used pc is being cyber abused

Status
Not open for further replies.
M

musicalpulltoy

New member
hi .,.
belive i have trojan. pc has been lagging, high cpu and changes arnt there after reboot.
think i attached attach

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 23:35:39 on 2011-08-27
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.487 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sndvol32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028} : NameServer = 68.105.28.11,68.105.28.12,68.105.29.12,192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: QuickDrag:
misc.php
- %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-8-7 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 10880]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application data\datacardservice\DCService.exe [?]
S3 05160F36;05160F36;c:\windows\system32\05160f36.exe --> c:\windows\system32\05160F36.exe [?]
S3 2E8DA83C;2E8DA83C;c:\windows\system32\2e8da83c.exe --> c:\windows\system32\2E8DA83C.exe [?]
S3 3E2BD829;3E2BD829;c:\windows\system32\3e2bd829.exe --> c:\windows\system32\3E2BD829.exe [?]
S3 41035FF2;41035FF2;c:\windows\system32\41035ff2.exe --> c:\windows\system32\41035FF2.exe [?]
S3 5B791910;5B791910;c:\windows\system32\5b791910.exe --> c:\windows\system32\5B791910.exe [?]
S3 5F8775F8;5F8775F8;c:\windows\system32\5f8775f8.exe --> c:\windows\system32\5F8775F8.exe [?]
S3 620D6D84;620D6D84;c:\windows\system32\620d6d84.exe --> c:\windows\system32\620D6D84.exe [?]
S3 6D2F9437;6D2F9437;c:\windows\system32\6d2f9437.exe --> c:\windows\system32\6D2F9437.exe [?]
S3 76C3328F;76C3328F;c:\windows\system32\76c3328f.exe --> c:\windows\system32\76C3328F.exe [?]
S3 855A1F17;855A1F17;c:\windows\system32\855a1f17.exe --> c:\windows\system32\855A1F17.exe [?]
S3 EAE0BB30;EAE0BB30;c:\windows\system32\eae0bb30.exe --> c:\windows\system32\EAE0BB30.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2011-08-28 00:33:55 -------- d-sha-r- C:\cmdcons
2011-08-28 00:27:21 98816 ----a-w- c:\windows\sed.exe
2011-08-28 00:27:21 518144 ----a-w- c:\windows\SWREG.exe
2011-08-28 00:27:21 256000 ----a-w- c:\windows\PEV.exe
2011-08-28 00:27:21 208896 ----a-w- c:\windows\MBR.exe
2011-08-28 00:26:55 -------- d-----w- C:\ComboFix
2011-08-27 23:32:40 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08:07 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18:21 -------- d-----w- C:\New Folder
2011-08-27 06:26:04 -------- d-----w- c:\documents and settings\dad\local settings\application data\IM
2011-08-27 06:24:29 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail
2011-08-27 06:24:29 -------- d-----w- c:\documents and settings\all users\application data\IM
2011-08-27 01:13:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 01:13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-18 15:46:30 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-18 15:27:04 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-08-18 15:27:00 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-08-18 15:27:00 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-08-07 08:24:55 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-08-07 08:24:55 -------- d-----w- c:\windows\system32\ZoneLabs
2011-08-07 08:24:52 -------- d-----w- c:\program files\Zone Labs
2011-08-07 04:03:52 -------- d-----w- c:\documents and settings\dad\local settings\application data\Sun
2011-08-04 15:34:49 -------- d-----w- c:\windows\ERUNT
2011-08-04 15:10:30 -------- d-----w- C:\SDFix
2011-08-03 03:48:15 -------- d-----w- c:\documents and settings\all users\application data\SystemExplorer
2011-08-03 03:48:03 -------- d-----w- c:\program files\System Explorer
2011-07-31 08:17:32 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-07-31 08:17:32 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-07-31 08:17:26 10880 ----a-w- c:\windows\system32\drivers\scsiscan.sys
2011-07-31 08:17:26 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 08:17:18 13312 ----a-w- c:\windows\system32\hpsjmcro.dll
2011-07-31 08:17:18 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2011-07-31 08:16:42 114944 ----a-w- c:\windows\system32\drivers\epstw2k.sys
2011-07-31 08:16:42 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-07-30 06:32:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-30 06:32:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 06:30:42 -------- d-----w- C:\OEMSettings
2011-07-29 22:11:58 -------- d-----w- C:\OEMSettings(2)
.
==================== Find3M ====================
.
2011-08-27 02:25:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45:27 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-09 13:27:59 991232 ----a-w- c:\windows\system32\SET27.tmp
.
============= FINISH: 23:39:00.67 ===============

oh,
spybot found nothing

avg popped up with c:/combofix/handle.3xe and system32/drivers/procxp.sys

superantispyware nothing 1 tracking

registry has "cannot open ypubc.blockerctrl: error while opening key" and more.
 
Last edited by a moderator:
Hi musicalpulltoy, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

I see you have ran Combofix. This is a very powerful tool and should not be used without supervision. Please post the log, it can be found at C:\combofix.txt

Thanks
 
hi oldman
heres combo log.
i attempt to fix problems before asking help so i can learn too.
this is a used pc and has or has remnants of removed programs.
other fixes ive tryed before posting here are rapport, tdskiller, rkill, vudofix, sdfix and malwerabytes.
have logs.
windows update did a malichous software update and afew things have changed for the better.
thank you



ComboFix 11-08-27.01 - DAD 08/27/2011 17:36:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.594 [GMT -7:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\14F
c:\documents and settings\All Users\Application Data\14F\{2865B1AB-2168-437C-87A8-ED20F24FBE12}.swf
c:\documents and settings\DAD\Application Data\PriceGong
c:\documents and settings\DAD\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\DAD\WINDOWS
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003698_.tmp.dll
c:\windows\system32\_003699_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003712_.tmp.dll
c:\windows\system32\_003713_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003721_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003734_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003749_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003976_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003978_.tmp.dll
c:\windows\system32\_003979_.tmp.dll
c:\windows\system32\_003986_.tmp.dll
c:\windows\system32\_003987_.tmp.dll
c:\windows\system32\_003988_.tmp.dll
c:\windows\system32\_003990_.tmp.dll
c:\windows\system32\_003991_.tmp.dll
c:\windows\system32\_003994_.tmp.dll
c:\windows\system32\_003995_.tmp.dll
c:\windows\system32\_003997_.tmp.dll
c:\windows\system32\_003998_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004001_.tmp.dll
c:\windows\system32\_004004_.tmp.dll
c:\windows\system32\_004005_.tmp.dll
c:\windows\system32\_004009_.tmp.dll
c:\windows\system32\_004010_.tmp.dll
c:\windows\system32\_004012_.tmp.dll
c:\windows\system32\_004015_.tmp.dll
c:\windows\system32\_004017_.tmp.dll
c:\windows\system32\_004018_.tmp.dll
c:\windows\system32\_004019_.tmp.dll
c:\windows\system32\_004020_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004024_.tmp.dll
c:\windows\system32\_004025_.tmp.dll
c:\windows\system32\_004026_.tmp.dll
c:\windows\system32\_004027_.tmp.dll
c:\windows\system32\_004032_.tmp.dll
c:\windows\system32\_004034_.tmp.dll
c:\windows\system32\_004061_.tmp.dll
c:\windows\system32\_004062_.tmp.dll
c:\windows\system32\_004063_.tmp.dll
c:\windows\system32\_004064_.tmp.dll
c:\windows\system32\_004069_.tmp.dll
c:\windows\system32\_004070_.tmp.dll
c:\windows\system32\_004071_.tmp.dll
c:\windows\system32\_004072_.tmp.dll
c:\windows\system32\_004073_.tmp.dll
c:\windows\system32\_004074_.tmp.dll
c:\windows\system32\_004075_.tmp.dll
c:\windows\system32\_004076_.tmp.dll
c:\windows\system32\_004077_.tmp.dll
c:\windows\system32\_004078_.tmp.dll
c:\windows\system32\_004079_.tmp.dll
c:\windows\system32\_004080_.tmp.dll
c:\windows\system32\_004081_.tmp.dll
c:\windows\system32\_004082_.tmp.dll
c:\windows\system32\_004083_.tmp.dll
c:\windows\system32\_004084_.tmp.dll
c:\windows\system32\_004085_.tmp.dll
c:\windows\system32\_004086_.tmp.dll
c:\windows\system32\_004087_.tmp.dll
c:\windows\system32\_004089_.tmp.dll
c:\windows\system32\_004090_.tmp.dll
c:\windows\system32\_004092_.tmp.dll
c:\windows\system32\_004093_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\_004095_.tmp.dll
c:\windows\system32\_004096_.tmp.dll
c:\windows\system32\_004097_.tmp.dll
c:\windows\system32\_004099_.tmp.dll
c:\windows\system32\_004100_.tmp.dll
c:\windows\system32\_004101_.tmp.dll
c:\windows\system32\_004102_.tmp.dll
c:\windows\system32\_004103_.tmp.dll
c:\windows\system32\_004104_.tmp.dll
c:\windows\system32\_004105_.tmp.dll
c:\windows\system32\_004108_.tmp.dll
c:\windows\system32\_004109_.tmp.dll
c:\windows\system32\_004110_.tmp.dll
c:\windows\system32\_004111_.tmp.dll
c:\windows\system32\_004112_.tmp.dll
c:\windows\system32\_004113_.tmp.dll
c:\windows\system32\_004114_.tmp.dll
c:\windows\system32\_004116_.tmp.dll
c:\windows\system32\_004117_.tmp.dll
c:\windows\system32\_004118_.tmp.dll
c:\windows\system32\_004119_.tmp.dll
c:\windows\system32\_004120_.tmp.dll
c:\windows\system32\_004121_.tmp.dll
c:\windows\system32\_004122_.tmp.dll
c:\windows\system32\_004123_.tmp.dll
c:\windows\system32\_004124_.tmp.dll
c:\windows\system32\_004125_.tmp.dll
c:\windows\system32\_004126_.tmp.dll
c:\windows\system32\_004127_.tmp.dll
c:\windows\system32\_004129_.tmp.dll
c:\windows\system32\_004130_.tmp.dll
c:\windows\system32\_004131_.tmp.dll
c:\windows\system32\_004132_.tmp.dll
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004134_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004136_.tmp.dll
c:\windows\system32\_004137_.tmp.dll
c:\windows\system32\_004138_.tmp.dll
c:\windows\system32\_004139_.tmp.dll
c:\windows\system32\_004140_.tmp.dll
c:\windows\system32\_004141_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004143_.tmp.dll
c:\windows\system32\_004144_.tmp.dll
c:\windows\system32\_004145_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004147_.tmp.dll
c:\windows\system32\_004148_.tmp.dll
c:\windows\system32\_004149_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004153_.tmp.dll
c:\windows\system32\_004154_.tmp.dll
c:\windows\system32\_004155_.tmp.dll
c:\windows\system32\_004156_.tmp.dll
c:\windows\system32\_004157_.tmp.dll
c:\windows\system32\_004158_.tmp.dll
c:\windows\system32\_004159_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004161_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004164_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004167_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004169_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004171_.tmp.dll
c:\windows\system32\_004172_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004174_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004177_.tmp.dll
c:\windows\system32\_004178_.tmp.dll
c:\windows\system32\_004179_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004184_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004186_.tmp.dll
c:\windows\system32\_004187_.tmp.dll
c:\windows\system32\_004188_.tmp.dll
c:\windows\system32\_004189_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004191_.tmp.dll
c:\windows\system32\_004192_.tmp.dll
c:\windows\system32\_004193_.tmp.dll
c:\windows\system32\_004194_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004272_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004286_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004297_.tmp.dll
c:\windows\system32\bszip.dll
c:\windows\system32\comct332.ocx
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\ctfmon(4).exe
c:\windows\system32\ctfmon(5).exe
c:\windows\system32\ctfmon(6).exe
c:\windows\system32\tmp.reg
c:\windows\system32\usp10(2).dll
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-27 23:32 . 2005-08-18 07:00 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08 . 2011-08-27 23:08 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18 . 2011-08-27 07:18 -------- d-----w- C:\New Folder
2011-08-27 06:26 . 2011-08-27 06:36 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2011-08-27 01:13 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13 . 2011-08-27 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 01:13 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 15:47 . 2011-08-18 15:47 -------- d-----w- c:\program files\Common Files\Java
2011-08-18 15:46 . 2011-08-18 15:45 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-18 15:41 . 2011-08-18 15:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Sun
2011-08-18 15:27 . 2010-10-27 06:09 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-08-18 15:27 . 2010-10-27 06:10 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-08-18 15:27 . 2010-10-27 06:10 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-08-07 08:25 . 2011-03-18 08:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-08-07 08:25 . 2011-03-18 08:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-08-07 08:24 . 2011-08-07 08:26 -------- d-----w- c:\windows\system32\ZoneLabs
2011-08-07 08:24 . 2011-03-18 08:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-08-07 08:24 . 2011-08-07 08:24 -------- d-----w- c:\program files\Zone Labs
2011-08-07 04:03 . 2011-08-07 04:03 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Sun
2011-08-06 18:25 . 2011-08-06 18:25 -------- d-----w- c:\documents and settings\Administrator.DJJXF091\Application Data\SUPERAntiSpyware.com
2011-08-06 16:53 . 2011-08-06 16:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-06 16:40 . 2011-08-06 16:40 -------- d-----w- c:\documents and settings\Administrator\tdsskiller
2011-08-04 15:34 . 2011-08-04 15:35 -------- d-----w- c:\windows\ERUNT
2011-08-04 15:10 . 2011-08-04 15:56 -------- d-----w- C:\SDFix
2011-08-03 03:48 . 2011-08-03 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemExplorer
2011-08-03 03:48 . 2011-08-06 18:17 -------- d-----w- c:\program files\System Explorer
2011-07-31 08:17 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-07-31 08:17 . 2001-08-17 20:53 10880 ----a-w- c:\windows\system32\drivers\scsiscan.sys
2011-07-31 08:17 . 2001-08-17 20:53 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 08:17 . 2001-08-18 05:36 13312 ----a-w- c:\windows\system32\hpsjmcro.dll
2011-07-31 08:17 . 2001-08-18 05:36 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2011-07-31 08:16 . 2001-08-17 20:50 114944 ----a-w- c:\windows\system32\drivers\epstw2k.sys
2011-07-31 08:16 . 2001-08-17 20:50 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-07-30 06:32 . 2011-07-30 06:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 06:30 . 2011-07-30 06:30 -------- d-----w- C:\OEMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 02:25 . 2011-05-18 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45 . 2011-04-02 08:38 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-09 13:27 . 2011-07-09 13:27 991232 ----a-w- c:\windows\system32\SET27.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-03 05:02 136176 ----atw- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 15:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-15 04:03 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 15:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-02-28 23:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 20:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TridTray"=TridTray.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\DAD\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [7/31/2011 1:16 AM 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/31/2011 1:17 AM 10880]
S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe --> c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [?]
S3 05160F36;05160F36;c:\windows\system32\05160F36.exe --> c:\windows\system32\05160F36.exe [?]
S3 2E8DA83C;2E8DA83C;c:\windows\system32\2E8DA83C.exe --> c:\windows\system32\2E8DA83C.exe [?]
S3 3E2BD829;3E2BD829;c:\windows\system32\3E2BD829.exe --> c:\windows\system32\3E2BD829.exe [?]
S3 41035FF2;41035FF2;c:\windows\system32\41035FF2.exe --> c:\windows\system32\41035FF2.exe [?]
S3 5B791910;5B791910;c:\windows\system32\5B791910.exe --> c:\windows\system32\5B791910.exe [?]
S3 5F8775F8;5F8775F8;c:\windows\system32\5F8775F8.exe --> c:\windows\system32\5F8775F8.exe [?]
S3 620D6D84;620D6D84;c:\windows\system32\620D6D84.exe --> c:\windows\system32\620D6D84.exe [?]
S3 6D2F9437;6D2F9437;c:\windows\system32\6D2F9437.exe --> c:\windows\system32\6D2F9437.exe [?]
S3 76C3328F;76C3328F;c:\windows\system32\76C3328F.exe --> c:\windows\system32\76C3328F.exe [?]
S3 855A1F17;855A1F17;c:\windows\system32\855A1F17.exe --> c:\windows\system32\855A1F17.exe [?]
S3 EAE0BB30;EAE0BB30;c:\windows\system32\EAE0BB30.exe --> c:\windows\system32\EAE0BB30.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [12/23/2005 8:30 PM 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/14/2009 7:03 PM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/14/2009 7:03 PM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/14/2009 7:03 PM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/14/2009 7:03 PM 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/3/2011 1:49 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/3/2011 1:49 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/3/2011 1:49 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/3/2011 1:49 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/3/2011 1:49 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/3/2011 1:49 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/3/2011 1:49 PM 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [4/12/2011 8:07 AM 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [4/12/2011 11:07 AM 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/3/2011 2:20 PM 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 11:51 AM 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [4/30/2011 11:53 AM 150872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028}: NameServer = 68.105.28.11,68.105.28.12,68.105.29.12,192.168.1.1
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
------- File Associations -------
.
.scr=REG_SZ
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
MSConfigStartUp-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
MSConfigStartUp-itype - c:\program files\Microsoft IntelliType Pro\itype.exe
MSConfigStartUp-UIUCU - c:\docume~1\DAD\LOCALS~1\Temp\UIUCU.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-27 19:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1396)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\netdde.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-08-27 19:16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-28 02:16
.
Pre-Run: 11,649,097,728 bytes free
Post-Run: 11,950,448,640 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1905A50444F124777850574833014468
 
forgot.
iexplorer would not stoped playing flash files and couldnt upate with latest.
also, incredimail decided to install itsself a few days ago.
uninstalled it and it tried again.
then when opened browser after uninstall they went to incredimail page 1 more time.
 
TYPO

forgot.
iexplorer stoped playing flash files and couldnt upate with latest.
also, incredimail decided to install itsself a few days ago.
uninstalled it and it tried again.
then when opened browser after uninstall they went to incredimail page 1 more time.
 
Hi musicalpulltoy,

Looks like you ran several tools so I'll have to play catchup. Please poost the SDFix log it can be found at C:\SDFix and will be named Report.txt.

I also need the MBAM log. Please open MBAM and click on the logs tab. Click on the log you want and click open. Please post the contents of the notepad that opens.

To reset the FireFox home page
  • At the top of FireFox click the Tools button
  • Click Options
  • Click the General button
  • In the Startup box, click the Restore to Default button
  • Click Ok
Close Firefox, reopen it. It should no longer open to IncrediMail.

Download aswMBR.exe to your desktop.

*If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files"

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png


There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
  • SDFix log
  • MBAM log
  • aswMbr log
  • mbr.dat (attached)
Thanks
 
greetings
heres those logs.
had a blue screen on reboot, before aswmbr scan, mutiple_irp_complete_request


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-31 22:46:32
-----------------------------
22:46:32.796 OS Version: Windows 5.1.2600 Service Pack 2
22:46:32.796 Number of processors: 1 586 0x401
22:46:32.796 ComputerName: DJJXF091 UserName: DAD
22:46:35.750 Initialize success
22:47:01.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:47:01.984 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
22:47:01.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:47:02.000 Disk 1 Vendor: ST3250824A 3.AAE Size: 238475MB BusType: 3
22:47:02.015 Disk 0 MBR read successfully
22:47:02.015 Disk 0 MBR scan
22:47:02.015 Disk 0 unknown MBR code
22:47:02.031 Disk 0 scanning sectors +78108030
22:47:02.156 Disk 0 scanning C:\WINDOWS\system32\drivers
22:47:29.015 Service scanning
22:47:34.531 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
22:47:35.109 Modules scanning
22:48:06.843 Disk 0 trace - called modules:
22:48:06.875 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
22:48:06.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a75a1f0]
22:48:06.875 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a7c8d98]
22:48:06.875 Scan finished successfully
22:49:26.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DAD\Desktop\MBR.dat"
22:49:26.687 The log file has been saved successfully to "C:\Documents and Settings\DAD\Desktop\aswMBR.txt"


SDFix: Version 1.240
Run by Administrator on Thu 08/04/2011 at 08:39 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\patch.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 08:49:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011"
"C:\\Program Files\\AVG\\AVG10\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG10\\avgnsx.exe:*:Enabled:Online Shield"
"C:\\Program Files\\AVG\\AVG10\\avgemcx.exe"="C:\\Program Files\\AVG\\AVG10\\avgemcx.exe:*:Enabled:Personal E-mail Scanner"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 13 Jun 2006 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Nov 2009 1,168,216 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 7 Apr 2006 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 25 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 2 Apr 2011 151,104 ..SHR --- "C:\Program Files\BillP Studios\Task Catcher\Setup.exe"
Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.2\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.2\uinstrsc.dll"
Sun 31 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 21 Apr 2011 4,481,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\BIT19F.tmp"
Wed 14 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 14 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Wed 14 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 23 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7315

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/29/2011 3:30:22 AM
mbam-log-2011-07-29 (03-30-22).txt

Scan type: Quick scan
Objects scanned: 192035
Time elapsed: 50 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hi musicalpulltoy,

I really must opolgize for the delay and not being able to work on this. Wife was in an accident (nothing serious), dealing with the various parties took until now. I'm off to work shorty so I will not be able to post until tommorrow. I will post as soon as I get home.

Thanks for understanding.
 
Hi musicalpulltoy,

Please locate the copy of combofix you currently have on your desktop. Right click it and select delete.

Download a new copy of ComboFix from one of these locations and save it to your desktop:

Link 1
Link 2

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
File::
c:\windows\system32\SET27.tmp

driver::
05160F36
2E8DA83C
3E2BD829
41035FF2
5B791910
5F8775F8
620D6D84
6D2F9437
76C3328F
855A1F17
EAE0BB30

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post back with the combofix log.

How is the computer?

Thanks
 
hope your wifey ok
things seem ok.
winpatrol poped up with keep or change host file when combofix was almost dopne. i chose change. right??





ComboFix 11-09-02.04 - DAD 09/02/2011 18:12:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.619 [GMT -7:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DAD\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\system32\SET27.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_05160F36
-------\Legacy_2E8DA83C
-------\Legacy_3E2BD829
-------\Legacy_41035FF2
-------\Legacy_5B791910
-------\Legacy_5F8775F8
-------\Legacy_620D6D84
-------\Legacy_6D2F9437
-------\Legacy_76C3328F
-------\Legacy_855A1F17
-------\Legacy_EAE0BB30
-------\Service_05160F36
-------\Service_2E8DA83C
-------\Service_3E2BD829
-------\Service_41035FF2
-------\Service_5B791910
-------\Service_5F8775F8
-------\Service_620D6D84
-------\Service_6D2F9437
-------\Service_76C3328F
-------\Service_855A1F17
-------\Service_EAE0BB30
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-08-31 02:57 . 2011-08-31 02:57 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Dell
2011-08-31 00:19 . 2011-08-31 00:19 -------- d-----w- c:\program files\Lame For Audacity
2011-08-29 15:32 . 2011-08-29 15:32 -------- d-----w- c:\program files\Safer Networking
2011-08-27 23:32 . 2005-08-18 07:00 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08 . 2011-08-27 23:08 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18 . 2011-08-27 07:18 -------- d-----w- C:\New Folder
2011-08-27 06:26 . 2011-08-27 06:36 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2011-08-27 01:13 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13 . 2011-08-27 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 01:13 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 15:47 . 2011-08-18 15:47 -------- d-----w- c:\program files\Common Files\Java
2011-08-18 15:46 . 2011-08-18 15:45 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-18 15:41 . 2011-08-18 15:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Sun
2011-08-18 15:27 . 2010-10-27 06:09 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-08-18 15:27 . 2010-10-27 06:10 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-08-18 15:27 . 2010-10-27 06:10 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-08-07 08:25 . 2011-03-18 08:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-08-07 08:25 . 2011-03-18 08:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-08-07 08:24 . 2011-08-07 08:26 -------- d-----w- c:\windows\system32\ZoneLabs
2011-08-07 08:24 . 2011-03-18 08:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-08-07 08:24 . 2011-08-07 08:24 -------- d-----w- c:\program files\Zone Labs
2011-08-07 04:03 . 2011-08-07 04:03 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Sun
2011-08-06 18:25 . 2011-08-06 18:25 -------- d-----w- c:\documents and settings\Administrator.DJJXF091\Application Data\SUPERAntiSpyware.com
2011-08-06 16:53 . 2011-08-06 16:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-06 16:40 . 2011-08-06 16:40 -------- d-----w- c:\documents and settings\Administrator\tdsskiller
2011-08-04 15:34 . 2011-08-04 15:35 -------- d-----w- c:\windows\ERUNT
2011-08-04 15:10 . 2011-08-04 15:56 -------- d-----w- C:\SDFix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 02:25 . 2011-05-18 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45 . 2011-04-02 08:38 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-09 13:27 . 2011-07-09 13:27 991232 ----a-w- c:\windows\system32\SET27.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_02.03.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-03 02:04 . 2011-09-03 02:04 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2011-09-03 02:03 . 2011-09-03 02:03 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2011-09-01 14:48 . 2011-09-01 14:48 16384 c:\windows\Temp\Perflib_Perfdata_368.dat
+ 2011-09-03 02:04 . 2011-09-03 02:04 16384 c:\windows\Media\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_5e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-03 05:02 136176 ----atw- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 15:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-15 04:03 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 15:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-02-28 23:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 20:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TridTray"=TridTray.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [7/31/2011 1:16 AM 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/31/2011 1:17 AM 10880]
S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe --> c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [12/23/2005 8:30 PM 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/14/2009 7:03 PM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/14/2009 7:03 PM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/14/2009 7:03 PM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/14/2009 7:03 PM 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/3/2011 1:49 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/3/2011 1:49 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/3/2011 1:49 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/3/2011 1:49 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/3/2011 1:49 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/3/2011 1:49 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/3/2011 1:49 PM 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [4/12/2011 8:07 AM 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [4/12/2011 11:07 AM 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/3/2011 2:20 PM 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 11:51 AM 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [4/30/2011 11:53 AM 150872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028}: NameServer = 192.168.1.1,68.105.28.11,68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 19:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1388)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-09-02 19:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 02:19
ComboFix2.txt 2011-08-28 02:16
.
Pre-Run: 12,449,607,680 bytes free
Post-Run: 12,425,535,488 bytes free
.
- - End Of File - - 15D136CEB9788A7E1B46F04408815753
 
Hi musicalpulltoy,

Wife's fine, car so-so. Thanks for asking.

Things are looking better.

winpatrol poped up with keep or change host file when combofix was almost dopne. i chose change. right??
Click to expand...
That would have been combofix restting the Hosts file so you made the correct choice. :bigthumb:


One more scan to check for stragglers.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.

Thanks
 
the poor car :(
eek, theres a bug still


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:27:46
# local_time=2011-08-05 09:27:46 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695383 57695383 0 0
# compatibility_mode=1032 16777189 100 96 0 54898058 0 0
# compatibility_mode=3073 16777213 80 75 0 3864752 0 0
# compatibility_mode=8192 67108863 100 0 8844948 8844948 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:37:59
# local_time=2011-08-05 09:37:59 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695996 57695996 0 0
# compatibility_mode=1032 16777189 100 96 0 54898671 0 0
# compatibility_mode=3073 16777213 80 75 0 3865365 0 0
# compatibility_mode=8192 67108863 100 0 8845561 8845561 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 08:14:43
# local_time=2011-08-05 01:14:43 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57699660 57699660 0 0
# compatibility_mode=1032 16777189 100 96 0 54902335 0 0
# compatibility_mode=3073 16777213 80 75 0 3869029 0 0
# compatibility_mode=8192 67108863 100 0 8849225 8849225 0 0
# scanned=84663
# found=2
# cleaned=2
# scan_time=9363
C:\Documents and Settings\DAD\Desktop\sdsdSDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-04 06:22:14
# local_time=2011-09-04 11:22:14 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 60284175 60284175 0 0
# compatibility_mode=1032 16777189 100 96 0 57486850 0 0
# compatibility_mode=8192 67108863 100 0 11433740 11433740 0 0
# compatibility_mode=9217 16777214 75 70 0 13793770 0 0
# scanned=87571
# found=1
# cleaned=0
# scan_time=10101
E:\My Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
 
Hi musicalpulltoy,

That detection by Eset is of a registry cleaner. Research shows that Eset is the only AV that finds a problem with it. Further research shows this program may be "greyware". Having said that registry cleaners are not needed nor recommended for Windows. They have very little if no impact at all on a computer's preformance. They can also be dangerous if used incorrectly.

Some information can be found HERE, HERE and HERE

It doesn't appear to be installed so we will remove the setup files and do a bit of clean up.

Download OTL to your desktop.

Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:Files
E:\My Downloads\DriverReviverSetup.exe
c:\windows\system32\SET27.tmp

:Commands
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Any remaining issues?

Thanks
 
hiya
like i tryd, but typod, the previous owner had lots of bad programs on here.
running tasks has dropped by ten. yay



All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
E:\My Downloads\DriverReviverSetup.exe moved successfully.
c:\windows\system32\SET27.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Administrator.DJJXF091
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56845 bytes

User: All Users

User: DAD
->Temp folder emptied: 133890 bytes
->Temporary Internet Files folder emptied: 1032950 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 196810828 bytes
->Google Chrome cache emptied: 6166450 bytes
->Apple Safari cache emptied: 58548224 bytes
->Flash cache emptied: 1976 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 12659133 bytes
%systemroot%\System32 .tmp files removed: 717289828 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17717 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 31442396 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 977.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 09052011_002431

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\DAD\Local Settings\Temp\IswTmp\Logs\FFApi.swl not found!
File\Folder C:\Documents and Settings\DAD\Local Settings\Temp\~DF32C4.tmp not found!
C:\Documents and Settings\DAD\Local Settings\Temp\~DF62A5.tmp moved successfully.
File\Folder C:\Documents and Settings\DAD\Local Settings\Temp\~DF7367.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01da7.TMP not found!

Registry entries deleted on Reboot...
 
Hi musicalpulltoy,

Your logs look ok. If there aren't any problems we'll clean up the tools.

From your desktop, please delete, if present
  • any notepads/logs that we created
  • MBR.zip
  • aswMBR.exe

You can also delete the following bolded folders
  • c:\documents and settings\Administrator\tdsskiller
  • C:\SDFix


Next

Click the Start button, click Run. [Vista users, go Start>"Start search"] Copy and paste the following line into the run box and click OK
Combofix /uninstall



Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.

ESET online scan can be removed via add/remove programs.


Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.4.4 first. Be sure to move any PDF documents to another folder first though.

Some Recommendations and prevention tips


Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those.

You use Spybot to install a Custom Hosts file.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- You are currently missing a very important Windows update, Service Pack3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.


- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System


- Keep your antivirus program updated, as well as any other security programs you have.


- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

Please post back if you have any problems.

Take care
 
Hi musicalpulltoy,

Has this always been a problem on this computer?

What about playing CDs?
 
Last edited:
hi.
files or cd do the same media player or quicktime and flash.
theres a intermittent stutter.
sometimes out of the blue but usually when another event happens (open/close program etc).
reloaded drivers and changed settings to no avail.
 
Status
Not open for further replies.
Back
Top