0 2010.06.29 -
Rising 22.54.00.04 2010.06.28 -
Sophos 4.54.0 2010.06.28 -
Sunbelt 6518 2010.06.28 -
Symantec 20101.1.0.89 2010.06.28 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.29 -
VBA32 3.12.12.5 2010.06.28 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.28 -
Additional information
File size: 56 bytes
MD5...: 471cb5340e1db5af0bb68c62fc525084
SHA1..: f67ee370115a1d52920bf7c9ac99b34fc2b21539
SHA256: 8bcc9313b27d3d925d9ba30e083c7ccfee004e51e77f336448e66bcc3af34bec
ssdeep: 3:/lbalDJln:5af9
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

dvdsforme
2010-06-29, 02:05
Second file results.

File 5B23049253.sys received on 2010.06.28 23:03:57 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.30 2010.06.22 -
AhnLab-V3 2010.06.22.00 2010.06.22 -
AntiVir 8.2.2.6 2010.06.21 -
Antiy-AVL 2.0.3.7 2010.06.22 -
Authentium 5.2.0.5 2010.06.22 -
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
AVG 9.0.0.787 2010.06.21 -
BitDefender 7.2 2010.06.22 -
CAT-QuickHeal 10.00 2010.06.22 -
ClamAV 0.96.0.3-git 2010.06.22 -
Comodo 5180 2010.06.22 -
DrWeb 5.0.2.03300 2010.06.22 -
eSafe 7.0.17.0 2010.06.20 -
eTrust-Vet 36.1.7657 2010.06.22 -
F-Prot 4.6.1.107 2010.06.21 -
F-Secure 9.0.15370.0 2010.06.22 -
Fortinet 4.1.133.0 2010.06.21 -
GData 21 2010.06.22 -
Ikarus T3.1.1.84.0 2010.06.22 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.22 -
McAfee 5.400.0.1158 2010.06.22 -
McAfee-GW-Edition 2010.1 2010.06.22 -
Microsoft 1.5902 2010.06.22 -
NOD32 5216 2010.06.21 -
Norman 6.05.06 2010.06.21 -
nProtect 2010-06-21.01 2010.06.21 -
Panda 10.0.2.7 2010.06.21 -
PCTools 7.0.3.5 2010.06.22 -
Prevx 3.0 2010.06.29 -
Rising 22.53.01.04 2010.06.22 -
Sophos 4.54.0 2010.06.22 -
Sunbelt 6483 2010.06.21 -
Symantec 20101.1.0.89 2010.06.22 -
TheHacker 6.5.2.0.302 2010.06.22 -
TrendMicro 9.120.0.1004 2010.06.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.22 -
VBA32 3.12.12.5 2010.06.22 -
ViRobot 2010.6.21.3896 2010.06.22 -
VirusBuster 5.0.27.0 2010.06.21 -
Additional information
File size: 88 bytes
MD5...: b3cc528ceee0adb8db1ab6c196b2090a
SHA1..: 5c340951ced0edf8a165fded88e3e83188f99b88
SHA256: 4f0634de759d69709ca3f70f21ca82d0c0d7fee87ab807d01729b4ced4dad24e
ssdeep: 3:hl/L/4:fA
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -

dvdsforme
2010-06-29, 02:06
So what do I do now? Continue here? Continue on the other board? Please let me know.

ken545
2010-06-29, 02:32
Well, how are things running now besides that error ?

dvdsforme
2010-06-29, 05:15
Finally able to update Anti Virus. Still not sure why McAfee was listed because I can't find it anywhere. Here is the results of the Antivirus scan. There was 1 file that could not be opened. Will reboot after this post and reply again with latest results.



Avira AntiVir Personal
Report file date: Monday, June 28, 2010 17:52

Scanning for 2276624 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BARBARA

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/19/2009 18:00:44
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:00:43
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 18:00:18
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 19:05:35
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 18:15:10
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:42:22
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 17:16:35
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 17:14:13
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 17:14:13
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 17:14:13
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 17:14:13
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 17:14:13
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 17:14:14
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 17:14:14
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 17:09:53
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 17:09:57
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 00:50:46
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 00:50:47
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 00:50:50
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 00:50:51
VBASE019.VDF : 7.10.8.195 2048 Bytes 6/27/2010 00:50:51
VBASE020.VDF : 7.10.8.196 2048 Bytes 6/27/2010 00:50:51
VBASE021.VDF : 7.10.8.197 2048 Bytes 6/27/2010 00:50:52
VBASE022.VDF : 7.10.8.198 2048 Bytes 6/27/2010 00:50:52
VBASE023.VDF : 7.10.8.199 2048 Bytes 6/27/2010 00:50:52
VBASE024.VDF : 7.10.8.200 2048 Bytes 6/27/2010 00:50:52
VBASE025.VDF : 7.10.8.201 2048 Bytes 6/27/2010 00:50:52
VBASE026.VDF : 7.10.8.202 2048 Bytes 6/27/2010 00:50:53
VBASE027.VDF : 7.10.8.203 2048 Bytes 6/27/2010 00:50:53
VBASE028.VDF : 7.10.8.204 2048 Bytes 6/27/2010 00:50:53
VBASE029.VDF : 7.10.8.205 2048 Bytes 6/27/2010 00:50:53
VBASE030.VDF : 7.10.8.206 2048 Bytes 6/27/2010 00:50:53
VBASE031.VDF : 7.10.8.211 75776 Bytes 6/28/2010 00:50:54
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/23/2010 17:07:44
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 6/29/2010 00:51:06
AESCN.DLL : 8.1.6.1 127347 Bytes 5/12/2010 17:08:30
AESBX.DLL : 8.1.3.1 254324 Bytes 4/23/2010 17:07:45
AERDL.DLL : 8.1.4.6 541043 Bytes 4/16/2010 17:19:04
AEPACK.DLL : 8.2.2.5 430453 Bytes 6/29/2010 00:51:04
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/12/2010 17:08:29
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/29/2010 00:51:02
AEHELP.DLL : 8.1.11.6 242038 Bytes 6/29/2010 00:50:57
AEGEN.DLL : 8.1.3.12 377204 Bytes 6/29/2010 00:50:56
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/23/2010 17:07:40
AECORE.DLL : 8.1.15.3 192886 Bytes 5/12/2010 17:08:27
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 17:07:39
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 9/8/2009 16:57:11
AVREP.DLL : 8.0.0.7 159784 Bytes 2/17/2010 18:05:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/19/2009 18:00:41

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, June 28, 2010 17:52

Starting search for hidden objects.
'60141' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'NPSAgent.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'PrintScreen.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'GoogleQuickSearchBox.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'StartFX.exe' - '1' Module(s) have been scanned
Scan process 'P1370Mon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.


End of the scan: Monday, June 28, 2010 18:50
Used time: 58:39 Minute(s)

The scan has been done completely.

11454 Scanned directories
327598 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
327597 Files not concerned
5256 Archives were scanned
1 Warnings
1 Notes
60141 Objects were scanned with rootkit scan
0 Hidden objects were found

dvdsforme
2010-06-29, 06:21
Upon reboot, everything seems to be good and much faster.

Any last checks or can we call this a success.

ken545
2010-06-29, 11:19
The only two things I see that I would remove if it was my system is the MyFreeze toolbar and Wild Tangent. MyFreeze modified your browser and Wild Tangent is not recommended. But there not malicious so its your call to keep them or not.

Go ahead and post in the WTT forum and lets see if they can pinpoint that bad pooler errro

dvdsforme
2010-06-30, 00:09
Thanks Ken! You've been a wonderful help.

I haven't received the blue error pages again. Could it have been a function of the garbage that was on my computer in the first place?

ken545
2010-06-30, 00:36
Yep, it may have been. All systems and all infections are different and what one particularly infection does to one system it could do other things to another.

What I would do is to run your computer for a few days and see if the problem comes back, I will keep this thread open for you so let me know and we can dig deeper if need be.

ken545
2010-07-04, 04:17
How are things running now ?

dvdsforme
2010-07-07, 01:38
All looks good. Thank you so much for your help Ken!

ken545
2010-07-07, 01:53
:bigthumb:



ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.





Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.






How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

ken545
2010-07-11, 16:47
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.